Overview

overview

10

Static

static

1

Pedido de ...25.exe

windows7-x64

4

Pedido de ...25.exe

windows10-2004-x64

10

Kommunalfo...ns.ps1

windows7-x64

3

Kommunalfo...ns.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    54s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2025, 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Kommunalforvaltningens.ps1

  • Size

    52KB

  • MD5

    9b2206fe5822117ac8ae5e247b2479a0

  • SHA1

    d7ac05c9c67273fa850aed88f51380a18f0afd80

  • SHA256

    d035bd260c15a3cb57004a2bdcce676dbcf099b9b71fc03bc85db054b1ecedae

  • SHA512

    01ab18106ee90161334849a2ba5fb1a9473c6c20246258135c31dcb57ee2b12c53c3f47f2ff47f6da0e15af7f8aa4b66b9fd2aacc0d021e9d9f6c32ae4959326

  • SSDEEP

    1536:KYe75qoyj7KJ9i0AAMx8fuugvDBFf6lwBhkVQuQ6qUFro:KYkqoO71JaoIWkvvqN

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 11 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Kommunalforvaltningens.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5408
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1380
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:856
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1120
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3208
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2124
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1748
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5260
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3856
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1532
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1572
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5704
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4836
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:416
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1984
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1220
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1212
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4876
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4532
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4808
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2780
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4036
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5188
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5424
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:6020
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4264
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5312
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5768
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2000
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2436
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:1036
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:728
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4916
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4400
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:3080
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:1148
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:5876
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:1328
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4904
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:3680
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3756
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3632
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:5020
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:2952
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:1408
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:1272
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3692
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1756
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:3552
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4120
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:1548
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4952
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4172
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:4156
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:5296
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:5504
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:4704
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:5620
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:2616
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:4404
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:5844
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:5260
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:1120
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4748
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:2796
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:5676
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:2296
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:4736
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:1428
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:452
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3484
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:4816
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:3468
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:4664
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:4068
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:4548
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:3472
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:536
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:2968
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:716
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:2124
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:1500
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:5420
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:1548
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:456
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:704
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:3256

                                                                                                                  Network

                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                  Replay Monitor

                                                                                                                  Loading Replay Monitor...

                                                                                                                  Downloads

                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                    Filesize

                                                                                                                    471B

                                                                                                                    MD5

                                                                                                                    0bbedbe65d529a83d458d6526145e2ad

                                                                                                                    SHA1

                                                                                                                    0ef91b572d5bdd216b667213ce0972ab5dab8482

                                                                                                                    SHA256

                                                                                                                    7094a02b13391f14c2b731b35593e765eb217a80c77786932bf71a312447bbee

                                                                                                                    SHA512

                                                                                                                    d5b1ba49dd8be5cf575f92bb218e487ff00055eb52ed38b5f3539c3e0033a0f93813e7b2598b181ae05363d4ef5d996860f3136a8ac60482159f74cb81efef17

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                    Filesize

                                                                                                                    412B

                                                                                                                    MD5

                                                                                                                    dbf26e4a4178259481bec8dd22b08b24

                                                                                                                    SHA1

                                                                                                                    d051137b9df21915ac9821fb40732ebe336b4eb2

                                                                                                                    SHA256

                                                                                                                    e1417c855f695fcf75283604d9664f95ee124b4b4d6fa7c33247444c48788db3

                                                                                                                    SHA512

                                                                                                                    848ec5ab7543a6fc8834d24cbe79dde97653843a1a71cf4baffb1d775c7e057d5eb197e018457a7dc8bafe19e11bde8d55460015123de071646e368f563d2236

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                    Filesize

                                                                                                                    2KB

                                                                                                                    MD5

                                                                                                                    b384cb13d00fce43432b274623c281c6

                                                                                                                    SHA1

                                                                                                                    b5bd275ca5cce373e46883e49dd5efb050448f15

                                                                                                                    SHA256

                                                                                                                    388aa43c88aaba0b8fe50ab4d863b9cf46b7abfd6d6ba444d7ab150191bf4212

                                                                                                                    SHA512

                                                                                                                    16c21d64e39009c096bd89498083802e24b84d0f017e839ee007766bb7c841456f8ac58cc7c3187ba47090470992d023101e2d17cd42e659c85a07b11789ff96

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                                                                    Filesize

                                                                                                                    36KB

                                                                                                                    MD5

                                                                                                                    0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                    SHA1

                                                                                                                    92495421ad887f27f53784c470884802797025ad

                                                                                                                    SHA256

                                                                                                                    0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                    SHA512

                                                                                                                    61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe
                                                                                                                    Filesize

                                                                                                                    36KB

                                                                                                                    MD5

                                                                                                                    406347732c383e23c3b1af590a47bccd

                                                                                                                    SHA1

                                                                                                                    fae764f62a396f2503dd81eefd3c7f06a5fb8e5f

                                                                                                                    SHA256

                                                                                                                    e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e

                                                                                                                    SHA512

                                                                                                                    18905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133873914460052343.txt
                                                                                                                    Filesize

                                                                                                                    87KB

                                                                                                                    MD5

                                                                                                                    8705941ec9b470e8fab79dd6a2568c43

                                                                                                                    SHA1

                                                                                                                    ac3da5a34b748aafd2abcb35e3aa469eeee437f9

                                                                                                                    SHA256

                                                                                                                    bf990e8d6724fa25112ca29a0dbd411455c117f9565556e83a73fb057a5ef5ff

                                                                                                                    SHA512

                                                                                                                    5275d05a85dd7c73c576f57e19dfa026126cba05dd9c9b3e067b4dbd48d4db9015c5b95f7c2ecef21cad32d555776e01528a924f12a2b101ad196e28e90fd18c

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\TRZE6I7N\microsoft.windows[1].xml
                                                                                                                    Filesize

                                                                                                                    97B

                                                                                                                    MD5

                                                                                                                    5f20566632409cf5766e4a9bc1ddc989

                                                                                                                    SHA1

                                                                                                                    39d40c974e76857957ef966ba650519b0a5b2d6c

                                                                                                                    SHA256

                                                                                                                    acc2ad05e0e666a4f809dabe7e8124e825c5ae8dc41195cc05b1dd2c5442e7d0

                                                                                                                    SHA512

                                                                                                                    11ac109902f8aa21ec877ad44d6982a004dcfa46198a7650bdc40ab0713ab546144234a67edf4bff45e1021c634aaf2fd73ef347c2dece2ce2db587e167d23a2

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2zsjcw31.vas.ps1
                                                                                                                    Filesize

                                                                                                                    60B

                                                                                                                    MD5

                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                    SHA1

                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                    SHA256

                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                    SHA512

                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                    Download Submit

                                                                                                                  • memory/1036-1362-0x0000000004D80000-0x0000000004D81000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1120-29-0x00000000032F0000-0x00000000032F1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1220-635-0x0000000004010000-0x0000000004011000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1532-342-0x0000000003060000-0x0000000003061000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1748-192-0x0000000004010000-0x0000000004011000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1984-485-0x000002022A000000-0x000002022A100000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/1984-490-0x000002022AF20000-0x000002022AF40000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1984-516-0x000002022B500000-0x000002022B520000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/1984-505-0x000002022AEE0000-0x000002022AF00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2124-60-0x000001EC05D00000-0x000001EC05D20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2124-30-0x000001EC04810000-0x000001EC04910000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2124-47-0x000001EC05900000-0x000001EC05920000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2124-31-0x000001EC04810000-0x000001EC04910000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2124-35-0x000001EC05940000-0x000001EC05960000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2436-1214-0x0000026CA0540000-0x0000026CA0640000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2436-1217-0x0000026CA14A0000-0x0000026CA14C0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2436-1212-0x0000026CA0540000-0x0000026CA0640000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2436-1241-0x0000026CA1A80000-0x0000026CA1AA0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2436-1230-0x0000026CA1460000-0x0000026CA1480000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2780-798-0x0000018D73FD0000-0x0000018D73FF0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2780-787-0x0000018D73200000-0x0000018D73300000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2780-791-0x0000018D74320000-0x0000018D74340000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/2780-786-0x0000018D73200000-0x0000018D73300000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/2780-812-0x0000018D746E0000-0x0000018D74700000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3856-218-0x000001B5B6A30000-0x000001B5B6A50000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3856-199-0x000001B5B6660000-0x000001B5B6680000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/3856-195-0x000001B5B5500000-0x000001B5B5600000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3856-194-0x000001B5B5500000-0x000001B5B5600000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/3856-207-0x000001B5B6620000-0x000001B5B6640000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4036-922-0x00000000043D0000-0x00000000043D1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4532-784-0x00000000040C0000-0x00000000040C1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4836-483-0x00000000046F0000-0x00000000046F1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4876-667-0x000001FE0E690000-0x000001FE0E6B0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4876-637-0x000001FE0D770000-0x000001FE0D870000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/4876-638-0x000001FE0D770000-0x000001FE0D870000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/4876-642-0x000001FE0E6D0000-0x000001FE0E6F0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/4876-674-0x000001FE0ECA0000-0x000001FE0ECC0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/5312-1075-0x0000022DF1D00000-0x0000022DF1E00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/5312-1088-0x0000022DF2E00000-0x0000022DF2E20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/5312-1074-0x0000022DF1D00000-0x0000022DF1E00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/5312-1073-0x0000022DF1D00000-0x0000022DF1E00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/5312-1110-0x0000022DF3210000-0x0000022DF3230000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/5312-1078-0x0000022DF2E40000-0x0000022DF2E60000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/5408-18-0x00007FFCA2530000-0x00007FFCA2FF1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/5408-11-0x00007FFCA2530000-0x00007FFCA2FF1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/5408-13-0x00007FFCA2530000-0x00007FFCA2FF1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/5408-12-0x00007FFCA2530000-0x00007FFCA2FF1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/5408-20-0x00007FFCA2530000-0x00007FFCA2FF1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/5408-19-0x00007FFCA2530000-0x00007FFCA2FF1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/5408-7-0x00000212A7C70000-0x00000212A7C92000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    136KB

                                                                                                                    Download

                                                                                                                  • memory/5408-16-0x00000212C0620000-0x00000212C0644000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    144KB

                                                                                                                    Download

                                                                                                                  • memory/5408-15-0x00000212C0620000-0x00000212C064A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    168KB

                                                                                                                    Download

                                                                                                                  • memory/5408-0-0x00007FFCA2533000-0x00007FFCA2535000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    8KB

                                                                                                                    Download

                                                                                                                  • memory/5408-14-0x00007FFCA2530000-0x00007FFCA2FF1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                    Download

                                                                                                                  • memory/5424-925-0x0000021869E00000-0x0000021869F00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/5424-929-0x000002186AF40000-0x000002186AF60000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/5424-961-0x000002186B300000-0x000002186B320000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/5424-937-0x000002186AF00000-0x000002186AF20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/5424-924-0x0000021869E00000-0x0000021869F00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/5704-344-0x0000029184500000-0x0000029184600000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/5704-349-0x00000291852D0000-0x00000291852F0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/5704-345-0x0000029184500000-0x0000029184600000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                    Download

                                                                                                                  • memory/5704-369-0x00000291858A0000-0x00000291858C0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/5704-357-0x0000029185290000-0x00000291852B0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/5768-1211-0x0000000004450000-0x0000000004451000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/6020-1071-0x0000000004580000-0x0000000004581000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download