Overview

overview

10

Static

static

3

factura so...a..exe

windows7-x64

8

factura so...a..exe

windows10-2004-x64

10

Concludence.ps1

windows7-x64

3

Concludence.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    59s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250211-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/02/2025, 12:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Concludence.ps1

  • Size

    51KB

  • MD5

    1678eaebcc616fdd486b73c0d0f9a765

  • SHA1

    8e9d45a247bf04385e368f16ae88ac4c70c5ca4f

  • SHA256

    ee054a99730186790f4a20abe48b59b4254b5bb5888b4cf685f7a74092a9a6e6

  • SHA512

    7bec8100642738d1cf759f3a5226a5e96defc56697235ef50444d35fdaf82bfab8eed5addbff50b358b9ab7caf5ccbe65cea09d7d0be35a6de7f6614d2b78172

  • SSDEEP

    1536:pxAaLXZA+Iki28ydNcQOb01QZKVDxXAJb:px3dAwnXeYdNwJ

Score
8/10
discoveryexecutionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 13 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file 1 IoCs
  • Enumerates connected drives 3 TTPs 26 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Concludence.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4808
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4516
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1756
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3720
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1408
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1032
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2328
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2884
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4288
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1748
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3052
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4960
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3016
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4876
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2384
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3824
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1532
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4836
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5028
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:936
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4052
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4220
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3492
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Rjk3MTdBMzMtMUJDNC00NkU3LThENzgtRDQ2Mjk2QzBCRjY5fSIgdXNlcmlkPSJ7MTk1OTlFNjAtNEI4MS00NUNDLTlDMkUtMUNEMDFCMTUyODA3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RTRCOTZGQUUtNTc1Qi00MUZDLTgxMDUtRUI3MEQ2MzMwRkQ4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODIxNjkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1MzE4NTEwMTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDgxMjIwODk3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:2388
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4176
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3312
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3848
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2436
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3944
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4128
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4228
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4948
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3600
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1336
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3120
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2120
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:2468
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:3848
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4228
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:1576
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:3652
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3420
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:4672
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4840
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3016
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:2860
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:5096
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3616
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3580
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:5068
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:3896
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3140
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:880
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1808
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:1852
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:1904
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:1748
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2548
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:3608
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:1188
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:2556
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4056
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:1384
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2524
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:2848
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:2332
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4332
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:4576
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:4140
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:3996
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:3056
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4212
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:3608
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3508
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:2036
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:1696
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:4380
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:4016
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4360
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:1040
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4156
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:2604
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4976
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:2968
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:4996
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:3292
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:4372
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3120
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:2672
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:4748
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:3652
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:1852
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:2200

                                                                                                                  Network

                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                  Replay Monitor

                                                                                                                  Loading Replay Monitor...

                                                                                                                  Downloads

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                    Filesize

                                                                                                                    2KB

                                                                                                                    MD5

                                                                                                                    83ad105a4492b2817ff58bdc75d16105

                                                                                                                    SHA1

                                                                                                                    c3a11c9dcc442e13d2c1e0f2d2b64d2e625c9779

                                                                                                                    SHA256

                                                                                                                    e0408b82516f6444133ed19168606508bd514471d8f7b8344994cdf81aba7c07

                                                                                                                    SHA512

                                                                                                                    a136a56308ebc00a19d47ab6990c2d7c1cf6c46b2841cf10329152227428727146997e554548207f05ebc58a954a84da569408e632e582ea332dc965014e3599

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133842672316467220.txt
                                                                                                                    Filesize

                                                                                                                    75KB

                                                                                                                    MD5

                                                                                                                    c0d6c1a712463be384eb563a87cf99ab

                                                                                                                    SHA1

                                                                                                                    4a9ae22ef5713b1e5159ed577571600db03aaeb1

                                                                                                                    SHA256

                                                                                                                    c54777c4eb61185bdf67cc1feee742b06687b2412d4ea4325077c3769d66d467

                                                                                                                    SHA512

                                                                                                                    f4ed389294dbda475d0d45bf74c15058d85c14e07d81963a70aacae6836425e89eaea9e602e6f814c17ad225f966f07c8db455f69f133e4bef002fc98c648466

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BGFNGWSF\microsoft.windows[1].xml
                                                                                                                    Filesize

                                                                                                                    97B

                                                                                                                    MD5

                                                                                                                    2bd000b745a64a890697d10ac6948dc6

                                                                                                                    SHA1

                                                                                                                    ac62659911cae3b038281ba7720ee15a86d1228f

                                                                                                                    SHA256

                                                                                                                    0f62c48268c61f36c297b89801e20ddbadc5ca01c39c0ecd2e39dc3bdd7b4f38

                                                                                                                    SHA512

                                                                                                                    c6a5b0b5bd4427d63465a3921e9858541647e11d572e7fc1c8817f9e3d75ef45820009590bc35748552ead9391116d9858bbffee1f31bb8fdd923f0e7c96f4b5

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4kxmp0b5.zm3.ps1
                                                                                                                    Filesize

                                                                                                                    60B

                                                                                                                    MD5

                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                    SHA1

                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                    SHA256

                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                    SHA512

                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                    Download Submit

                                                                                                                  • memory/936-634-0x00000177B3320000-0x00000177B3340000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/936-622-0x00000177B3360000-0x00000177B3380000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/936-618-0x00000177B2200000-0x00000177B2300000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/936-617-0x00000177B2200000-0x00000177B2300000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/936-644-0x00000177B3720000-0x00000177B3740000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1032-31-0x0000022C21390000-0x0000022C213B0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1032-26-0x0000022C20240000-0x0000022C20340000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/1032-34-0x0000022C21350000-0x0000022C21370000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1032-46-0x0000022C21760000-0x0000022C21780000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1032-28-0x0000022C20240000-0x0000022C20340000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/1336-1356-0x0000000004AA0000-0x0000000004AA1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1532-473-0x000001F417160000-0x000001F417260000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/1532-509-0x000001F418690000-0x000001F4186B0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1532-491-0x000001F418280000-0x000001F4182A0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1532-477-0x000001F4182C0000-0x000001F4182E0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1532-472-0x000001F417160000-0x000001F417260000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2120-1363-0x0000022300300000-0x0000022300320000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2120-1358-0x00000222FF200000-0x00000222FF300000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2384-470-0x00000000048D0000-0x00000000048D1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/2436-1057-0x0000000004160000-0x0000000004161000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3052-211-0x0000020949EC0000-0x0000020949EE0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3052-224-0x000002094A4E0000-0x000002094A500000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3052-199-0x0000020949F00000-0x0000020949F20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3492-765-0x0000025899E00000-0x0000025899F00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3492-802-0x000002589B2E0000-0x000002589B300000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3492-766-0x0000025899E00000-0x0000025899F00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3492-770-0x000002589AD10000-0x000002589AD30000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3492-780-0x000002589ACD0000-0x000002589ACF0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3600-1215-0x0000017E671C0000-0x0000017E671E0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3600-1227-0x0000017E67180000-0x0000017E671A0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3600-1210-0x0000017E65F00000-0x0000017E66000000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3600-1247-0x0000017E67590000-0x0000017E675B0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3720-24-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3848-914-0x0000020364600000-0x0000020364700000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3848-915-0x0000020364600000-0x0000020364700000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3848-950-0x0000020365AE0000-0x0000020365B00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3848-929-0x00000203653D0000-0x00000203653F0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3848-919-0x0000020365720000-0x0000020365740000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4052-763-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4128-1061-0x0000018C51C00000-0x0000018C51D00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/4128-1060-0x0000018C51C00000-0x0000018C51D00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/4128-1064-0x0000018C52AE0000-0x0000018C52B00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4128-1074-0x0000018C52AA0000-0x0000018C52AC0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4128-1086-0x0000018C530C0000-0x0000018C530E0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4176-913-0x0000000004A40000-0x0000000004A41000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4228-1208-0x0000000004120000-0x0000000004121000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4288-191-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4808-12-0x00007FF864F50000-0x00007FF865A11000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/4808-16-0x000001CD6F430000-0x000001CD6F45A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    168KB

                                                                                                                    Download

                                                                                                                  • memory/4808-13-0x00007FF864F50000-0x00007FF865A11000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/4808-14-0x00007FF864F50000-0x00007FF865A11000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/4808-15-0x00007FF864F50000-0x00007FF865A11000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/4808-11-0x00007FF864F50000-0x00007FF865A11000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/4808-0-0x00007FF864F53000-0x00007FF864F55000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    8KB

                                                                                                                    Download

                                                                                                                  • memory/4808-21-0x00007FF864F50000-0x00007FF865A11000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/4808-20-0x00007FF864F50000-0x00007FF865A11000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/4808-6-0x000001CD6F370000-0x000001CD6F392000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    136KB

                                                                                                                    Download

                                                                                                                  • memory/4808-19-0x00007FF864F50000-0x00007FF865A11000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/4808-17-0x000001CD6F430000-0x000001CD6F454000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    144KB

                                                                                                                    Download

                                                                                                                  • memory/4836-615-0x0000000003FD0000-0x0000000003FD1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4876-336-0x000001B3A2D20000-0x000001B3A2E20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/4876-341-0x000001B3A3E80000-0x000001B3A3EA0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4876-337-0x000001B3A2D20000-0x000001B3A2E20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/4876-363-0x000001B3A4250000-0x000001B3A4270000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4876-351-0x000001B3A3E40000-0x000001B3A3E60000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4960-334-0x0000000004200000-0x0000000004201000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download