Overview

overview

10

Static

static

3

ZAMOWIEN.EXE.exe

windows7-x64

8

ZAMOWIEN.EXE.exe

windows10-2004-x64

10

Stenklver219.ps1

windows7-x64

3

Stenklver219.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-10-2024 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stenklver219.ps1

  • Size

    52KB

  • MD5

    78082e39dd451e1d5043bcd0d5a72b8e

  • SHA1

    ae870a41f8b0585cacd05d5c6651e83460092325

  • SHA256

    2f554bddfe10ada0fc5106bced02c8fc45e910848688146287d3423ef094a58f

  • SHA512

    8780e10971c1179d341e7f4bfd0089e9586cb05048a75196fbf1a09ec8f48f80ecce8e10b5e5546b311e48bf0c2b2a9e9c481050bfae184f8dfbd7eb5ee984e8

  • SSDEEP

    1536:D+e7Lz+gJMhdGvU91sV6KlRDGzjWqK3f61:SECx+y1swKlcWqAfw

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Stenklver219.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3988
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4120
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4620
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4672
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1576
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4648
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1080
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3268
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4276
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:808
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5048
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3584
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3320
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2444
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2576
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3984
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4216
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4212
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4612
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2012
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2044
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1112
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3172
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1080
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:3780
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:3076
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:368
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:3844
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:2024
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:3160
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:3024
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:2536
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:3016
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:2144
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:1904
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:1580
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:3948
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:5056
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:1380
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:2196
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:1636
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:3976
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:3076
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:1552
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:1700
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:1968
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:3300
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:5016
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:4248
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:4308
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4956
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:4892
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:2864
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:3996
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:2044
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:4356
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:2628
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:3016
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:4232
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:3804
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:4844
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:4600
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:952
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:1440
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:2536
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:3976
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:3788
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:2232
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:1952
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:3732
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:520
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:3460
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:3156
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:2020
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:4056
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:4184
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:2040
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:4720
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:900
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:1160
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:4444
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:4268
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                      1⤵
                                                                                                                        PID:3712
                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                        explorer.exe
                                                                                                                        1⤵
                                                                                                                          PID:400
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                          1⤵
                                                                                                                            PID:2912
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                            1⤵
                                                                                                                              PID:4568
                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                              explorer.exe
                                                                                                                              1⤵
                                                                                                                                PID:772
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                1⤵
                                                                                                                                  PID:472
                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                  1⤵
                                                                                                                                    PID:1452

                                                                                                                                  Network

                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                  Replay Monitor

                                                                                                                                  Loading Replay Monitor...

                                                                                                                                  Downloads

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    a618493197cc52edc1c08d6c9e1824e0

                                                                                                                                    SHA1

                                                                                                                                    e51d50561441815c616e50ee6911f510d3f88cd1

                                                                                                                                    SHA256

                                                                                                                                    35b608c234c9b7b13aec1c5384c6323373eb19eee3f8b3252e2c041e16826563

                                                                                                                                    SHA512

                                                                                                                                    87911a27196bb7b2c30620be4630c6a8f07de6153b4f0384eb763718d4cdb6f386ae82d44d147491b4f7a130de19cdecc6e9df7f0e82fcb343df4d3c5f1ab417

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133728516938843997.txt
                                                                                                                                    Filesize

                                                                                                                                    75KB

                                                                                                                                    MD5

                                                                                                                                    365f545712de2d39de46479997c0934e

                                                                                                                                    SHA1

                                                                                                                                    f5b80930d3fd23a22d396c37edf1fc4788d3224b

                                                                                                                                    SHA256

                                                                                                                                    0e42a8646a54fa06f027a2f0d147e654d8e6d06d0ab6ece4902ed40f64a6929f

                                                                                                                                    SHA512

                                                                                                                                    6b2f3ee9133864513e2a1df1b5c46c39dd48140c1a0b4d129b4c7e08e3e1b320787c1e64536201b7ad066dab3720a7b4c36fdfd728602cf90bc1fea7978ec72d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YOZOSN6K\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    e6ba99d8293b4c7951bad0a2c6761b8e

                                                                                                                                    SHA1

                                                                                                                                    87aaf2d975cdef4db219e4f9f2b1469dd05a6b0b

                                                                                                                                    SHA256

                                                                                                                                    773b2b8b752a5bfd3d93b7475dbb7f659bad014ffd06292ee0450c216892ac29

                                                                                                                                    SHA512

                                                                                                                                    e6861e87688861f4c43d80f9e98996fc476a11d4e147eb3c55f66d6f1abc065690e2662dd34dca32c0284b64056b95142d932697aa1fa6d6b755ef0f57031ee0

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0cdguf1a.x15.ps1
                                                                                                                                    Filesize

                                                                                                                                    60B

                                                                                                                                    MD5

                                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                    SHA1

                                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                    SHA256

                                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                    SHA512

                                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                    Download Submit

                                                                                                                                  • memory/368-1056-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/808-315-0x0000000004D70000-0x0000000004D71000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-904-0x0000024060760000-0x0000024060860000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-172-0x0000000004C00000-0x0000000004C01000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-905-0x0000024060760000-0x0000024060860000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-909-0x00000240616C0000-0x00000240616E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-931-0x0000024061CA0000-0x0000024061CC0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-918-0x0000024061680000-0x00000240616A0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1112-902-0x0000000004E40000-0x0000000004E41000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/2024-1058-0x00000166B8940000-0x00000166B8A40000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2024-1057-0x00000166B8940000-0x00000166B8A40000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2024-1071-0x00000166B9850000-0x00000166B9870000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2024-1062-0x00000166B9890000-0x00000166B98B0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2024-1094-0x00000166B9E60000-0x00000166B9E80000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2044-773-0x0000027E65FB0000-0x0000027E65FD0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2044-756-0x0000027E64F00000-0x0000027E65000000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2044-784-0x0000027E665C0000-0x0000027E665E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2044-757-0x0000027E64F00000-0x0000027E65000000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2044-761-0x0000027E66200000-0x0000027E66220000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2536-1207-0x0000020E2E600000-0x0000020E2E700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2536-1211-0x0000020E2F4E0000-0x0000020E2F500000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2536-1206-0x0000020E2E600000-0x0000020E2E700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2536-1243-0x0000020E2FAC0000-0x0000020E2FAE0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2536-1223-0x0000020E2F4A0000-0x0000020E2F4C0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2576-493-0x0000016A184C0000-0x0000016A184E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2576-467-0x0000016A17CE0000-0x0000016A17D00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2576-479-0x0000016A17CA0000-0x0000016A17CC0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2576-462-0x0000016A17000000-0x0000016A17100000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3016-1342-0x00000000043E0000-0x00000000043E1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3160-1204-0x00000000042F0000-0x00000000042F1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3320-460-0x0000000003F60000-0x0000000003F61000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3584-322-0x0000026A85100000-0x0000026A85120000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3584-334-0x0000026A84DB0000-0x0000026A84DD0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3584-318-0x0000026A84300000-0x0000026A84400000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3584-345-0x0000026A856C0000-0x0000026A856E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3984-606-0x0000000004C50000-0x0000000004C51000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-11-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-13-0x0000021BF1BB0000-0x0000021BF1BDA000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    168KB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-14-0x0000021BF1BB0000-0x0000021BF1BD4000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    144KB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-12-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-20-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-1-0x0000021BF16B0000-0x0000021BF16D2000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-0-0x00007FFB99D13000-0x00007FFB99D15000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-15-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-17-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-18-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-19-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-609-0x000002C1D4F00000-0x000002C1D5000000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-645-0x000002C1D6410000-0x000002C1D6430000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-610-0x000002C1D4F00000-0x000002C1D5000000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-613-0x000002C1D6040000-0x000002C1D6060000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-608-0x000002C1D4F00000-0x000002C1D5000000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-626-0x000002C1D6000000-0x000002C1D6020000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4276-173-0x000001CD3D100000-0x000001CD3D200000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4276-178-0x000001CD3E260000-0x000001CD3E280000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4276-196-0x000001CD3E630000-0x000001CD3E650000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4276-186-0x000001CD3E220000-0x000001CD3E240000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4612-754-0x00000000042E0000-0x00000000042E1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-26-0x0000020B3C400000-0x0000020B3C500000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-40-0x0000020B3D2A0000-0x0000020B3D2C0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-52-0x0000020B3D8C0000-0x0000020B3D8E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-30-0x0000020B3D2E0000-0x0000020B3D300000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4672-24-0x0000000004840000-0x0000000004841000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download