Overview

overview

10

Static

static

1

dab79a6a11...fb.exe

windows7-x64

3

dab79a6a11...fb.exe

windows10-2004-x64

10

Respektlsestes.ps1

windows7-x64

3

Respektlsestes.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    27s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250211-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/02/2025, 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Respektlsestes.ps1

  • Size

    51KB

  • MD5

    f177e247c8beadd6e0762493d8e9fe79

  • SHA1

    008d26170d63c58d17695dfa8196e4ce8feb920a

  • SHA256

    825dc4cae1f45f17dc54bd1ec82d890b8266691b5fad32e7882fc8dc6bc2c71b

  • SHA512

    fa9a9a02bcb1d2725b228aea9a8141536578b9cf023b81c2df9a58e1e046f83314f85bb74dca5bd9c0a6ac6cbaad5d74269ae5efa2b15925609fe51308b81884

  • SSDEEP

    1536:3SUTaGUqdmQ8RJETuiBhBzcS6amUmRHYi:iUDQR0bBhCCSH7

Score
8/10
discoveryexecutionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 5 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file 1 IoCs
  • Enumerates connected drives 3 TTPs 10 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Respektlsestes.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2540
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzJDNTNCQjktNjE1Qy00RjMyLTk4OTctRjgwOENGNEJDRkM2fSIgdXNlcmlkPSJ7RUU1NzcyNkQtQzVGMy00NTVGLUJDNUUtODk2RDkyMzA0NEM2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MTUwMUFDODEtOEZGMy00NUEyLTlCQzAtNjIyREZEQzhFMUVGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMyMzYiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDI1MTE0ODAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTA0NTYxNzg2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:3320
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3300
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1944
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4216
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4032
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2796
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3796
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4496
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1956
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:772
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4556
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:4512
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:2324
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4880
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:404
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4064
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4184
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:4300
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4116
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:1580
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:1424
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4064
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:4976
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3228
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:5016
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4172
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2708
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3096
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:4740
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4220
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4480
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:2416
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4196
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:2488
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:2040
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:4380
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:2948
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4372
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:3744
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:2748
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:808
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:1476
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:3172
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:3936
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:4852
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:4396
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:832
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:2340
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:1724
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:3632
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4492
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3740
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3880
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:4340
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:1924
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:3228
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:1240
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:3956
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:4016
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:512
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:3836
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:2928
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:1080
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:4236
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:4156
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:1680
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:5008
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:3828
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:3232
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:4740
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:4412
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:2600
                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                            explorer.exe
                                                                                                                            1⤵
                                                                                                                              PID:1472
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                              1⤵
                                                                                                                                PID:2144
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                1⤵
                                                                                                                                  PID:3760
                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                  explorer.exe
                                                                                                                                  1⤵
                                                                                                                                    PID:4068
                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                    1⤵
                                                                                                                                      PID:1844
                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                      1⤵
                                                                                                                                        PID:4368

                                                                                                                                      Network

                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                      Replay Monitor

                                                                                                                                      Loading Replay Monitor...

                                                                                                                                      Downloads

                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        d0a463b3014b6ed62fa5ae32f0074010

                                                                                                                                        SHA1

                                                                                                                                        02a0fb51ff0123ce58d97c9de8096345c4b466e5

                                                                                                                                        SHA256

                                                                                                                                        c03a1bd2a827f556b73afd6e39787cdd37376d63a844ae2168caa2da72da7b4e

                                                                                                                                        SHA512

                                                                                                                                        6c5f75f8eee1d73f0d4e57e160cbe198ea7bccdbdd807fba074b5be32a0639701a4cde883cc32463599b484d65e256c14857b58fa679d2740e2dceb1a7801c50

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133842398346144854.txt
                                                                                                                                        Filesize

                                                                                                                                        75KB

                                                                                                                                        MD5

                                                                                                                                        094bf176a1688e3a2b6c231f343971d5

                                                                                                                                        SHA1

                                                                                                                                        f34f8f952eb2384dd0f483d24917975e817326a3

                                                                                                                                        SHA256

                                                                                                                                        26604fdad9f03d073bb5a03764a79f045e9a5d369376a86f82b2e8baa35f9520

                                                                                                                                        SHA512

                                                                                                                                        dc85d85234dda85561d46a77fbf0fd197568fc37c3b491952cb855d2ebc1c7a3912f8bc46b0db6b122b21788271656d83c2d83bc887424f6ba77586b78548b75

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\KTKQGAMA\microsoft.windows[1].xml
                                                                                                                                        Filesize

                                                                                                                                        96B

                                                                                                                                        MD5

                                                                                                                                        cdd17d555f9c1eadfd672360aa2c0e4f

                                                                                                                                        SHA1

                                                                                                                                        3b4a2f135ad7558b42d6b45b01f434f30f93e184

                                                                                                                                        SHA256

                                                                                                                                        f907be0dcfbdfb5866b9988b8aa8ced21d1671ba6774b352ae563ec26ec7d028

                                                                                                                                        SHA512

                                                                                                                                        a6d9e149358a730120b402a0b6cfec1f0883c9d37a4e1503e515a2dc37bbb2ce5edea74671e675afd2435307e3f82056bd748b7bc8efefd5a07f35927ab28b38

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z0s5ehsl.hzy.ps1
                                                                                                                                        Filesize

                                                                                                                                        60B

                                                                                                                                        MD5

                                                                                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                        SHA1

                                                                                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                        SHA256

                                                                                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                        SHA512

                                                                                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                        Download Submit

                                                                                                                                      • memory/404-435-0x0000000004B10000-0x0000000004B11000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/1424-718-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/1580-583-0x00000244852D0000-0x00000244852F0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1580-610-0x00000244858A0000-0x00000244858C0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1580-593-0x0000024485290000-0x00000244852B0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1580-578-0x0000024484500000-0x0000024484600000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/1956-213-0x0000012A98060000-0x0000012A98080000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1956-183-0x0000012A97C50000-0x0000012A97C70000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1956-181-0x0000012A97C90000-0x0000012A97CB0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1956-176-0x0000012A96B40000-0x0000012A96C40000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/1956-177-0x0000012A96B40000-0x0000012A96C40000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/2040-1290-0x0000000004310000-0x0000000004311000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/2416-1164-0x000001E87B960000-0x000001E87B980000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2416-1149-0x000001E87A640000-0x000001E87A740000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/2416-1186-0x000001E87BD70000-0x000001E87BD90000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2416-1154-0x000001E87B9A0000-0x000001E87B9C0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-16-0x00000245736A0000-0x00000245736CA000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        168KB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-21-0x00007FFACD1B0000-0x00007FFACDC71000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        10.8MB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-20-0x00007FFACD1B0000-0x00007FFACDC71000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        10.8MB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-19-0x00007FFACD1B0000-0x00007FFACDC71000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        10.8MB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-17-0x00000245736A0000-0x00000245736C4000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        144KB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-0-0x00007FFACD1B3000-0x00007FFACD1B5000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        8KB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-15-0x00007FFACD1B0000-0x00007FFACDC71000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        10.8MB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-14-0x00007FFACD1B0000-0x00007FFACDC71000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        10.8MB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-13-0x00007FFACD1B0000-0x00007FFACDC71000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        10.8MB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-12-0x00007FFACD1B0000-0x00007FFACDC71000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        10.8MB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-11-0x00007FFACD1B0000-0x00007FFACDC71000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        10.8MB

                                                                                                                                        Download

                                                                                                                                      • memory/2540-10-0x0000024573430000-0x0000024573452000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        136KB

                                                                                                                                        Download

                                                                                                                                      • memory/2708-1000-0x0000000004D20000-0x0000000004D21000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/2796-30-0x0000022F82700000-0x0000022F82800000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/2796-29-0x0000022F82700000-0x0000022F82800000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/2796-34-0x0000022F834E0000-0x0000022F83500000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2796-65-0x0000022F83AC0000-0x0000022F83AE0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2796-64-0x0000022F834A0000-0x0000022F834C0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2948-1298-0x0000023817940000-0x0000023817960000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2948-1293-0x0000023816800000-0x0000023816900000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/2948-1294-0x0000023816800000-0x0000023816900000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/3228-859-0x0000000004A80000-0x0000000004A81000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/3796-175-0x0000000004450000-0x0000000004451000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/4172-867-0x000001AAB5AB0000-0x000001AAB5AD0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4172-898-0x000001AAB6080000-0x000001AAB60A0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4172-880-0x000001AAB5A70000-0x000001AAB5A90000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4184-455-0x000001C946270000-0x000001C946290000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4184-441-0x000001C9462B0000-0x000001C9462D0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4184-438-0x000001C945150000-0x000001C945250000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/4184-436-0x000001C945150000-0x000001C945250000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/4184-473-0x000001C946680000-0x000001C9466A0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4216-28-0x0000000004B70000-0x0000000004B71000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/4220-1148-0x0000000004390000-0x0000000004391000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/4300-577-0x00000000014D0000-0x00000000014D1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/4512-322-0x00000000048A0000-0x00000000048A1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/4740-1003-0x0000026CB3F00000-0x0000026CB4000000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/4740-1017-0x0000026CB4DE0000-0x0000026CB4E00000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4740-1002-0x0000026CB3F00000-0x0000026CB4000000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/4740-1007-0x0000026CB5020000-0x0000026CB5040000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4740-1029-0x0000026CB53F0000-0x0000026CB5410000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4880-360-0x000002DC5C7E0000-0x000002DC5C800000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4880-342-0x000002DC5C1D0000-0x000002DC5C1F0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4880-323-0x000002DC5B100000-0x000002DC5B200000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/4880-328-0x000002DC5C420000-0x000002DC5C440000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4880-324-0x000002DC5B100000-0x000002DC5B200000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/4880-325-0x000002DC5B100000-0x000002DC5B200000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/4976-745-0x000001D5873C0000-0x000001D5873E0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4976-734-0x000001D586FB0000-0x000001D586FD0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4976-721-0x000001D586000000-0x000001D586100000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download

                                                                                                                                      • memory/4976-725-0x000001D586FF0000-0x000001D587010000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4976-720-0x000001D586000000-0x000001D586100000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        1024KB

                                                                                                                                        Download