Overview

overview

10

Static

static

3

Order88983...DF.exe

windows7-x64

8

Order88983...DF.exe

windows10-2004-x64

10

Formaalsbe...rs.ps1

windows7-x64

3

Formaalsbe...rs.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-11-2024 06:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Formaalsbestemmelsens/Omraadenummers.ps1

  • Size

    52KB

  • MD5

    d6f8f522a812d7fe69126e347b3d9ca2

  • SHA1

    3b2f8aa331cb4b435dd736b9ae1ed8ee6a5f1a28

  • SHA256

    224fc25fabc123f64dcd7b8343ccdcf3398b0735c9c4604c6cdc6e2f4e270721

  • SHA512

    7ec46b8c274c1a86e04ec72fb34c6081a5f47c6e1ddb5aeb2a69ea3fd70b7ee01c69842310bc11a84f6d1abb4cda1b13c0fdd4c9a47fda09ca7d819f2c6e278c

  • SSDEEP

    1536:aSYMsWFDKzJv6bkzrRfOfNqHG3Nbt49lKSY5g2z3S:aSaW8tvBGFqHG3Nby9lKbS2zC

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Formaalsbestemmelsens\Omraadenummers.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2728
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2792
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2824
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4976
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1432
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4828
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4364
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:720
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2724
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3724
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3800
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:808
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3632
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:560
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3012
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4024
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1844
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:404
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3516
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2360
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:720
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4560
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5092
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1084
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2800
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:404
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:2172
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:1568
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:4032
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:4804
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:4748
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:4328
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:1948
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4816
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:3556
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:1180
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:1924
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:1464
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:1908
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:2152
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:2480
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:2916
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:996
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:4784
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:2400
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:3308
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:3840
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:2212
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:4136
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:1828
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:424
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:3436
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:4320
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:1068
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:64
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:2036
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:5092
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:3236
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:208
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:1364
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:3860
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:620
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3232
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:3552
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4140
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3964
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:1108
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:5032
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:2368
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:4968
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:4076
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:4320
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:4380
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:1948
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:2800
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:2396
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:3512
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:4496
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:1956
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:4136
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:1440
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:1768
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:384
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:2288
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:2916
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:3912
                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                            explorer.exe
                                                                                                                            1⤵
                                                                                                                              PID:4864
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                              1⤵
                                                                                                                                PID:1432
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                1⤵
                                                                                                                                  PID:2720

                                                                                                                                Network

                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                Replay Monitor

                                                                                                                                Loading Replay Monitor...

                                                                                                                                Downloads

                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                                  Filesize

                                                                                                                                  471B

                                                                                                                                  MD5

                                                                                                                                  83571b73771359002d59ebc9befdae55

                                                                                                                                  SHA1

                                                                                                                                  404e41179a9105449ea6480ded696bc9ad777ad1

                                                                                                                                  SHA256

                                                                                                                                  aa50c1f284bd799c71c9dcf44e376edf56118526f7b8d386efa3a3a302741dd3

                                                                                                                                  SHA512

                                                                                                                                  8fe5ecb1acd3de4086fd46c8918a046684c4b95e8ecf37ee2b0f7e081f5973698c093e8e11bfd24e4757e51b8a9d3cea46140c0453a6323e781e8e7c0b37568c

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                                  Filesize

                                                                                                                                  412B

                                                                                                                                  MD5

                                                                                                                                  4af8353ad2bf694106a24dc00b7362e1

                                                                                                                                  SHA1

                                                                                                                                  0662122a649c721def13836ec87a668f1aaaf8fe

                                                                                                                                  SHA256

                                                                                                                                  7e5cbea370fe0bc1016dbb337c8e63a4af1f1f5a680725215c69574bd6f08f8b

                                                                                                                                  SHA512

                                                                                                                                  64ba7a568f485ef4682bceb8924954a2b9f2a6da94ea543444f460477634744a1fdadd6d539a7cffbdf80439388b238448b79c90ac402751485e043fab05ac69

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                  Filesize

                                                                                                                                  2KB

                                                                                                                                  MD5

                                                                                                                                  725d57ad96c154e8e174b4850126442e

                                                                                                                                  SHA1

                                                                                                                                  ee8330494617b900c865e994b69622b0e7ad1dfc

                                                                                                                                  SHA256

                                                                                                                                  146fdce7fe77376db8c1acbb1636c9584a7355ec1ab868484d95396029491b4c

                                                                                                                                  SHA512

                                                                                                                                  f64a843c55e0ef40e949d2414b5b82b5a010722210b5cdc1e81dc81146488f62c241baea38bf15c24063f9d4ab39270cc405aebc990456463546dd92e4a5ce46

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                                                                                  Filesize

                                                                                                                                  36KB

                                                                                                                                  MD5

                                                                                                                                  0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                                  SHA1

                                                                                                                                  92495421ad887f27f53784c470884802797025ad

                                                                                                                                  SHA256

                                                                                                                                  0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                                  SHA512

                                                                                                                                  61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer
                                                                                                                                  Filesize

                                                                                                                                  36KB

                                                                                                                                  MD5

                                                                                                                                  ab0262f72142aab53d5402e6d0cb5d24

                                                                                                                                  SHA1

                                                                                                                                  eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                                                  SHA256

                                                                                                                                  20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                                                  SHA512

                                                                                                                                  bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1QK7O5FT\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  d999f65105ba511b9a85c92595366aa5

                                                                                                                                  SHA1

                                                                                                                                  acd1800ccb77d1ed5bf43fd29c05fbcdd9d14adb

                                                                                                                                  SHA256

                                                                                                                                  626774fae7cf7de253841c4d2244fa2a50cc4a5abf5cb2d2006afd836412ba5a

                                                                                                                                  SHA512

                                                                                                                                  c793a44c17918e30348fe2b836bfbcf0edacb4f76b99f6dc6a67d8047cfbd2079645a853500e9520b202883f8cce2433690406edf47b08cf334272df6c4c60f9

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wq3wzhle.dw3.ps1
                                                                                                                                  Filesize

                                                                                                                                  60B

                                                                                                                                  MD5

                                                                                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                  SHA1

                                                                                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                  SHA256

                                                                                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                  SHA512

                                                                                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                  Download Submit

                                                                                                                                • memory/404-906-0x0000014558A60000-0x0000014558A80000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/404-915-0x0000014559080000-0x00000145590A0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/404-606-0x000002E9EA200000-0x000002E9EA300000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/404-610-0x000002E9EB360000-0x000002E9EB380000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/404-605-0x000002E9EA200000-0x000002E9EA300000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/404-898-0x0000014558AA0000-0x0000014558AC0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/404-626-0x000002E9EB320000-0x000002E9EB340000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/404-642-0x000002E9EB730000-0x000002E9EB750000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/720-742-0x0000000004300000-0x0000000004301000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/808-354-0x000001B853400000-0x000001B853420000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/808-327-0x000001B851F00000-0x000001B852000000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/808-341-0x000001B853000000-0x000001B853020000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/808-329-0x000001B851F00000-0x000001B852000000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/808-332-0x000001B853040000-0x000001B853060000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1084-890-0x0000000004630000-0x0000000004631000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/1948-1338-0x0000000004440000-0x0000000004441000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/2172-1037-0x0000000004300000-0x0000000004301000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/2724-179-0x000002546E700000-0x000002546E800000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/2724-178-0x000002546E700000-0x000002546E800000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/2724-183-0x000002546F840000-0x000002546F860000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2724-191-0x000002546F800000-0x000002546F820000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2724-201-0x000002546FC10000-0x000002546FC30000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2724-180-0x000002546E700000-0x000002546E800000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/2728-20-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/2728-19-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/2728-18-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/2728-16-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/2728-15-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/2728-14-0x0000026565750000-0x0000026565774000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  144KB

                                                                                                                                  Download

                                                                                                                                • memory/2728-13-0x0000026565750000-0x000002656577A000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  168KB

                                                                                                                                  Download

                                                                                                                                • memory/2728-12-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/2728-0-0x00007FF9CFB53000-0x00007FF9CFB55000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  8KB

                                                                                                                                  Download

                                                                                                                                • memory/2728-11-0x00007FF9CFB50000-0x00007FF9D0611000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                  Download

                                                                                                                                • memory/2728-10-0x00000265656B0000-0x00000265656D2000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  136KB

                                                                                                                                  Download

                                                                                                                                • memory/3012-492-0x00000267B6F80000-0x00000267B6FA0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3012-475-0x00000267B5F00000-0x00000267B6000000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/3012-503-0x00000267B7390000-0x00000267B73B0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3012-480-0x00000267B6FC0000-0x00000267B6FE0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3012-476-0x00000267B5F00000-0x00000267B6000000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/3556-1368-0x000002BEB2E00000-0x000002BEB2E20000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3556-1357-0x000002BEB29F0000-0x000002BEB2A10000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3556-1345-0x000002BEB2A30000-0x000002BEB2A50000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3556-1340-0x000002BEB1900000-0x000002BEB1A00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/3632-473-0x0000000004660000-0x0000000004661000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/3724-325-0x0000000004880000-0x0000000004881000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4024-603-0x0000000004F80000-0x0000000004F81000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4032-1055-0x000002670C8B0000-0x000002670C8D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4032-1040-0x000002670BA00000-0x000002670BB00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4032-1064-0x000002670CEC0000-0x000002670CEE0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4032-1045-0x000002670C8F0000-0x000002670C910000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4032-1039-0x000002670BA00000-0x000002670BB00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4328-1188-0x0000023642700000-0x0000023642800000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4328-1206-0x0000023643990000-0x00000236439B0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4328-1225-0x0000023643DA0000-0x0000023643DC0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4328-1189-0x0000023642700000-0x0000023642800000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4328-1193-0x00000236439D0000-0x00000236439F0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4328-1190-0x0000023642700000-0x0000023642800000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4364-177-0x0000000004A20000-0x0000000004A21000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4804-1187-0x0000000004110000-0x0000000004111000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4828-35-0x000001BE457E0000-0x000001BE45800000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4828-56-0x000001BE45EB0000-0x000001BE45ED0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4828-44-0x000001BE457A0000-0x000001BE457C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4976-29-0x0000000002F60000-0x0000000002F61000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/5092-781-0x0000025E52080000-0x0000025E520A0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/5092-764-0x0000025E51A70000-0x0000025E51A90000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/5092-749-0x0000025E51AB0000-0x0000025E51AD0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/5092-745-0x0000025E50B50000-0x0000025E50C50000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/5092-746-0x0000025E50B50000-0x0000025E50C50000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/5092-744-0x0000025E50B50000-0x0000025E50C50000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download