Overview

overview

10

Static

static

1

Hesap Hare...25.exe

windows7-x64

8

Hesap Hare...25.exe

windows10-2004-x64

10

Synligeres.ps1

windows7-x64

3

Synligeres.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    61s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2025, 16:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Synligeres.ps1

  • Size

    50KB

  • MD5

    1b3d6301bfb47cc724b472b5d7c9f94f

  • SHA1

    2d6e1d5efe83eb495f7022ef1ecfc0726fc2406c

  • SHA256

    246696dc09994f4e4160a8ed84c0e4b22bdc6719653bf9928510f7577d9d60ab

  • SHA512

    ec48e3f164e4b49fd4234807773113285e009d1ae12317ae2899642c28f55cd0c0344d4d2de7eed490c81cabe4be292e594eef35801c2fe99bf1c15a160e48fe

  • SSDEEP

    1536:Q1zXl+xVD98H4h9GiTyzTKHX9EQcv/yHhKB0gLQ:Q1z1eSH09xTyzTbpST

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 13 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 26 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 25 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Synligeres.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2664
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4876
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1728
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4492
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2516
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3644
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of SendNotifyMessage
    PID:5332
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:468
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5320
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1372
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:312
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:184
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3416
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5464
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4244
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:1256
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2780
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1312
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2540
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3484
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2492
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4436
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4032
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4604
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4292
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1032
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1464
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:5896
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3252
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5724
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4640
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5664
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:6140
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3996
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4452
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4284
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5596
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2932
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5316
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:5480
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:4016
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:4236
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:4860
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:3720
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3048
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:2636
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4040
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:1964
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:5804
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:2504
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:3824
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:1408
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:5292
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:2148
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:5984
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:5480
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4296
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:5556
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4372
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2680
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:5216
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:448
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:2792
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:3080
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:5928
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:916
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:3764
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:1072
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:2284
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:5580
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:3408
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:820
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:5856
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:4228
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:5756
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:4536
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:3692
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:5072
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:2780
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3120
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3776
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:4880
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:5136
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:1284
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:1760
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:1884
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:2644

                                                                                                  Network

                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                  Replay Monitor

                                                                                                  Loading Replay Monitor...

                                                                                                  Downloads

                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                    Filesize

                                                                                                    471B

                                                                                                    MD5

                                                                                                    0bbedbe65d529a83d458d6526145e2ad

                                                                                                    SHA1

                                                                                                    0ef91b572d5bdd216b667213ce0972ab5dab8482

                                                                                                    SHA256

                                                                                                    7094a02b13391f14c2b731b35593e765eb217a80c77786932bf71a312447bbee

                                                                                                    SHA512

                                                                                                    d5b1ba49dd8be5cf575f92bb218e487ff00055eb52ed38b5f3539c3e0033a0f93813e7b2598b181ae05363d4ef5d996860f3136a8ac60482159f74cb81efef17

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                    Filesize

                                                                                                    412B

                                                                                                    MD5

                                                                                                    61fb04d237e2a06d6a4a2a1b05222190

                                                                                                    SHA1

                                                                                                    10b05acdb873c1ab82407be70a489e18397a905c

                                                                                                    SHA256

                                                                                                    c8189864bf292d9fa6b4da1005a1018801349d3e9346d3e33b3d2a4b7315f033

                                                                                                    SHA512

                                                                                                    890a182462252d521ad43a04f70389ec2c90c7da6bd49d4ac82c26af5ecc4e5dd3dc26836817c03af6d18354899176ccf72c976f04c1bd0a87d6f60d5deeb834

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    c691bfbe9c2d2112567d647b7b1b86f0

                                                                                                    SHA1

                                                                                                    3feaf044143ac6c6ec9521511eb219ec0254f643

                                                                                                    SHA256

                                                                                                    47e46799dbbd3a90f4373f293deb58e75e10d1818276b7872d170b3a4acd210a

                                                                                                    SHA512

                                                                                                    754365b15bd50dcae3e90086e24fcd509ba0346f4f676fc453ea08c3b72721c416cf5bb8c59c0bcc385c69eb430021699aadafbc017f9f10a6a28288c5dc4de9

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}
                                                                                                    Filesize

                                                                                                    36KB

                                                                                                    MD5

                                                                                                    8aaad0f4eb7d3c65f81c6e6b496ba889

                                                                                                    SHA1

                                                                                                    231237a501b9433c292991e4ec200b25c1589050

                                                                                                    SHA256

                                                                                                    813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

                                                                                                    SHA512

                                                                                                    1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe
                                                                                                    Filesize

                                                                                                    36KB

                                                                                                    MD5

                                                                                                    406347732c383e23c3b1af590a47bccd

                                                                                                    SHA1

                                                                                                    fae764f62a396f2503dd81eefd3c7f06a5fb8e5f

                                                                                                    SHA256

                                                                                                    e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e

                                                                                                    SHA512

                                                                                                    18905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133873946818910418.txt
                                                                                                    Filesize

                                                                                                    87KB

                                                                                                    MD5

                                                                                                    f4764b99175cbcaa67d7289ab54188cd

                                                                                                    SHA1

                                                                                                    d939f0a975be8a7025e39cd6a4566c7a996f7278

                                                                                                    SHA256

                                                                                                    d364440cbf534959574c011a4d682d8b2f26fac00813ff25d18dec25e31ba546

                                                                                                    SHA512

                                                                                                    55f223beeb75a8c07c7f80ce4a64a83ff5bb9e388fde04ec5904ed2d68f049d57d4c50e51d9df7b533ab7b3cbcdebaf6288506b9225f442a321bbdf782460556

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7V6S7ER6\microsoft.windows[1].xml
                                                                                                    Filesize

                                                                                                    97B

                                                                                                    MD5

                                                                                                    3017c444c236a0b05070a1385b10a037

                                                                                                    SHA1

                                                                                                    e376bdabddfa35b094c43984687727eecd043e91

                                                                                                    SHA256

                                                                                                    8ea65bec3ccb80b560df67e1ed3b240060b4d1a4f67596003d816456fa8ceff9

                                                                                                    SHA512

                                                                                                    0d7c7eff12ca945cb14ff8516371807bb0b9d8eb33d26011dd1359c371681aed920652fdd0cf105e164bdf3989763a6ba9cb7f451f769c0d3a6374e2a7d20870

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bb1kisbl.ted.ps1
                                                                                                    Filesize

                                                                                                    60B

                                                                                                    MD5

                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                    SHA1

                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                    SHA256

                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                    SHA512

                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                    Download Submit

                                                                                                  • memory/184-379-0x000001CF9C5F0000-0x000001CF9C610000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/184-344-0x000001CF9B100000-0x000001CF9B200000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/184-343-0x000001CF9B100000-0x000001CF9B200000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/184-348-0x000001CF9C220000-0x000001CF9C240000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/184-342-0x000001CF9B100000-0x000001CF9B200000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/184-359-0x000001CF9BFE0000-0x000001CF9C000000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/1256-643-0x0000000004A40000-0x0000000004A41000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    Download

                                                                                                  • memory/1312-661-0x0000017D65520000-0x0000017D65540000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/1312-647-0x0000017D64400000-0x0000017D64500000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/1312-645-0x0000017D64400000-0x0000017D64500000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/1312-646-0x0000017D64400000-0x0000017D64500000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/1312-650-0x0000017D65560000-0x0000017D65580000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/1312-673-0x0000017D65930000-0x0000017D65950000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/1372-340-0x0000000002300000-0x0000000002301000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    Download

                                                                                                  • memory/1464-1116-0x000002B765850000-0x000002B765870000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/1464-1101-0x000002B765440000-0x000002B765460000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/1464-1085-0x000002B764320000-0x000002B764420000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/1464-1089-0x000002B765480000-0x000002B7654A0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/1464-1086-0x000002B764320000-0x000002B764420000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/2492-824-0x0000018AEAD80000-0x0000018AEADA0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/2492-794-0x0000018AE9850000-0x0000018AE9950000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/2492-793-0x0000018AE9850000-0x0000018AE9950000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/2492-798-0x0000018AEA9B0000-0x0000018AEA9D0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/2492-812-0x0000018AEA970000-0x0000018AEA990000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/2540-791-0x0000000004650000-0x0000000004651000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    Download

                                                                                                  • memory/2664-16-0x0000018C7E6B0000-0x0000018C7E6DA000-memory.dmp

                                                                                                    Filesize

                                                                                                    168KB

                                                                                                    Download

                                                                                                  • memory/2664-12-0x00007FFE37270000-0x00007FFE37D31000-memory.dmp

                                                                                                    Filesize

                                                                                                    10.8MB

                                                                                                    Download

                                                                                                  • memory/2664-11-0x00007FFE37270000-0x00007FFE37D31000-memory.dmp

                                                                                                    Filesize

                                                                                                    10.8MB

                                                                                                    Download

                                                                                                  • memory/2664-13-0x00007FFE37270000-0x00007FFE37D31000-memory.dmp

                                                                                                    Filesize

                                                                                                    10.8MB

                                                                                                    Download

                                                                                                  • memory/2664-14-0x00007FFE37270000-0x00007FFE37D31000-memory.dmp

                                                                                                    Filesize

                                                                                                    10.8MB

                                                                                                    Download

                                                                                                  • memory/2664-15-0x00007FFE37270000-0x00007FFE37D31000-memory.dmp

                                                                                                    Filesize

                                                                                                    10.8MB

                                                                                                    Download

                                                                                                  • memory/2664-17-0x0000018C7E6B0000-0x0000018C7E6D4000-memory.dmp

                                                                                                    Filesize

                                                                                                    144KB

                                                                                                    Download

                                                                                                  • memory/2664-1-0x0000018C7E680000-0x0000018C7E6A2000-memory.dmp

                                                                                                    Filesize

                                                                                                    136KB

                                                                                                    Download

                                                                                                  • memory/2664-0-0x00007FFE37273000-0x00007FFE37275000-memory.dmp

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                    Download

                                                                                                  • memory/2664-20-0x00007FFE37270000-0x00007FFE37D31000-memory.dmp

                                                                                                    Filesize

                                                                                                    10.8MB

                                                                                                    Download

                                                                                                  • memory/2664-21-0x00007FFE37270000-0x00007FFE37D31000-memory.dmp

                                                                                                    Filesize

                                                                                                    10.8MB

                                                                                                    Download

                                                                                                  • memory/2664-19-0x00007FFE37270000-0x00007FFE37D31000-memory.dmp

                                                                                                    Filesize

                                                                                                    10.8MB

                                                                                                    Download

                                                                                                  • memory/3416-492-0x0000000004A80000-0x0000000004A81000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    Download

                                                                                                  • memory/3644-67-0x000001C1A63D0000-0x000001C1A63F0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/3644-59-0x000001C1A5FC0000-0x000001C1A5FE0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/3644-36-0x000001C1A6000000-0x000001C1A6020000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/3996-1528-0x0000000004640000-0x0000000004641000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    Download

                                                                                                  • memory/4244-508-0x0000026E42400000-0x0000026E42420000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/4244-521-0x0000026E42810000-0x0000026E42830000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/4244-499-0x0000026E42440000-0x0000026E42460000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/4244-496-0x0000026E41300000-0x0000026E41400000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/4284-1529-0x000001DBB6600000-0x000001DBB6700000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/4292-1082-0x0000000004B70000-0x0000000004B71000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    Download

                                                                                                  • memory/4436-941-0x0000000004290000-0x0000000004291000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    Download

                                                                                                  • memory/4492-30-0x00000000040B0000-0x00000000040B1000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    Download

                                                                                                  • memory/4604-947-0x000001799D560000-0x000001799D580000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/4604-942-0x000001799C400000-0x000001799C500000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/4604-944-0x000001799C400000-0x000001799C500000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/4604-957-0x000001799D520000-0x000001799D540000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/4604-943-0x000001799C400000-0x000001799C500000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/4604-979-0x000001799D930000-0x000001799D950000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/4640-1382-0x0000000004880000-0x0000000004881000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    Download

                                                                                                  • memory/5320-221-0x00000226DE850000-0x00000226DE870000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/5320-209-0x00000226DE440000-0x00000226DE460000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/5320-195-0x00000226DD320000-0x00000226DD420000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/5320-193-0x00000226DD320000-0x00000226DD420000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/5320-194-0x00000226DD320000-0x00000226DD420000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/5320-198-0x00000226DE480000-0x00000226DE4A0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/5332-191-0x0000000004D40000-0x0000000004D41000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    Download

                                                                                                  • memory/5724-1242-0x000001C745A90000-0x000001C745AB0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/5724-1253-0x000001C745A50000-0x000001C745A70000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/5724-1264-0x000001C745E60000-0x000001C745E80000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/5724-1238-0x000001C744940000-0x000001C744A40000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/5896-1234-0x0000000004E10000-0x0000000004E11000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    Download

                                                                                                  • memory/6140-1386-0x000001D1F6500000-0x000001D1F6600000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download

                                                                                                  • memory/6140-1410-0x000001D1F7A10000-0x000001D1F7A30000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/6140-1389-0x000001D1F7640000-0x000001D1F7660000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/6140-1398-0x000001D1F7600000-0x000001D1F7620000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                    Download

                                                                                                  • memory/6140-1384-0x000001D1F6500000-0x000001D1F6600000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                    Download