Overview

overview

10

Static

static

3

a56436df8a...54.exe

windows7-x64

8

a56436df8a...54.exe

windows10-2004-x64

10

Los107.ps1

windows7-x64

3

Los107.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    74s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2025, 03:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Los107.ps1

  • Size

    55KB

  • MD5

    fd68605dede5dff48ac0498675704de0

  • SHA1

    f1150379e8b26b01329c9af71dcaee0baf3ce819

  • SHA256

    b4bcc505d66a46af9185af84e5472ef5045cf4abfe722207076d34fbf6df40d7

  • SHA512

    36f1b2ed7cfe46141deef05cc236941363bd2ef54b3e627312f3f81d3217403a65ee4e1c94e6dce3edad99178e1263ab80f5d10b821bbf585ebdfd1b1400491f

  • SSDEEP

    1536:XyhNN+u6AmjiFn3849RlX1Kdwfcdivcr8n:ihr4+nnlKTEUu

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 15 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 28 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 27 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Los107.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1288
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3188
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1752
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1016
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4132
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4764
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2604
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2456
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4116
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2188
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4680
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:844
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3076
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3856
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4364
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:1564
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4468
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4672
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3832
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3684
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2280
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4380
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4172
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5024
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1644
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3700
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1444
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1124
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2556
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1916
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4432
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3888
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4824
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4764
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1148
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:4020
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2276
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3796
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2376
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4448
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1388
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:448
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:4640
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:4408
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:3468
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:228
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:1996
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4264
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:4080
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:1740
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:1064
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:2080
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:1996
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:1160
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:5016
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4168
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2368
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2064
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3300
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:228
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4388
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4812
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:2108
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:1832
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:1288
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:3156
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:2768
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:2060
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:640
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2908
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:3572
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:2336
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:2928
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:4396
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:3700
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:3248
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:3768
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4924
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:2100
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3076
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:4824
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:4976
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:1176
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:3416
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:1280
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:1000
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:1652
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:4884
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:2732

                                                                                              Network

                                                                                              MITRE ATT&CK Enterprise v15

                                                                                              Replay Monitor

                                                                                              Loading Replay Monitor...

                                                                                              Downloads

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                Filesize

                                                                                                471B

                                                                                                MD5

                                                                                                d0be8c23e52d466e6cc64053f7b97d33

                                                                                                SHA1

                                                                                                b4a089e0dca148ba8199f6ed3cf7d8f688de6609

                                                                                                SHA256

                                                                                                124fe798c212892909759ac64bcaa13c12d45d01dcc6d29a283c06bb8ab2ee9d

                                                                                                SHA512

                                                                                                5324768c84068e0eeab8a2bfcccc2e7d478b40b5c8d6eddc66f7f7ed84bc0164ced23e70f1aba7a7bead91a6aa22eb9b2ee338fd43963dc6f1f2572a99721682

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                Filesize

                                                                                                412B

                                                                                                MD5

                                                                                                3b9656140a6364b9c193520d9e459d16

                                                                                                SHA1

                                                                                                d41c4c0e7883da0c7c6d00e492774eb76f7f1de2

                                                                                                SHA256

                                                                                                f6c93e1b15644f225fc1b52b2166dde4b81c22958ca3cbd9ff7b4499b7cf57d1

                                                                                                SHA512

                                                                                                0e70f64737f3186dd4291eba96d4167de6d6fbeb1e81f0dbb7d754b4cb3870675506ca1073a45d05024f9a5d956ed606e4555f625d467195a64c065c8e8da2c8

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                Filesize

                                                                                                2KB

                                                                                                MD5

                                                                                                b8c5b51b549ef141bc21333e2b4fa024

                                                                                                SHA1

                                                                                                4e23103d03927277d344f8a064bf734ba4d95abd

                                                                                                SHA256

                                                                                                e658f7a5622ff86148f4ed7ab4bacf456935a7aeb0f3a4297f4ae0de977c52b3

                                                                                                SHA512

                                                                                                1485c673a7e8d7fce421cbe04477861b3ca87242d57e5b15154cea5439799913252b1a232816a809f34eacc6b907df000ca4f5cb91d96e02fbeedd4986e6a794

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                                                Filesize

                                                                                                36KB

                                                                                                MD5

                                                                                                0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                SHA1

                                                                                                92495421ad887f27f53784c470884802797025ad

                                                                                                SHA256

                                                                                                0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                SHA512

                                                                                                61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133862226910439138.txt
                                                                                                Filesize

                                                                                                75KB

                                                                                                MD5

                                                                                                82c60c03ffa0990509f48f4e7162f20d

                                                                                                SHA1

                                                                                                392caf295c5d5042cabf013855dc5fe8fb1bcf25

                                                                                                SHA256

                                                                                                e7e9d0f2577ba685778a41a6567bc28ba7c0b507aeef617f2205d7f69bafd7cd

                                                                                                SHA512

                                                                                                9b90e10e48a2f394f68bf75aff1c62f01c0525732b44aecac0da40d3d4fb60ed0b8755a0777112cb2b70933422729ed38664a916265b5d7b8c6ef565c2fd5832

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\0WN231TW\microsoft.windows[1].xml
                                                                                                Filesize

                                                                                                97B

                                                                                                MD5

                                                                                                3a7215c95eb126cab605653174370dec

                                                                                                SHA1

                                                                                                4ebd7e1ae93476f249430c0a12bdb0fb81b719b3

                                                                                                SHA256

                                                                                                362c63e755685d67733588fb0063d0a220e984edeb6dd798e9f5feb0bf014509

                                                                                                SHA512

                                                                                                4c831a413c4e7ae2aa21b9d627f336a5d4b3db2dfe529f3590431d65f411809054a066325f59fb304a3fecd0662a5dd97600d473b2837a5838e82a7232020945

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_att5xqr5.a0y.ps1
                                                                                                Filesize

                                                                                                60B

                                                                                                MD5

                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                SHA1

                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                SHA256

                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                SHA512

                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                Download Submit

                                                                                              • memory/844-346-0x000001C698450000-0x000001C698550000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/844-363-0x000001C699570000-0x000001C699590000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/844-351-0x000001C6995B0000-0x000001C6995D0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/844-348-0x000001C698450000-0x000001C698550000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/844-375-0x000001C699980000-0x000001C6999A0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1016-29-0x0000000004F40000-0x0000000004F41000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/1124-1234-0x0000000004790000-0x0000000004791000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/1288-16-0x000001EAF38C0000-0x000001EAF38EA000-memory.dmp

                                                                                                Filesize

                                                                                                168KB

                                                                                                Download

                                                                                              • memory/1288-0-0x00007FFCD1AD3000-0x00007FFCD1AD5000-memory.dmp

                                                                                                Filesize

                                                                                                8KB

                                                                                                Download

                                                                                              • memory/1288-20-0x00007FFCD1AD0000-0x00007FFCD2591000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/1288-1-0x000001EAF3820000-0x000001EAF3842000-memory.dmp

                                                                                                Filesize

                                                                                                136KB

                                                                                                Download

                                                                                              • memory/1288-11-0x00007FFCD1AD0000-0x00007FFCD2591000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/1288-12-0x00007FFCD1AD0000-0x00007FFCD2591000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/1288-13-0x00007FFCD1AD0000-0x00007FFCD2591000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/1288-19-0x00007FFCD1AD0000-0x00007FFCD2591000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/1288-14-0x00007FFCD1AD0000-0x00007FFCD2591000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/1288-17-0x000001EAF38C0000-0x000001EAF38E4000-memory.dmp

                                                                                                Filesize

                                                                                                144KB

                                                                                                Download

                                                                                              • memory/1288-21-0x00007FFCD1AD0000-0x00007FFCD2591000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/1288-15-0x00007FFCD1AD0000-0x00007FFCD2591000-memory.dmp

                                                                                                Filesize

                                                                                                10.8MB

                                                                                                Download

                                                                                              • memory/1444-1124-0x00000221C19D0000-0x00000221C19F0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1444-1092-0x00000221C1600000-0x00000221C1620000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1444-1101-0x00000221C13C0000-0x00000221C13E0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1444-1088-0x00000219BF500000-0x00000219BF600000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/1444-1087-0x00000219BF500000-0x00000219BF600000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/1564-645-0x00000000042E0000-0x00000000042E1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/1644-1085-0x0000000004C10000-0x0000000004C11000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/1916-1237-0x0000023C6A200000-0x0000023C6A300000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/1916-1260-0x0000023C6B720000-0x0000023C6B740000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1916-1248-0x0000023C6B320000-0x0000023C6B340000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1916-1236-0x0000023C6A200000-0x0000023C6A300000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/1916-1241-0x0000023C6B360000-0x0000023C6B380000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1916-1238-0x0000023C6A200000-0x0000023C6A300000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/2188-344-0x0000000004470000-0x0000000004471000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/2280-836-0x00000226B5960000-0x00000226B5980000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2280-809-0x00000226B5550000-0x00000226B5570000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2280-804-0x00000226B5590000-0x00000226B55B0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2280-800-0x00000226B4440000-0x00000226B4540000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/2280-799-0x00000226B4440000-0x00000226B4540000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/2604-195-0x00000000045B0000-0x00000000045B1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/3076-497-0x0000000004900000-0x0000000004901000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/3832-797-0x0000000004DF0000-0x0000000004DF1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4020-1534-0x000001C664600000-0x000001C664700000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4020-1535-0x000001C664600000-0x000001C664700000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4116-196-0x000001FA47B00000-0x000001FA47C00000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4116-197-0x000001FA47B00000-0x000001FA47C00000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4116-215-0x0000020249C00000-0x0000020249C20000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4116-201-0x0000020249C40000-0x0000020249C60000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4116-233-0x000002024A000000-0x000002024A020000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4364-503-0x000001EB674E0000-0x000001EB67500000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4364-512-0x000001EB674A0000-0x000001EB674C0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4364-499-0x000001EB66600000-0x000001EB66700000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4364-498-0x000001EB66600000-0x000001EB66700000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4364-522-0x000001EB67AC0000-0x000001EB67AE0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4380-940-0x00000000045D0000-0x00000000045D1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4432-1386-0x0000000004CE0000-0x0000000004CE1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4672-675-0x0000021076620000-0x0000021076640000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4672-664-0x0000021076220000-0x0000021076240000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4672-653-0x0000021076260000-0x0000021076280000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4764-49-0x000001B423F20000-0x000001B423F40000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4764-31-0x000001B422F40000-0x000001B423040000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4764-36-0x000001B423F60000-0x000001B423F80000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4764-67-0x000001B424330000-0x000001B424350000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4764-32-0x000001B422F40000-0x000001B423040000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4764-1532-0x0000000004C60000-0x0000000004C61000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4824-1394-0x000001DAF4940000-0x000001DAF4960000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4824-1402-0x000001DAF4900000-0x000001DAF4920000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4824-1425-0x000001DAF4D10000-0x000001DAF4D30000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5024-947-0x000001C5D6C60000-0x000001C5D6C80000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5024-961-0x000001C5D6C20000-0x000001C5D6C40000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5024-973-0x000001C5D7020000-0x000001C5D7040000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download