Overview

overview

10

Static

static

1

eeb19ccec8...95.exe

windows7-x64

8

eeb19ccec8...95.exe

windows10-2004-x64

10

Citicorp.ps1

windows7-x64

3

Citicorp.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    69s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-11-2024 04:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Citicorp.ps1

  • Size

    52KB

  • MD5

    50a86de35927f45ce009f37494068b0d

  • SHA1

    880c888d5e156d7080395c964614872fe42ac89d

  • SHA256

    ff7d67d9d4613f0716febf78a0e813953862c77bb5f084eebf881ac02809984b

  • SHA512

    230f60733ee595111e91b0bb9c99a5a4c72b5ebfb1b77ff544b5aadeff5179fccfcd473fa8caa290798d6558f753663d21f966a6db9b2193d15e81adef6159d6

  • SSDEEP

    1536:CouBFNxtHIbsZOUwUKo0gwGXjnhDvWZHK1y22IE:MxiGS1o0LGTnhDvUayx

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 15 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 30 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 27 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Citicorp.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:440
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4928
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4792
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1600
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:644
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3720
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of SendNotifyMessage
    PID:1408
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2296
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1724
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of SendNotifyMessage
    PID:3676
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3844
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3616
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3568
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3444
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4260
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:1720
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1012
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1140
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4448
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3908
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:3708
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4968
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:692
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3504
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2748
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1960
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4024
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:2760
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3480
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3456
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3660
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:836
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1248
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:1292
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:884
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:216
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4464
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4024
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2364
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:1724
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4212
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:1096
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4620
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
      PID:2016
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:4224
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:1104
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:3388
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:3912
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:1864
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:2308
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:668
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:5100
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:3832
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:2308
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:5092
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:3928
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:2980
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:4260
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:1600
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:3472
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:3388
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:1248
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:3900
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:2252
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:2024
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:2948
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:3164
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:2660
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4820
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:760
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:2312
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:744
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:440
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:5000
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:3732
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:2624
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:4004
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:180
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:4116
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:1128
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:2112
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:2980
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:4332
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:4536
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:1688
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:3128
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:3604
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:3448
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:1236
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:2116
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:1716
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:4000

                                                                                                    Network

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                      Filesize

                                                                                                      471B

                                                                                                      MD5

                                                                                                      af973696cc4cef7b1d15a8a90563c1b4

                                                                                                      SHA1

                                                                                                      ea412dc846ddc6a0db9a34df86fb72a4358caab9

                                                                                                      SHA256

                                                                                                      88cb5aa511c064cd3e074bda010876c372066a07950b93f6ec445b4561585c06

                                                                                                      SHA512

                                                                                                      771d8c0226e5747d107e8bac5c7145c89775bb13765859cd2725d36c8fb869930593eb847690b94c05095bed3d2e46c11e8e172dc3b41083d76bebd8fcc7c793

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                      Filesize

                                                                                                      412B

                                                                                                      MD5

                                                                                                      42e301fe69c58a64aaf7add4e1f69dcd

                                                                                                      SHA1

                                                                                                      b529e1b0716308483be5fa9621e51e7579541bab

                                                                                                      SHA256

                                                                                                      9a3144a5e1e6dc1848df52fb2f7773b3d1b4cf2f14f0cc5ed2eb4b936f9aedfa

                                                                                                      SHA512

                                                                                                      6357a25b79f9419bfa42d294b8e9c37f5221cf246322f95801c674cf9e4fdcf8bbb8d9038a1f596e8c1d1e3acb00fccdf1d2d51dc2834d81d79084f1619ec552

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      a9d73acb8c254c1560ca1c46c54b8fc3

                                                                                                      SHA1

                                                                                                      12b3afd859236ba3f42b6fe4841a54714a3c57c0

                                                                                                      SHA256

                                                                                                      407e76a5867586ce7a7456b216b49cf45f3fbe3c858e3b436be6535f9dd90041

                                                                                                      SHA512

                                                                                                      3d22165acadf1cba66d36fb925077f6670eca4da6987bc8e17e7a685c0490ab9792a21a0c9b00e2e4ec8c24228ebeab8560904d46ac1733cf8ff3b851429b194

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                                                      Filesize

                                                                                                      36KB

                                                                                                      MD5

                                                                                                      0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                      SHA1

                                                                                                      92495421ad887f27f53784c470884802797025ad

                                                                                                      SHA256

                                                                                                      0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                      SHA512

                                                                                                      61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2C1DWAXK\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      e348d00fe7b19d8e8f6efc5cd8f3be59

                                                                                                      SHA1

                                                                                                      de85b87da07da2e4b4215ef312d318f1b329ca6e

                                                                                                      SHA256

                                                                                                      4ee26da36e3b7d5c9f14f2ed8d6c75c10434acec949dc6e550f176b9acb84dd7

                                                                                                      SHA512

                                                                                                      a0a9a671e08cb35904098426cf1b50a11d6a0c7be57f684f9808f5c953ac2732dd1f090c3d12260870056a1ee5f9097ad9872715c798fba196d7212a536afcbe

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wutlwiyk.mbp.ps1
                                                                                                      Filesize

                                                                                                      60B

                                                                                                      MD5

                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                      SHA1

                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                      SHA256

                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                      SHA512

                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                      Download Submit

                                                                                                    • memory/216-1525-0x000001C3923E0000-0x000001C392400000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/216-1520-0x000001C391800000-0x000001C391900000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/216-1548-0x000001C392CC0000-0x000001C392CE0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/216-1537-0x000001C3923A0000-0x000001C3923C0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/216-1521-0x000001C391800000-0x000001C391900000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/216-1522-0x000001C391800000-0x000001C391900000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/440-13-0x00000207AE3E0000-0x00000207AE40A000-memory.dmp

                                                                                                      Filesize

                                                                                                      168KB

                                                                                                      Download

                                                                                                    • memory/440-20-0x00007FFD857F0000-0x00007FFD862B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/440-19-0x00007FFD857F0000-0x00007FFD862B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/440-18-0x00007FFD857F0000-0x00007FFD862B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/440-16-0x00007FFD857F0000-0x00007FFD862B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/440-15-0x00007FFD857F0000-0x00007FFD862B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/440-14-0x00000207AE3E0000-0x00000207AE404000-memory.dmp

                                                                                                      Filesize

                                                                                                      144KB

                                                                                                      Download

                                                                                                    • memory/440-0-0x00007FFD857F3000-0x00007FFD857F5000-memory.dmp

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      Download

                                                                                                    • memory/440-12-0x00007FFD857F0000-0x00007FFD862B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/440-11-0x00007FFD857F0000-0x00007FFD862B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/440-1-0x00000207AD870000-0x00000207AD892000-memory.dmp

                                                                                                      Filesize

                                                                                                      136KB

                                                                                                      Download

                                                                                                    • memory/1140-670-0x0000022CAC340000-0x0000022CAC360000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1140-634-0x0000022CAAE20000-0x0000022CAAF20000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1140-635-0x0000022CAAE20000-0x0000022CAAF20000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1140-633-0x0000022CAAE20000-0x0000022CAAF20000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1140-639-0x0000022CABF70000-0x0000022CABF90000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1140-650-0x0000022CABF30000-0x0000022CABF50000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1248-1377-0x0000024DECA40000-0x0000024DECA60000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1248-1387-0x0000024DECA00000-0x0000024DECA20000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1248-1399-0x0000024DECE00000-0x0000024DECE20000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1248-1374-0x0000024DEB700000-0x0000024DEB800000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1248-1373-0x0000024DEB700000-0x0000024DEB800000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1292-1518-0x00000000043B0000-0x00000000043B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/1408-179-0x0000000004220000-0x0000000004221000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/1600-28-0x00000000047D0000-0x00000000047D1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/1720-631-0x0000000004B90000-0x0000000004B91000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/1724-182-0x0000021BD6C00000-0x0000021BD6D00000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1724-207-0x0000021BD8060000-0x0000021BD8080000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1724-186-0x0000021BD7A90000-0x0000021BD7AB0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1724-195-0x0000021BD7A50000-0x0000021BD7A70000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/2364-1677-0x000001D750660000-0x000001D750680000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/2748-1081-0x0000000001400000-0x0000000001401000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/2760-1226-0x0000000004A40000-0x0000000004A41000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3456-1233-0x000001FF45560000-0x000001FF45580000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3456-1247-0x000001FF45520000-0x000001FF45540000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3456-1261-0x000001FF45930000-0x000001FF45950000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3504-967-0x000001F2535D0000-0x000001F2535F0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3504-946-0x000001F2531C0000-0x000001F2531E0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3504-936-0x000001F253200000-0x000001F253220000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3568-479-0x0000000004290000-0x0000000004291000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3616-336-0x00000219CC1E0000-0x00000219CC200000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3616-352-0x00000219CC1A0000-0x00000219CC1C0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3616-366-0x00000219CC5B0000-0x00000219CC5D0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3660-1371-0x0000000004520000-0x0000000004521000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3676-328-0x0000000004C00000-0x0000000004C01000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3708-805-0x0000026A1C500000-0x0000026A1C520000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3708-783-0x0000026A1BF30000-0x0000026A1BF50000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3708-793-0x0000026A1BEF0000-0x0000026A1BF10000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3720-66-0x00000219CCA30000-0x00000219CCA50000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3720-30-0x00000219CB620000-0x00000219CB720000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/3720-35-0x00000219CC660000-0x00000219CC680000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3720-44-0x00000219CC620000-0x00000219CC640000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3720-31-0x00000219CB620000-0x00000219CB720000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/4024-1097-0x000002B67EF30000-0x000002B67EF50000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4024-1088-0x000002B67EF70000-0x000002B67EF90000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4024-1118-0x000002B67F340000-0x000002B67F360000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4260-482-0x000002417C000000-0x000002417C100000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/4260-486-0x000002417D140000-0x000002417D160000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4260-495-0x000002417D100000-0x000002417D120000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4260-481-0x000002417C000000-0x000002417C100000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/4260-507-0x000002417D510000-0x000002417D530000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4448-776-0x00000000049C0000-0x00000000049C1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4464-1671-0x00000000049C0000-0x00000000049C1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4968-928-0x0000000004A60000-0x0000000004A61000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download