Overview

overview

10

Static

static

3

Order88983...DF.exe

windows7-x64

8

Order88983...DF.exe

windows10-2004-x64

10

Evighedskalenders.url

windows7-x64

1

Evighedskalenders.url

windows10-2004-x64

1

Trttes.ps1

windows7-x64

3

Trttes.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    73s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-11-2024 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trttes.ps1

  • Size

    49KB

  • MD5

    7e324ee649b79b8d21cc35127546dc6f

  • SHA1

    852fdc7255cff49666a79a8f1b196340679360bb

  • SHA256

    ff5d64b1291d7f4d4f9274beb4a0f9bb49870cd80134a8b5392913154449b1fb

  • SHA512

    df3d449df9c2e7a5258256ee5dfec849e3d5a4953674e203217e59fc2ad12fd2b44443031b1749f73e1d7051536e1db7a87bcc82a0c2cd151d17ce05422089f1

  • SSDEEP

    768:llG7WqfCgl77rSbS6gD6cl9540oemcgtt0pyhFQzEaK1mHIZGX/SwjlZBqEH:LRqR77GzgD6M40oQgHHQzEx1mdX/SwV

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 16 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 32 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 25 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Trttes.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3492
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4816
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4568
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2068
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3512
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3976
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5040
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5056
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2836
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3568
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4376
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:760
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3056
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4796
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4220
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4076
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5104
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:2352
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2336
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2244
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5080
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1092
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:4980
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3748
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2436
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:3344
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2112
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2732
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4280
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3680
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:4156
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:2076
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3056
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2408
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2820
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:1860
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3084
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4364
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4752
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2124
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3580
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4116
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1168
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:4184
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:1256
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:3760
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:4016
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:5068
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3644
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:3364
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:1068
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:632
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:5008
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:2732
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:2208
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:1440
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:3204
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:5000
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:4756
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:4764
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:3464
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:1664
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:3504
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:4360
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:4316
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:1080
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:528
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:4612
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:4472
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:4816
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:3672
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:3580
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3060
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:3708
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:4128
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:1668
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:1560
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:888
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3084
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:4228
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:3984
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3272
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:4924
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:1572
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:552
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:4816
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:688
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:2112

                                                                                              Network

                                                                                              MITRE ATT&CK Enterprise v15

                                                                                              Replay Monitor

                                                                                              Loading Replay Monitor...

                                                                                              Downloads

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                Filesize

                                                                                                471B

                                                                                                MD5

                                                                                                83571b73771359002d59ebc9befdae55

                                                                                                SHA1

                                                                                                404e41179a9105449ea6480ded696bc9ad777ad1

                                                                                                SHA256

                                                                                                aa50c1f284bd799c71c9dcf44e376edf56118526f7b8d386efa3a3a302741dd3

                                                                                                SHA512

                                                                                                8fe5ecb1acd3de4086fd46c8918a046684c4b95e8ecf37ee2b0f7e081f5973698c093e8e11bfd24e4757e51b8a9d3cea46140c0453a6323e781e8e7c0b37568c

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                Filesize

                                                                                                412B

                                                                                                MD5

                                                                                                396fe1be7998a56fac4b7f6eafe5a5f9

                                                                                                SHA1

                                                                                                6fe7fa853797cad99d2b2e1f914615c3c44e4587

                                                                                                SHA256

                                                                                                4ba4272c65ebd6f37edf56dda363c5b57e45c95098c08d7729da045a8e4ad858

                                                                                                SHA512

                                                                                                f879a39f02fc76195b79cb99bfdb31a509f5ee3d7da223d0cbec8afa98ce0ce4f03553a7e3585eea7674c6e977710ca59931db60d9dd55d226bda1dcbbf7c626

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                Filesize

                                                                                                2KB

                                                                                                MD5

                                                                                                9be7e56e0aa70112472585877f12cc3d

                                                                                                SHA1

                                                                                                3434ab8cbc7872ad91a24509d43994426e85a95b

                                                                                                SHA256

                                                                                                61071a146aae22d5323b1dce6b109914dbff68e8c8b3ee1bddab84bcb0c170f0

                                                                                                SHA512

                                                                                                d665206ae8934a9eff33cb8bf9f01d7b59ce684e0ee29db86bb2c4dbee4b0b2fc27c375d6b0db45818b653d7b7b8ea3f604c952e8c57d04d03bf764747e0eedb

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                                                Filesize

                                                                                                36KB

                                                                                                MD5

                                                                                                0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                SHA1

                                                                                                92495421ad887f27f53784c470884802797025ad

                                                                                                SHA256

                                                                                                0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                SHA512

                                                                                                61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer
                                                                                                Filesize

                                                                                                36KB

                                                                                                MD5

                                                                                                ab0262f72142aab53d5402e6d0cb5d24

                                                                                                SHA1

                                                                                                eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                SHA256

                                                                                                20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                SHA512

                                                                                                bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\80AM9X7C\microsoft.windows[1].xml
                                                                                                Filesize

                                                                                                96B

                                                                                                MD5

                                                                                                c839a1973d3feaead377ea2dad131fe6

                                                                                                SHA1

                                                                                                252758616792b9b2f10bc460c84b1c1eba75ea04

                                                                                                SHA256

                                                                                                efecd8d483398a6cb569af17e66cb0ba1ca4b9c65f4a697fc7642cc007fc3ccd

                                                                                                SHA512

                                                                                                fee6ca3d2ae272b0f1f291e98830215f2ac138747651be78325ab7c1ba3f01f72cbfed4c886853caba45f16c59c78543a87a5f872b2c1f85bffa3a4e11bf50e1

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s1tutgxh.qyh.ps1
                                                                                                Filesize

                                                                                                60B

                                                                                                MD5

                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                SHA1

                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                SHA256

                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                SHA512

                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                Download Submit

                                                                                              • memory/760-323-0x00000000049C0000-0x00000000049C1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/1168-1624-0x00000000047D0000-0x00000000047D1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/1256-1627-0x000002A1C1900000-0x000002A1C1A00000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/1256-1626-0x000002A1C1900000-0x000002A1C1A00000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/2076-1187-0x00000000047D0000-0x00000000047D1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/2124-1485-0x0000018490980000-0x00000184909A0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2124-1494-0x0000018490940000-0x0000018490960000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2124-1507-0x0000018490D50000-0x0000018490D70000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2244-644-0x000001FA40D00000-0x000001FA40D20000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2244-626-0x000001FA406F0000-0x000001FA40710000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2244-612-0x000001FA40730000-0x000001FA40750000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2244-609-0x000001FA3F800000-0x000001FA3F900000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/2352-606-0x0000000004DB0000-0x0000000004DB1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/2408-1190-0x00000284A4C00000-0x00000284A4D00000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/2408-1191-0x00000284A4C00000-0x00000284A4D00000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/2408-1189-0x00000284A4C00000-0x00000284A4D00000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/2408-1194-0x00000284A5B00000-0x00000284A5B20000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2408-1206-0x00000284A5AC0000-0x00000284A5AE0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2408-1218-0x00000284A60E0000-0x00000284A6100000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2820-1333-0x0000000004A80000-0x0000000004A81000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/2836-177-0x0000000003F60000-0x0000000003F61000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/3084-1351-0x000001F6F57E0000-0x000001F6F5800000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/3084-1363-0x000001F6F5DF0000-0x000001F6F5E10000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/3084-1340-0x000001F6F5A20000-0x000001F6F5A40000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/3344-909-0x0000019C056D0000-0x0000019C056F0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/3344-905-0x0000019C04900000-0x0000019C04A00000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/3344-925-0x0000019C05690000-0x0000019C056B0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/3344-938-0x0000019C05CA0000-0x0000019C05CC0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/3344-904-0x0000019C04900000-0x0000019C04A00000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/3492-18-0x00007FFC7EB30000-0x00007FFC7F5F1000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/3492-0-0x00007FFC7EB33000-0x00007FFC7EB35000-memory.dmp

                                                                                                Filesize

                                                                                                8KB

                                                                                                Download

                                                                                              • memory/3492-15-0x000001EAE0DE0000-0x000001EAE0E04000-memory.dmp

                                                                                                Filesize

                                                                                                144KB

                                                                                                Download

                                                                                              • memory/3492-16-0x00007FFC7EB30000-0x00007FFC7F5F1000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/3492-14-0x000001EAE0DE0000-0x000001EAE0E0A000-memory.dmp

                                                                                                Filesize

                                                                                                168KB

                                                                                                Download

                                                                                              • memory/3492-19-0x00007FFC7EB30000-0x00007FFC7F5F1000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/3492-20-0x00007FFC7EB30000-0x00007FFC7F5F1000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/3492-10-0x000001EAC8410000-0x000001EAC8432000-memory.dmp

                                                                                                Filesize

                                                                                                136KB

                                                                                                Download

                                                                                              • memory/3492-11-0x00007FFC7EB30000-0x00007FFC7F5F1000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/3492-12-0x00007FFC7EB30000-0x00007FFC7F5F1000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/3492-13-0x00007FFC7EB30000-0x00007FFC7F5F1000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/3748-902-0x0000000004190000-0x0000000004191000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/3976-30-0x0000000004110000-0x0000000004111000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4156-1058-0x00000206B8900000-0x00000206B8920000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4156-1077-0x00000206B8EE0000-0x00000206B8F00000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4156-1066-0x00000206B88C0000-0x00000206B88E0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4220-466-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4280-1050-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4364-1478-0x00000000045E0000-0x00000000045E1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4376-194-0x0000017FF5E50000-0x0000017FF5E70000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4376-184-0x0000017FF5E90000-0x0000017FF5EB0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4376-206-0x0000017FF6460000-0x0000017FF6480000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4796-340-0x000001FBA1E30000-0x000001FBA1E50000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4796-349-0x000001FBA2240000-0x000001FBA2260000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4796-330-0x000001FBA1E70000-0x000001FBA1E90000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4796-327-0x000001FBA0D20000-0x000001FBA0E20000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4796-326-0x000001FBA0D20000-0x000001FBA0E20000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4980-765-0x0000021F535B0000-0x0000021F535D0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4980-790-0x0000021F53570000-0x0000021F53590000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4980-796-0x0000021F53980000-0x0000021F539A0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5056-53-0x000001C1D7DA0000-0x000001C1D7DC0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5056-65-0x000001C1D81B0000-0x000001C1D81D0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5056-31-0x000001C1D6DA0000-0x000001C1D6EA0000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/5056-32-0x000001C1D6DA0000-0x000001C1D6EA0000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/5056-36-0x000001C1D7DE0000-0x000001C1D7E00000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5080-757-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/5104-505-0x000001D84C340000-0x000001D84C360000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5104-473-0x000001D84BF70000-0x000001D84BF90000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5104-481-0x000001D84BF30000-0x000001D84BF50000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5104-469-0x000001D049E20000-0x000001D049F20000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/5104-468-0x000001D049E20000-0x000001D049F20000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download