Overview

overview

10

Static

static

3

f9d051b1d7...f6.exe

windows7-x64

7

f9d051b1d7...f6.exe

windows10-2004-x64

10

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Kinestheses.ps1

windows7-x64

3

Kinestheses.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    55s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-02-2025 04:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Kinestheses.ps1

  • Size

    52KB

  • MD5

    4281bb34dbc6a97669b1815f61d33612

  • SHA1

    605f5b8e73077d2814da07642031ce974b08f2cd

  • SHA256

    4903967d23168ae80a460eb825ad870aa4dcdc57932a522999442f4612ef3c20

  • SHA512

    9062f880f1d9af15da31f40a648677d1bc8d581c19aebff91628dcb9dc1c00b461270cf0b37f29fa26522fc75d4cf3e4476fd95d26ee7162a8c9aa44b2c52184

  • SSDEEP

    1536:wj7u/ytfDkfTspAvZPzBXY/6N/wRysUR0P2e9x:wj7uatbW0A1YCN2UG2eb

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 11 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Kinestheses.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3440
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:804
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4228
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4436
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2000
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4804
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2024
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3856
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4056
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of SendNotifyMessage
    PID:4920
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2256
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1176
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2776
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4400
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4408
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4232
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4220
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2332
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2264
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3640
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4408
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1072
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2000
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2280
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1544
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4064
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5044
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:800
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3164
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1828
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4172
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:2180
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4300
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:1584
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4880
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3684
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:2080
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4292
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4720
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:2616
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4204
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:804
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3552
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4756
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:3896
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3132
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4676
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:3876
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4232
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:1872
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4612
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:680
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:3372
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:2748
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:2636
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:1784
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:1076
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2260
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:2336
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:936
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:736
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:1416
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:2232
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:3680
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:1028
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4144
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:3972
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3652
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:3096
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:3708
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:1652
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:3784
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4280
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:1616
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:3640
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:824
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:904
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:4892
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:4396
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:1748
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:2952
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:4192
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:4172
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:4220
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:2904
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:4532
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:4216
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:2176
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:3016

                                                                                                                      Network

                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                      Replay Monitor

                                                                                                                      Loading Replay Monitor...

                                                                                                                      Downloads

                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                        Filesize

                                                                                                                        2KB

                                                                                                                        MD5

                                                                                                                        787bc474065d2a659956ca9f6465aa42

                                                                                                                        SHA1

                                                                                                                        5f156ab41a577b909e54674b792abaf2bdfe5e06

                                                                                                                        SHA256

                                                                                                                        592f9abdff53b5b2f488d60a450ac978904dc224e308838fdbd81fe16e2b177a

                                                                                                                        SHA512

                                                                                                                        ba0d608d6f6208c991097da2a53fe8622cb61a4eca00ad33269273e9a6fe830b683359198e621a9048a4cfdc8f4f50c8f7d154dd5cfe5879c4bae360fac62649

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133845855987943348.txt
                                                                                                                        Filesize

                                                                                                                        75KB

                                                                                                                        MD5

                                                                                                                        bafcf9140b2dd262a94aafa6ce825d09

                                                                                                                        SHA1

                                                                                                                        352e76c7c939343117200b0502e589eb55f88e81

                                                                                                                        SHA256

                                                                                                                        7ff81334bc2d1a697300288923e3178e8f941c6e2292950296ac344247558309

                                                                                                                        SHA512

                                                                                                                        78165a6914916e298ac99c2f5c92a413e18bc2aa4f9edfa2056c787185ab86af8ae110de590c79499483c39ace1d999902c75ddd47c9458b7de0b4ad4f10b157

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7KK5J8NQ\microsoft.windows[1].xml
                                                                                                                        Filesize

                                                                                                                        97B

                                                                                                                        MD5

                                                                                                                        059fb324bd797cd537b37f6707c3dd84

                                                                                                                        SHA1

                                                                                                                        d288a975b0923940915183663bad2bd477490a6e

                                                                                                                        SHA256

                                                                                                                        f0356eb66cc4be9d409dd9f55bc0a31a970d8d77edc0c58d46751e7a2251792d

                                                                                                                        SHA512

                                                                                                                        2db050c5c4212accec6a1e98af91cbdc023d520932465b16bf25390eb78c9eec34c86aec45def7fffaa5bed97463f452d80355fef795038d8772932076cbc0e8

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fwjq2vx3.h5n.ps1
                                                                                                                        Filesize

                                                                                                                        60B

                                                                                                                        MD5

                                                                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                        SHA1

                                                                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                        SHA256

                                                                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                        SHA512

                                                                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                        Download Submit

                                                                                                                      • memory/800-1203-0x0000000004640000-0x0000000004641000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/1072-909-0x0000000003060000-0x0000000003061000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/1176-324-0x000001FDE6300000-0x000001FDE6400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/1176-361-0x000001FDE7810000-0x000001FDE7830000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1176-342-0x000001FDE7400000-0x000001FDE7420000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1176-329-0x000001FDE7440000-0x000001FDE7460000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1176-325-0x000001FDE6300000-0x000001FDE6400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/1544-1060-0x0000000003F50000-0x0000000003F51000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/1584-1497-0x0000000004800000-0x0000000004801000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/1828-1210-0x00000159DF920000-0x00000159DF940000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1828-1232-0x00000159DFF00000-0x00000159DFF20000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1828-1221-0x00000159DF8E0000-0x00000159DF900000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2024-177-0x00000000047B0000-0x00000000047B1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/2264-756-0x0000000004700000-0x0000000004701000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/2280-945-0x000002252B0C0000-0x000002252B0E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2280-934-0x000002252AAA0000-0x000002252AAC0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2280-911-0x0000022529C00000-0x0000022529D00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2280-912-0x0000022529C00000-0x0000022529D00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2280-915-0x000002252AAE0000-0x000002252AB00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2280-910-0x0000022529C00000-0x0000022529D00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2332-630-0x0000028569260000-0x0000028569280000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2332-618-0x00000285692A0000-0x00000285692C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2332-641-0x0000028569880000-0x00000285698A0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2332-615-0x0000028568340000-0x0000028568440000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2332-614-0x0000028568340000-0x0000028568440000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2776-462-0x0000000004780000-0x0000000004781000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/3440-18-0x00007FFF917B0000-0x00007FFF92271000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/3440-1-0x00000202F1A10000-0x00000202F1A32000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        136KB

                                                                                                                        Download

                                                                                                                      • memory/3440-20-0x00007FFF917B0000-0x00007FFF92271000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/3440-19-0x00007FFF917B0000-0x00007FFF92271000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/3440-15-0x00000202F3FE0000-0x00000202F400A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/3440-0-0x00007FFF917B3000-0x00007FFF917B5000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        8KB

                                                                                                                        Download

                                                                                                                      • memory/3440-11-0x00007FFF917B0000-0x00007FFF92271000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/3440-12-0x00007FFF917B0000-0x00007FFF92271000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/3440-13-0x00007FFF917B0000-0x00007FFF92271000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/3440-14-0x00007FFF917B0000-0x00007FFF92271000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/3440-16-0x00000202F3FE0000-0x00000202F4004000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        144KB

                                                                                                                        Download

                                                                                                                      • memory/3684-1527-0x000001E66B5C0000-0x000001E66B5E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3684-1516-0x000001E66B1B0000-0x000001E66B1D0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3684-1504-0x000001E66B1F0000-0x000001E66B210000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4056-184-0x00000168AF8D0000-0x00000168AF8F0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4056-203-0x00000168AFEA0000-0x00000168AFEC0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4056-192-0x00000168AF890000-0x00000168AF8B0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4056-180-0x00000168AE970000-0x00000168AEA70000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4056-181-0x00000168AE970000-0x00000168AEA70000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4056-179-0x00000168AE970000-0x00000168AEA70000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4172-1349-0x0000000004240000-0x0000000004241000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/4232-611-0x0000000004070000-0x0000000004071000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/4300-1356-0x0000022FCB400000-0x0000022FCB420000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4300-1352-0x0000022FCA300000-0x0000022FCA400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4300-1351-0x0000022FCA300000-0x0000022FCA400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4300-1363-0x0000022FCB1B0000-0x0000022FCB1D0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4300-1388-0x0000022FCB7C0000-0x0000022FCB7E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4408-764-0x000002447E200000-0x000002447E220000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4408-777-0x000002447DFC0000-0x000002447DFE0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4408-795-0x000002447E5D0000-0x000002447E5F0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4408-464-0x0000012DCC800000-0x0000012DCC900000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4408-492-0x0000012DCDD00000-0x0000012DCDD20000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4408-482-0x0000012DCD6F0000-0x0000012DCD710000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4408-469-0x0000012DCD730000-0x0000012DCD750000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4436-23-0x0000000002B00000-0x0000000002B01000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/4804-48-0x000002B03A960000-0x000002B03A980000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4804-41-0x000002B03A520000-0x000002B03A540000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4804-30-0x000002B03A560000-0x000002B03A580000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4804-26-0x000002B039400000-0x000002B039500000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4804-25-0x000002B039400000-0x000002B039500000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4920-322-0x0000000004490000-0x0000000004491000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/5044-1099-0x000001FA379C0000-0x000001FA379E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/5044-1080-0x000001FA373B0000-0x000001FA373D0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/5044-1068-0x000001FA37600000-0x000001FA37620000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download