Overview

overview

10

Static

static

3

d47cf218c7...80.exe

windows7-x64

8

d47cf218c7...80.exe

windows10-2004-x64

10

Analytiske.ps1

windows7-x64

3

Analytiske.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    74s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-11-2024 03:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Analytiske.ps1

  • Size

    52KB

  • MD5

    64473712892d67203242c7904c6ffd81

  • SHA1

    72d869d49607487d0ae85da693aacc42709339e2

  • SHA256

    9c845196deca4a4738d5bee70cc2169f1dbec420b7d340b5d40642a41287a9a6

  • SHA512

    0c8ad907a17bda49371ebca2c4d390347c99c48c13c10c245691113aa087b3ea65fb0811ea623dcd4257f3cc0eca1615ce40d5e2b1cda623356a84e9c18b0383

  • SSDEEP

    1536:/5kp6eLO4rqfz/CetjrxBy9IiNS0DDMWOSq1+:yp61Dbaan8BDDMr31+

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 15 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 30 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 27 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Analytiske.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2540
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2876
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2108
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3496
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3632
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:588
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of SendNotifyMessage
    PID:2088
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:2124
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3992
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:4752
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3644
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:452
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:4828
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1420
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4444
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3364
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3592
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3848
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:3560
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1800
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2068
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1264
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3664
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3348
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:4732
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3716
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3684
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:872
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2408
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3776
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:1500
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4444
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2140
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3780
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3652
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:116
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1516
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3248
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4964
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:2260
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1440
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3808
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:432
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1048
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:1912
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:3640
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4016
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:2876
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:3420
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:1332
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4324
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:5052
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4496
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3980
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3540
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4376
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2848
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:952
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:2644
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1680
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:5068
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3888
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4888
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:3624
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:448
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:3416
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4236
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:764
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:4320
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:1912
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:4240
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:4448
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:2448
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:2088
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:2516
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4220
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:5052
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:1352
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:2496
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:4808
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:4080
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:2236
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3696
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:4532
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:2992
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:3160
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4288
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4476
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4680
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:1620

                                                                                                Network

                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                  Filesize

                                                                                                  471B

                                                                                                  MD5

                                                                                                  be9e8d8924121c12f831ce40c1b386ac

                                                                                                  SHA1

                                                                                                  406c46f2b991b85091e349b2484ced5834f6cc9a

                                                                                                  SHA256

                                                                                                  d861c6ae663fd62a02264ace01246b293be07eaac463b139a2cbb77866138daa

                                                                                                  SHA512

                                                                                                  6eb20990d8cbc361f5f33114b82d18ebd52ad9abfdc1ef4d12cacac62e91f728f1d0bf1df476868abe0be2cdd454f7423ffbca4e39603dcc01e0400e562ecd67

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                  Filesize

                                                                                                  412B

                                                                                                  MD5

                                                                                                  8884df7afff357b4c0ddcbe7ec4adcdb

                                                                                                  SHA1

                                                                                                  f26bd2aa823f476b419bc828481aab98c4381e7c

                                                                                                  SHA256

                                                                                                  805b642b77c955a16310da9918d2a48c1e09d06722f0c2aa2dd16ed31c4c12d4

                                                                                                  SHA512

                                                                                                  d0f1b83f737c0e342c2a837b24bd458899b803063a656c940ff888b2178f0b14307aaf494c3352ee8fa3adc8691777deb019a4643c4efc30de555714c0601190

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  419d7a76136ca0c85842b9de22473af8

                                                                                                  SHA1

                                                                                                  a6a9fe9ed55e59e8fcbd32291eb850ba55523cc0

                                                                                                  SHA256

                                                                                                  2ba985b48d2cfd6ede6b258567aa2423f9226842476a08493ff2f44a8b4bbb6e

                                                                                                  SHA512

                                                                                                  8b7bc146e07010c87afe750bd02bf30bcf29dda444d41ea11f30e11ed4728db4c722f4de2f457a358cfbfd53360a20851c71d4a03ba947304adb342f1beeb9dc

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help
                                                                                                  Filesize

                                                                                                  36KB

                                                                                                  MD5

                                                                                                  8aaad0f4eb7d3c65f81c6e6b496ba889

                                                                                                  SHA1

                                                                                                  231237a501b9433c292991e4ec200b25c1589050

                                                                                                  SHA256

                                                                                                  813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

                                                                                                  SHA512

                                                                                                  1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_osk_exe
                                                                                                  Filesize

                                                                                                  36KB

                                                                                                  MD5

                                                                                                  f6a5ffe5754175d3603c3a77dcfeca6b

                                                                                                  SHA1

                                                                                                  dacd500aeef9dd69b87feae7521899040e7df1d9

                                                                                                  SHA256

                                                                                                  fab3529f4a4df98271fa2f6a7860a28fdc30215144b7eefbaf6d424a2847d035

                                                                                                  SHA512

                                                                                                  66ec46041f1fe20203cda7a4d68b61d2e5bcdd09a36ee8171efa53fe92a9e6e023c5a254a4c43c110a99749829d7b99613f8d13dfb4c42656097cb8d224a531e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\M6JCG2RK\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  96B

                                                                                                  MD5

                                                                                                  732a32ad072ef786d816a4f85b1b6bea

                                                                                                  SHA1

                                                                                                  fe1945717c160ac3266f291564a003c044d409b0

                                                                                                  SHA256

                                                                                                  7dd2262373fcd6ebe2ed2c6e66242c85b1434c3fe23ca92ba41ae328ce8b941e

                                                                                                  SHA512

                                                                                                  55b57d5bf942f20a3557f20adeebb4c01cde4aec9d7a4fa8bfe6281fe0981773d8ce637fdbd1dc64f25abe72d75fad2a6538fadc86483ede9fdc5b59c0d36b79

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zncwm3t1.txh.ps1
                                                                                                  Filesize

                                                                                                  60B

                                                                                                  MD5

                                                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                                                  SHA1

                                                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                  SHA256

                                                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                  SHA512

                                                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                  Download Submit

                                                                                                • memory/116-1510-0x000001D3D4700000-0x000001D3D4800000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/452-334-0x000001DC56C00000-0x000001DC56D00000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/452-345-0x000001DC579E0000-0x000001DC57A00000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/452-337-0x000001DC57D20000-0x000001DC57D40000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/452-357-0x000001DC580F0000-0x000001DC58110000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/588-60-0x0000026B6B630000-0x0000026B6B650000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/588-30-0x0000026B6A300000-0x0000026B6A400000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/588-35-0x0000026B6B260000-0x0000026B6B280000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/588-47-0x0000026B6B220000-0x0000026B6B240000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/872-1217-0x00000000043A0000-0x00000000043A1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/1264-922-0x0000000004B40000-0x0000000004B41000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/1500-1368-0x0000000004C00000-0x0000000004C01000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/2068-781-0x000002C68F780000-0x000002C68F7A0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2068-776-0x000002C68E620000-0x000002C68E720000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/2068-803-0x000002C68FB50000-0x000002C68FB70000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2068-791-0x000002C68F740000-0x000002C68F760000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2088-179-0x0000000004620000-0x0000000004621000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/2140-1387-0x000001E5E6270000-0x000001E5E6290000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2140-1398-0x000001E5E6880000-0x000001E5E68A0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2140-1376-0x000001E5E62B0000-0x000001E5E62D0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2540-12-0x00007FFA73F00000-0x00007FFA749C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2540-15-0x00007FFA73F00000-0x00007FFA749C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2540-14-0x000001E76FC30000-0x000001E76FC54000-memory.dmp

                                                                                                  Filesize

                                                                                                  144KB

                                                                                                  Download

                                                                                                • memory/2540-13-0x000001E76FC30000-0x000001E76FC5A000-memory.dmp

                                                                                                  Filesize

                                                                                                  168KB

                                                                                                  Download

                                                                                                • memory/2540-17-0x00007FFA73F00000-0x00007FFA749C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2540-11-0x00007FFA73F00000-0x00007FFA749C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2540-0-0x00007FFA73F03000-0x00007FFA73F05000-memory.dmp

                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  Download

                                                                                                • memory/2540-1-0x000001E76E980000-0x000001E76E9A2000-memory.dmp

                                                                                                  Filesize

                                                                                                  136KB

                                                                                                  Download

                                                                                                • memory/2540-18-0x00007FFA73F00000-0x00007FFA749C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2540-19-0x00007FFA73F00000-0x00007FFA749C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2540-20-0x00007FFA73F00000-0x00007FFA749C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/3348-929-0x00000294E2920000-0x00000294E2940000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3348-924-0x00000294E1A00000-0x00000294E1B00000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/3348-961-0x00000294E2F00000-0x00000294E2F20000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3348-941-0x00000294E28E0000-0x00000294E2900000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3348-925-0x00000294E1A00000-0x00000294E1B00000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/3364-627-0x0000000004210000-0x0000000004211000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3496-29-0x0000000004B20000-0x0000000004B21000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3560-774-0x0000000004120000-0x0000000004121000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3684-1075-0x0000023FB8200000-0x0000023FB8300000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/3684-1110-0x0000023FB9660000-0x0000023FB9680000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3684-1092-0x0000023FB9050000-0x0000023FB9070000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3684-1074-0x0000023FB8200000-0x0000023FB8300000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/3684-1073-0x0000023FB8200000-0x0000023FB8300000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/3684-1078-0x0000023FB9090000-0x0000023FB90B0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3776-1224-0x00000240C3BD0000-0x00000240C3BF0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3776-1255-0x00000240C3FA0000-0x00000240C3FC0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3776-1236-0x00000240C3B90000-0x00000240C3BB0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3780-1507-0x0000000004390000-0x0000000004391000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3848-633-0x000001D5C0F00000-0x000001D5C0F20000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3848-628-0x000001D5BFE00000-0x000001D5BFF00000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/3848-655-0x000001D5C12C0000-0x000001D5C12E0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3848-642-0x000001D5C0BB0000-0x000001D5C0BD0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3848-629-0x000001D5BFE00000-0x000001D5BFF00000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/3848-630-0x000001D5BFE00000-0x000001D5BFF00000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/3992-181-0x000002B250040000-0x000002B250140000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/3992-207-0x000002B251570000-0x000002B251590000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3992-182-0x000002B250040000-0x000002B250140000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/3992-186-0x000002B2511A0000-0x000002B2511C0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3992-196-0x000002B251160000-0x000002B251180000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4444-517-0x000002422C360000-0x000002422C380000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4444-480-0x000002422AE40000-0x000002422AF40000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/4444-485-0x000002422BF90000-0x000002422BFB0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4444-516-0x000002422BF50000-0x000002422BF70000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4732-1071-0x0000000004170000-0x0000000004171000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/4752-330-0x0000000004730000-0x0000000004731000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/4828-478-0x0000000003F00000-0x0000000003F01000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download