Overview

overview

10

Static

static

1

ORDER#7367...67.exe

windows7-x64

8

ORDER#7367...67.exe

windows10-2004-x64

10

Tanagridae.ps1

windows7-x64

3

Tanagridae.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-11-2024 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Tanagridae.ps1

  • Size

    54KB

  • MD5

    5cdf5b58154999b80a32463e8a0f0c22

  • SHA1

    03b1039573b18a3b4041b976b35116bbadf9975b

  • SHA256

    a288fd3f4f312e6764564eea8fe56bdd1abcbfc4c995e2c2c5d0d784bc8f08da

  • SHA512

    4ee3143f95ea7e412e4aa686d6b7da42af52203551f9bec46f252cba19f6ff030a3c3fd2170ae7f7fe6ebac8163df6a226a113106d57b6b090b507b8110808c9

  • SSDEEP

    1536:x9BV78dYnBxVubZS2L3GIlxh/ORzQmpoqGHs:x1wiXVu11l67oqGM

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Tanagridae.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1896
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4044
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3284
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4976
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3124
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4452
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1656
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4348
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4680
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3080
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3444
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4244
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3416
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:264
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3464
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4584
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2760
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4484
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1768
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:396
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3436
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2568
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2300
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1952
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4116
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:4036
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:2636
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:916
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:2600
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:2244
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:2120
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:2832
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3968
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:3900
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:1716
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3144
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4304
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:1988
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4872
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:1272
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4580
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:2704
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:220
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3060
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:2396
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:5076
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:844
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:4008
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4380
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4152
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:1988
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:1080
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:5016
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:372
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:1156
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:3792
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:4324
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:1648
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:3492
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:2284
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:2932
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:4080
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:832
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:5072
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3056
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:4980
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:400
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:5036
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:2184
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4348
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:3416
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3308
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:3768
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:1980
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:2716
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:4164
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:4968
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:1984
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:4008
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:1648
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:372
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:4900
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:4980
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:4032
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:4368
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:2600
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                              1⤵
                                                                                                                                PID:1768
                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                explorer.exe
                                                                                                                                1⤵
                                                                                                                                  PID:4060

                                                                                                                                Network

                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                Replay Monitor

                                                                                                                                Loading Replay Monitor...

                                                                                                                                Downloads

                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                                  Filesize

                                                                                                                                  471B

                                                                                                                                  MD5

                                                                                                                                  be9e8d8924121c12f831ce40c1b386ac

                                                                                                                                  SHA1

                                                                                                                                  406c46f2b991b85091e349b2484ced5834f6cc9a

                                                                                                                                  SHA256

                                                                                                                                  d861c6ae663fd62a02264ace01246b293be07eaac463b139a2cbb77866138daa

                                                                                                                                  SHA512

                                                                                                                                  6eb20990d8cbc361f5f33114b82d18ebd52ad9abfdc1ef4d12cacac62e91f728f1d0bf1df476868abe0be2cdd454f7423ffbca4e39603dcc01e0400e562ecd67

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                                  Filesize

                                                                                                                                  412B

                                                                                                                                  MD5

                                                                                                                                  fb9abc9e38a42c08574ec424a7e859ed

                                                                                                                                  SHA1

                                                                                                                                  b1f3c90ba8f66a17091d46229fead481a30c2bbd

                                                                                                                                  SHA256

                                                                                                                                  de79e28246483fde367fc5227cc83871a0508f5f8ad88713400aa7e9b821a6a0

                                                                                                                                  SHA512

                                                                                                                                  c1e0806872383174cd9df87e4975d948c9e6668c7354058f23a8fd18cc9da2a64a27c076171834ccecd81c274affeb0a4fd28ac34d257d6a2d81f0f30ddd74af

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                  Filesize

                                                                                                                                  2KB

                                                                                                                                  MD5

                                                                                                                                  343eb5fc3fda8c55d9a43fbd9402e380

                                                                                                                                  SHA1

                                                                                                                                  d233f37db49cf5894e62deef9a2d58fb91a1201a

                                                                                                                                  SHA256

                                                                                                                                  127f5b759e68827530b282c6f5e998012bd10b05ff17b1f03d2cb8307789c80a

                                                                                                                                  SHA512

                                                                                                                                  bf75cb457537ce0cb380dcf8c55e9f2e711cc94fe44380a4fece8f7c3caffb59e79f98728f53540c6b3f6de623d670787230ab78120ffbb16e6e43d11c106e7c

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                                                                                  Filesize

                                                                                                                                  36KB

                                                                                                                                  MD5

                                                                                                                                  0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                                  SHA1

                                                                                                                                  92495421ad887f27f53784c470884802797025ad

                                                                                                                                  SHA256

                                                                                                                                  0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                                  SHA512

                                                                                                                                  61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer
                                                                                                                                  Filesize

                                                                                                                                  36KB

                                                                                                                                  MD5

                                                                                                                                  ab0262f72142aab53d5402e6d0cb5d24

                                                                                                                                  SHA1

                                                                                                                                  eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                                                  SHA256

                                                                                                                                  20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                                                  SHA512

                                                                                                                                  bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1QK7O5FT\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  d999f65105ba511b9a85c92595366aa5

                                                                                                                                  SHA1

                                                                                                                                  acd1800ccb77d1ed5bf43fd29c05fbcdd9d14adb

                                                                                                                                  SHA256

                                                                                                                                  626774fae7cf7de253841c4d2244fa2a50cc4a5abf5cb2d2006afd836412ba5a

                                                                                                                                  SHA512

                                                                                                                                  c793a44c17918e30348fe2b836bfbcf0edacb4f76b99f6dc6a67d8047cfbd2079645a853500e9520b202883f8cce2433690406edf47b08cf334272df6c4c60f9

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0p4uxtug.qqj.ps1
                                                                                                                                  Filesize

                                                                                                                                  60B

                                                                                                                                  MD5

                                                                                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                  SHA1

                                                                                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                  SHA256

                                                                                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                  SHA512

                                                                                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                  Download Submit

                                                                                                                                • memory/916-1223-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/1656-183-0x00000000041E0000-0x00000000041E1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/1768-784-0x00000000047F0000-0x00000000047F1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/1896-20-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/1896-12-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/1896-18-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/1896-16-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/1896-15-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/1896-13-0x000001E4AC990000-0x000001E4AC9BA000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  168KB

                                                                                                                                  Download

                                                                                                                                • memory/1896-0-0x00007FF9CFB53000-0x00007FF9CFB55000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  8KB

                                                                                                                                  Download

                                                                                                                                • memory/1896-19-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/1896-1-0x000001E4AC4A0000-0x000001E4AC4C2000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  136KB

                                                                                                                                  Download

                                                                                                                                • memory/1896-14-0x000001E4AC990000-0x000001E4AC9B4000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  144KB

                                                                                                                                  Download

                                                                                                                                • memory/1896-11-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/1952-934-0x0000029F5EB70000-0x0000029F5EB90000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1952-929-0x0000029F5DC20000-0x0000029F5DD20000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/1952-947-0x0000029F5EB30000-0x0000029F5EB50000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1952-965-0x0000029F5F140000-0x0000029F5F160000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2120-1376-0x0000000004430000-0x0000000004431000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/2244-1238-0x000002052F270000-0x000002052F290000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2244-1230-0x000002052F2B0000-0x000002052F2D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2244-1248-0x000002052F880000-0x000002052F8A0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2244-1226-0x000002052E350000-0x000002052E450000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/2244-1225-0x000002052E350000-0x000002052E450000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/2244-1227-0x000002052E350000-0x000002052E450000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/2568-926-0x0000000004930000-0x0000000004931000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/2636-1091-0x000001A5611D0000-0x000001A5611F0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2636-1076-0x000001A560600000-0x000001A560700000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/2636-1081-0x000001A561520000-0x000001A561540000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2636-1101-0x000001A561AE0000-0x000001A561B00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3080-337-0x0000000004AF0000-0x0000000004AF1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/3416-488-0x0000000004050000-0x0000000004051000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/3436-822-0x0000019C23F00000-0x0000019C23F20000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3436-798-0x0000019C235E0000-0x0000019C23600000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3436-785-0x0000019C227C0000-0x0000019C228C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/3436-790-0x0000019C23920000-0x0000019C23940000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3436-786-0x0000019C227C0000-0x0000019C228C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/3436-787-0x0000019C227C0000-0x0000019C228C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/3464-505-0x000001B2497D0000-0x000001B2497F0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3464-495-0x000001B249A20000-0x000001B249A40000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3464-490-0x000001B248900000-0x000001B248A00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/3464-516-0x000001B249DE0000-0x000001B249E00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3464-492-0x000001B248900000-0x000001B248A00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/3968-1379-0x0000023FACD70000-0x0000023FACE70000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4116-1075-0x00000000041F0000-0x00000000041F1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4244-366-0x000001F5754B0000-0x000001F5754D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4244-338-0x000001F574000000-0x000001F574100000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4244-355-0x000001F574DA0000-0x000001F574DC0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4244-343-0x000001F574DE0000-0x000001F574E00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4244-339-0x000001F574000000-0x000001F574100000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4452-30-0x0000020569300000-0x0000020569400000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4452-35-0x000002056A1E0000-0x000002056A200000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4452-45-0x000002056A1A0000-0x000002056A1C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4452-57-0x000002056A8B0000-0x000002056A8D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4484-652-0x00000173459B0000-0x00000173459D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4484-664-0x00000173460C0000-0x00000173460E0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4484-637-0x0000016B43C00000-0x0000016B43D00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4484-641-0x0000017345D00000-0x0000017345D20000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4484-638-0x0000016B43C00000-0x0000016B43D00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4584-634-0x00000000040C0000-0x00000000040C1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4680-190-0x0000027448DD0000-0x0000027448DF0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4680-198-0x0000027448D90000-0x0000027448DB0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4680-208-0x00000274491A0000-0x00000274491C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4680-187-0x0000027447D00000-0x0000027447E00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4680-185-0x0000027447D00000-0x0000027447E00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4976-29-0x0000000002E90000-0x0000000002E91000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download