Overview

overview

10

Static

static

3

a19b171658...93.exe

windows7-x64

4

a19b171658...93.exe

windows10-2004-x64

10

bodaciously.com

windows7-x64

bodaciously.com

windows10-2004-x64

radials.ps1

windows7-x64

3

radials.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    57s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2024 02:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    radials.ps1

  • Size

    52KB

  • MD5

    48bfb2d69f3a797169c8b44b71e7bb6a

  • SHA1

    2a3e1bb359707f2ad6325b2f8520e95945ebc6fe

  • SHA256

    95da5b6aa5c574eda69ebc3c020ad6163faa508e9bb37dd42f9b4290adc61ef0

  • SHA512

    688344cc79016b6678acae2a4302b945f81cf5f9abc81b9c783b2d94381d11d4c3b8d2d066452be8ea21c8312cdd3ef59d4a41d0f95496a072a071c8dadbaf1d

  • SSDEEP

    1536:ZazzEOZZXf8+7oAvmHg2lpTccbx978aGaDm/:Az4gZvp7u7pfbf7IX/

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 12 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\radials.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1460
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1400
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4856
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3348
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2988
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3900
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1540
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3260
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4008
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1092
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1812
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1732
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3956
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1576
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3820
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1688
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4644
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2684
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4944
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1576
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:8
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3140
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4788
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4396
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4016
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4284
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2296
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2384
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:524
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3572
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3892
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1292
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1384
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:2136
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3816
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
      PID:1688
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:1716
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:2108
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:2572
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:5004
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3940
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:4532
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4132
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:1112
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:648
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:920
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:2580
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:1684
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:1868
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:1524
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:4036
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:4216
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:1112
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:2244
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4108
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2948
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:2824
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:4880
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:3768
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4128
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:4716
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:4972
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:4196
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:2576
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:2500
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:1280
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:4588
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:2304
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4616
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4544
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:996
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:904
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:4452
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:4212
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:4148
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:3096
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4040
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:3544
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:2660
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:3744
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:1700
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3608
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:2584
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:2636
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:2860
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:1156
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:2932
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:2080
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:3660
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:3812
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:3416
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:4900
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:1664
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:2092

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                          Filesize

                                                                                                                          471B

                                                                                                                          MD5

                                                                                                                          45936605b5725fe4de4526a632dfd431

                                                                                                                          SHA1

                                                                                                                          9384724fb3d04b294ce91eb1b7e243e3d911a892

                                                                                                                          SHA256

                                                                                                                          24911a1abff6305b2e61d98f5baa9c73b7c1ca3abbd5a3ef0ffcab967e62a2a6

                                                                                                                          SHA512

                                                                                                                          31ef10076be74eafdf3c4d7aa28d1432af7d877ced89a879507b03b14a039f2bebe445380aca75c3fb7290c6e3137831939973b8231bb38de3c268b97640991b

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                          Filesize

                                                                                                                          412B

                                                                                                                          MD5

                                                                                                                          37ae6f917dfaa5d26cc181b9e8d061d8

                                                                                                                          SHA1

                                                                                                                          82e046190c8fced59dad146cd1effb9355de9c2c

                                                                                                                          SHA256

                                                                                                                          8623ed964e0000fb2e8aec53c70f7e0a2bd273d4052d82f2a6202a7f39b4b438

                                                                                                                          SHA512

                                                                                                                          ef4da4253d023f8333db15f9e77332376c8a224f3634a56827531a160e963592824503cf1a77a16ba2b53dc2ddc770d5234306e709dcaf32bd7f6314fb74b42b

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          6a2d1aae6789104c7677fd23cd1e8c2d

                                                                                                                          SHA1

                                                                                                                          4db2e96bb83f003b4be2ff84281da12ba63f4e55

                                                                                                                          SHA256

                                                                                                                          d399c860d1f9cf3b167dd277155fa8264e77c22c492026f7db3dfb6dabe8eff0

                                                                                                                          SHA512

                                                                                                                          98c650f819778ef3de19b5d3668d2ab7f59570f06c3b17fc8e8cbcb06d282df6d5b919589cc3a3d692b72e4bddafbc5282f44bbd200c7550c571710211ee3693

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BXW86519\microsoft.windows[1].xml
                                                                                                                          Filesize

                                                                                                                          97B

                                                                                                                          MD5

                                                                                                                          63cd961e204170b14592b1fc849122a0

                                                                                                                          SHA1

                                                                                                                          91a669822ca57111634c8d8095df45b3d2c7ba9e

                                                                                                                          SHA256

                                                                                                                          093381f300311d2fd72cc5f9cbd234db87f8a9fcc4a488f9a45e7bbb36cfdd63

                                                                                                                          SHA512

                                                                                                                          e07cd619279175456a6f0e1ec3bad2a95ead488536c489e11400de118b2dc3a59a1355f78b44507c5067ffef8ecb213569627ccb9e94ad2e2eb136a4ac7f9820

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vf3cinbj.kdt.ps1
                                                                                                                          Filesize

                                                                                                                          60B

                                                                                                                          MD5

                                                                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                          SHA1

                                                                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                          SHA256

                                                                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                          SHA512

                                                                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                          Download Submit

                                                                                                                        • memory/8-785-0x00000195C65E0000-0x00000195C6600000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/8-797-0x00000195C6BF0000-0x00000195C6C10000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/8-770-0x00000195C5500000-0x00000195C5600000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/8-775-0x00000195C6820000-0x00000195C6840000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1092-327-0x0000000004A40000-0x0000000004A41000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1384-1371-0x000001FE0D5D0000-0x000001FE0D5F0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1384-1358-0x000001F60B700000-0x000001F60B800000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1384-1360-0x000001F60B700000-0x000001F60B800000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1384-1384-0x000001FE0DBE0000-0x000001FE0DC00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1384-1363-0x000001FE0D820000-0x000001FE0D840000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1384-1359-0x000001F60B700000-0x000001F60B800000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1460-10-0x000001DDD6100000-0x000001DDD6122000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          136KB

                                                                                                                          Download

                                                                                                                        • memory/1460-21-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/1460-19-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/1460-16-0x000001DDD6130000-0x000001DDD615A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/1460-17-0x000001DDD6130000-0x000001DDD6154000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          144KB

                                                                                                                          Download

                                                                                                                        • memory/1460-0-0x00007FFE2E223000-0x00007FFE2E225000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          Download

                                                                                                                        • memory/1460-15-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/1460-11-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/1460-20-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/1460-12-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/1460-14-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/1460-13-0x00007FFE2E220000-0x00007FFE2ECE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/1540-181-0x0000000004680000-0x0000000004681000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1688-620-0x00000000043A0000-0x00000000043A1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1732-330-0x0000022352200000-0x0000022352300000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1732-334-0x0000022353090000-0x00000223530B0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1732-343-0x0000022353050000-0x0000022353070000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1732-356-0x0000022353660000-0x0000022353680000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1732-331-0x0000022352200000-0x0000022352300000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/2136-1498-0x00000000026F0000-0x00000000026F1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2296-1065-0x000002A4C0A00000-0x000002A4C0B00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/2296-1069-0x000002A4C1940000-0x000002A4C1960000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2296-1091-0x000002A4C1F00000-0x000002A4C1F20000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2296-1079-0x000002A4C1900000-0x000002A4C1920000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2296-1064-0x000002A4C0A00000-0x000002A4C0B00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/2384-1211-0x0000000004270000-0x0000000004271000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2684-628-0x00000175655A0000-0x00000175655C0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2684-650-0x0000017565970000-0x0000017565990000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2684-639-0x0000017565560000-0x0000017565580000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3140-920-0x00000000047F0000-0x00000000047F1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/3348-30-0x00000000047B0000-0x00000000047B1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/3572-1228-0x000002E223430000-0x000002E223450000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3572-1241-0x000002E223840000-0x000002E223860000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3572-1218-0x000002E223470000-0x000002E223490000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3572-1213-0x000002E222120000-0x000002E222220000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3572-1214-0x000002E222120000-0x000002E222220000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3572-1215-0x000002E222120000-0x000002E222220000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3820-476-0x0000016396600000-0x0000016396700000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3820-510-0x00000163974B0000-0x00000163974D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3820-511-0x0000016397AC0000-0x0000016397AE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3820-479-0x00000163974F0000-0x0000016397510000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3820-474-0x0000016396600000-0x0000016396700000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3892-1356-0x0000000004010000-0x0000000004011000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/3900-32-0x00000269B8120000-0x00000269B8220000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3900-31-0x00000269B8120000-0x00000269B8220000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3900-36-0x00000269B9140000-0x00000269B9160000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3900-47-0x00000269B9100000-0x00000269B9120000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3900-67-0x00000269B9510000-0x00000269B9530000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3956-472-0x0000000004CE0000-0x0000000004CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4008-220-0x000001828AEC0000-0x000001828AEE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4008-199-0x000001828A8B0000-0x000001828A8D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4008-189-0x000001828A8F0000-0x000001828A910000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4016-1062-0x0000000004930000-0x0000000004931000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4396-922-0x00000271C2200000-0x00000271C2300000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/4396-934-0x00000271C2BD0000-0x00000271C2BF0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4396-959-0x00000271C36E0000-0x00000271C3700000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4396-927-0x00000271C3320000-0x00000271C3340000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4944-768-0x0000000004140000-0x0000000004141000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download