Overview

overview

10

Static

static

3

JUSTIFICAN...GO.exe

windows7-x64

7

JUSTIFICAN...GO.exe

windows10-2004-x64

10

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Illimitedn...es.ps1

windows7-x64

3

Illimitedn...es.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    73s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/02/2025, 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Illimitedness/Sprinkles.ps1

  • Size

    52KB

  • MD5

    8af5055352f12b4e6f2465fbc1458cf5

  • SHA1

    599607120702949b986bfe936d627470c81f048c

  • SHA256

    59f4336f613f08e0183095b710765d0d696428c5a91f3071b094453f38d94655

  • SHA512

    340ee325a8c1e66b65d036bf5f2008dfe16d2999cf61ab9bc2f86ff13e53adbe041b31a4f6a97ea050eb7315d544eb3232309325db274e42ad6b2261571d60ea

  • SSDEEP

    768:83Q0pbh7YFuPhyUxbEB9mexUhIN7GEPjC6GqrrFJbsl/hTpbmgG7pMtloKF6Hxfr:83Q4ZYIPPgFx7xjC6/LQyVpYUJRia

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 16 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 30 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 27 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Illimitedness\Sprinkles.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2888
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1948
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3084
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2616
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3764
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2304
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1700
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4984
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4128
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3704
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4840
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:456
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3344
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4108
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3660
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1120
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1448
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1896
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3288
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4752
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3220
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:456
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4588
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2376
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4980
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5096
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4352
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4236
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4840
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2372
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1224
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5032
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1984
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1500
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3704
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:864
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5064
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2016
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3892
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:644
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4960
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:764
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5108
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:1944
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:2356
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4300
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:2016
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:5072
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:2712
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:64
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:2568
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3784
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:3724
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:5068
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:2960
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3720
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:2712
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:3976
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:1860
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:2196
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:2172
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:2008
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3296
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4564
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2196
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4296
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:5044
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:3520
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4356
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:3120
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2660
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:3684
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:2092
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:3628
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:3208
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:4040
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4512
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:3240
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:680
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:3740
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3176
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:5044
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:1552
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:2744
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:3464
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3172
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:2056
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4420
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:2744
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4604
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:2620

                                                                                                Network

                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  78dad4a16c1340208b4f4cbe6de4f9f6

                                                                                                  SHA1

                                                                                                  fcb0fee102477107fb9288250266136a2abe87b2

                                                                                                  SHA256

                                                                                                  66791a0665d9618a30cd0e0c1fb8484c86c6dbe4df5badc2344f11f842af51ae

                                                                                                  SHA512

                                                                                                  5c793efbf6fd8ce8bedf3245ababe230c9b9de6e74d85833be81776a7d144680660b29260762632aebf87fe0638b69f70480ba8792b3936ab2f0db591f6f1112

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133845371139099520.txt
                                                                                                  Filesize

                                                                                                  75KB

                                                                                                  MD5

                                                                                                  b8d20bd2078c6237b7f026453015eb5a

                                                                                                  SHA1

                                                                                                  198c61bfee0ae0fe3e112cdac12a441c676d15bb

                                                                                                  SHA256

                                                                                                  8ab026d585cee0596291badce0d88d9cdaaa34ee668ddea987b8aa7082263d80

                                                                                                  SHA512

                                                                                                  a61ef7a5aa28e95267b1a8276a8ea5b911b0e194e9ca569cfa58873cc5a60bbc129bb46a670f122b392cbd932c88973da5a97818355a25c0d8ccf102126d64e0

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\KBKOF0HZ\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  724e79e3ff7cb4b2081ae58bd2233970

                                                                                                  SHA1

                                                                                                  c1eebad05b274a5634919835b808d59789a14860

                                                                                                  SHA256

                                                                                                  003db0dd8a6a9e55781448375d8c644b192661712b6b08c016bd63885621d963

                                                                                                  SHA512

                                                                                                  62aad672e6ea20a6f675f46727264c4cace1588d63e7ac1d17d8d9ea8d2413aa8449f7f06ddaeae316fa3890fbceffd628e287cd39b82bf8062c39d9c2b1ec8a

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bjhsfwvx.3ba.ps1
                                                                                                  Filesize

                                                                                                  60B

                                                                                                  MD5

                                                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                                                  SHA1

                                                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                  SHA256

                                                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                  SHA512

                                                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                  Download Submit

                                                                                                • memory/456-374-0x0000023E2CBC0000-0x0000023E2CBE0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/456-354-0x0000023E2C5B0000-0x0000023E2C5D0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/456-342-0x0000023E2C800000-0x0000023E2C820000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/456-337-0x0000023E2B700000-0x0000023E2B800000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/456-338-0x0000023E2B700000-0x0000023E2B800000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/864-1541-0x0000000004420000-0x0000000004421000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/1120-639-0x0000000004770000-0x0000000004771000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/1700-185-0x0000000002D60000-0x0000000002D61000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/1896-659-0x0000027E7BF40000-0x0000027E7BF60000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1896-672-0x0000027E7C350000-0x0000027E7C370000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1896-646-0x0000027E7BF80000-0x0000027E7BFA0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1984-1397-0x0000000004820000-0x0000000004821000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/2016-1561-0x0000027FB6940000-0x0000027FB6960000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2016-1543-0x0000027FB5820000-0x0000027FB5920000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/2016-1544-0x0000027FB5820000-0x0000027FB5920000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/2016-1548-0x0000027FB6980000-0x0000027FB69A0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2016-1574-0x0000027FB6D50000-0x0000027FB6D70000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2304-59-0x0000021857500000-0x0000021857520000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2304-34-0x0000021856F20000-0x0000021856F40000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2304-47-0x0000021856EE0000-0x0000021856F00000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2304-29-0x0000021856000000-0x0000021856100000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/2372-1244-0x0000000004140000-0x0000000004141000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/2376-944-0x0000000003EA0000-0x0000000003EA1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/2616-27-0x00000000032C0000-0x00000000032C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/2888-20-0x00007FFFADB50000-0x00007FFFAE611000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2888-16-0x00000108EFFB0000-0x00000108EFFDA000-memory.dmp

                                                                                                  Filesize

                                                                                                  168KB

                                                                                                  Download

                                                                                                • memory/2888-14-0x00007FFFADB50000-0x00007FFFAE611000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2888-13-0x00007FFFADB50000-0x00007FFFAE611000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2888-12-0x00007FFFADB50000-0x00007FFFAE611000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2888-11-0x00007FFFADB50000-0x00007FFFAE611000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2888-22-0x00007FFFADB50000-0x00007FFFAE611000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2888-15-0x00007FFFADB50000-0x00007FFFAE611000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2888-0-0x00007FFFADB53000-0x00007FFFADB55000-memory.dmp

                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  Download

                                                                                                • memory/2888-17-0x00000108EFFB0000-0x00000108EFFD4000-memory.dmp

                                                                                                  Filesize

                                                                                                  144KB

                                                                                                  Download

                                                                                                • memory/2888-10-0x00000108EFBC0000-0x00000108EFBE2000-memory.dmp

                                                                                                  Filesize

                                                                                                  136KB

                                                                                                  Download

                                                                                                • memory/2888-19-0x00007FFFADB50000-0x00007FFFAE611000-memory.dmp

                                                                                                  Filesize

                                                                                                  10.8MB

                                                                                                  Download

                                                                                                • memory/2888-21-0x00000108EF6F0000-0x00000108EF90C000-memory.dmp

                                                                                                  Filesize

                                                                                                  2.1MB

                                                                                                  Download

                                                                                                • memory/3220-792-0x0000000004220000-0x0000000004221000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3344-487-0x0000000004830000-0x0000000004831000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3660-514-0x000001DF873C0000-0x000001DF873E0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3660-506-0x000001DF86DB0000-0x000001DF86DD0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3660-495-0x000001DF86DF0000-0x000001DF86E10000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3704-1413-0x0000027356B40000-0x0000027356B60000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3704-336-0x0000000004CE0000-0x0000000004CE1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3704-1425-0x0000027356F50000-0x0000027356F70000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3704-1404-0x0000027356B80000-0x0000027356BA0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3892-1684-0x00000000043E0000-0x00000000043E1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/4128-192-0x000001BDB9C40000-0x000001BDB9C60000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4128-187-0x000001BDB8900000-0x000001BDB8A00000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/4128-188-0x000001BDB8900000-0x000001BDB8A00000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/4128-214-0x000001BDBA000000-0x000001BDBA020000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4128-204-0x000001BDB9C00000-0x000001BDB9C20000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4352-1092-0x00000000021D0000-0x00000000021D1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/4588-795-0x000001FA5D4E0000-0x000001FA5D5E0000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/4588-799-0x000001FA5E840000-0x000001FA5E860000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4588-794-0x000001FA5D4E0000-0x000001FA5D5E0000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/4588-831-0x000001FA5EC10000-0x000001FA5EC30000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4588-814-0x000001FA5E800000-0x000001FA5E820000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4840-1094-0x000002045B600000-0x000002045B700000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/4840-1111-0x000002045C1A0000-0x000002045C1C0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4840-1099-0x000002045C1E0000-0x000002045C200000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4840-1095-0x000002045B600000-0x000002045B700000-memory.dmp

                                                                                                  Filesize

                                                                                                  1024KB

                                                                                                  Download

                                                                                                • memory/4840-1131-0x000002045CAC0000-0x000002045CAE0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/5032-1264-0x00000289AD720000-0x00000289AD740000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/5032-1252-0x00000289AD760000-0x00000289AD780000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/5032-1280-0x00000289ADB30000-0x00000289ADB50000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/5096-964-0x00000259A5E40000-0x00000259A5E60000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/5096-952-0x00000259A5E80000-0x00000259A5EA0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/5096-975-0x00000259A6250000-0x00000259A6270000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download