Overview

overview

10

Static

static

3

71427E3016...7A.exe

windows7-x64

8

71427E3016...7A.exe

windows10-2004-x64

10

Wifiekie.ps1

windows7-x64

3

Wifiekie.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    43s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2025, 15:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Wifiekie.ps1

  • Size

    52KB

  • MD5

    07c330dfa9d289638aff19bc6de49dd1

  • SHA1

    4818a80bf7242c8e57ccbc6236d3690362d23257

  • SHA256

    6fdda7b7b31726bcfce23627378558367eb2c93a3d6999dd3d999e04be63791f

  • SHA512

    52d12bbc1c4267db0c304c31ce430399b160a3f54ace43743a42d0db1450c87f738872caac4504f6f1693c2fffc6765680afc2cd90afc4165a70023bffb976c2

  • SSDEEP

    1536:wgwwRJEj3NddbJpwC+rKH90yVxFznzaILhpuPbnmkMPp:PXEj3Nrp2WdzaIL32bmkMPp

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Wifiekie.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:984
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3096
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1296
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4516
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1736
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1716
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4684
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3972
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3648
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3324
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2076
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1480
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4300
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4164
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3324
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3332
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4412
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4468
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1672
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4400
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:232
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3568
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3528
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4856
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:2672
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:3980
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4252
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4844
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4852
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:1052
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:5116
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3620
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4544
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:1656
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:2892
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4016
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:2788
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4228
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2792
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4620
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:2040
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4440
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4852
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:2148
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4844
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4148
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:3428
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:244
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:1584
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:3680
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2996
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:4364
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:3496
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4668
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:2356
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:2540
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:1468
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:2216
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4684
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:2836
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3100
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:1452
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:3300
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:2236
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:3652
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4004
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:3352
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:744
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:3548
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:1488
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3664
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:3648
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:1656
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:1868
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:4908
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:3572
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:3320
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:2748
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:1596
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:2772
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:3772
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:3320
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:4440

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          80e20f55d76d8f77f1b92172178fe41f

                                                                                                                          SHA1

                                                                                                                          058cd824768ebfb84a6524f4c8b3f2dab2736af0

                                                                                                                          SHA256

                                                                                                                          87423d7524efb9f70b0c18f3270787f284ee545bd7659d1950be86ddb4b9769e

                                                                                                                          SHA512

                                                                                                                          027a5fc413c1c04761354b18d0f1479e6acd293d318449391e0ecd24f98a2a4884c391181f923019d1d6db0d453da85fc2f3c667202e2b6ded0b7f493b4f15d0

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133868701247573951.txt
                                                                                                                          Filesize

                                                                                                                          84KB

                                                                                                                          MD5

                                                                                                                          b3e28e0267499cd8b71722ae3266bc26

                                                                                                                          SHA1

                                                                                                                          f6feac800fb3b4947411ac06cc0179ad6568bb60

                                                                                                                          SHA256

                                                                                                                          98bd24c28677960ee9b73c67437ae1a9bef6935280ca6c83e4c9cf67a05be243

                                                                                                                          SHA512

                                                                                                                          94d721eb78a0889f19caf597a2a604e3722eaa17daaff30bb5613ee94cbe7cb0ee90595bd478068b6edc5cf829802f902d1313bd48979116e45051cb85e1f3a9

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
                                                                                                                          Filesize

                                                                                                                          29KB

                                                                                                                          MD5

                                                                                                                          d07c8539db9e3348976d1e0cc36e3e27

                                                                                                                          SHA1

                                                                                                                          90515ec98bc2a774fbe3a6196405fd21943582e2

                                                                                                                          SHA256

                                                                                                                          ab57dc8796b2db5601ecdeaca4a2d51db5237df4af7ec036db1ad5f64cb75d01

                                                                                                                          SHA512

                                                                                                                          96dd779f30c3da36ac871cd8adf777023f1a4202b93b59557e23cdbd26c90c8c48e760d7da6682067050398d813216914c2625c75c61c6fac6982d9160a077ea

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\N2R0AT5Z\microsoft.windows[1].xml
                                                                                                                          Filesize

                                                                                                                          97B

                                                                                                                          MD5

                                                                                                                          35335b321b951066d49a033f1efe6549

                                                                                                                          SHA1

                                                                                                                          79eaf059c4d2fcdbecdc01407f2db4dcf43cb8b9

                                                                                                                          SHA256

                                                                                                                          c54685f7f23a7dc6904a896570e0573a6de28c32859f6e29e0ac8aa95596453a

                                                                                                                          SHA512

                                                                                                                          d4268998b473e101c7771ecd753fb4cc9f32af538ac32865fae6f0ac916f2d75d9eafe19ceb53625d9110070a5ad75a5e479de30f679d63ee192f20298a79899

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1jksnvzl.wwm.ps1
                                                                                                                          Filesize

                                                                                                                          60B

                                                                                                                          MD5

                                                                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                          SHA1

                                                                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                          SHA256

                                                                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                          SHA512

                                                                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                          Download Submit

                                                                                                                        • memory/232-725-0x0000000004520000-0x0000000004521000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/984-14-0x00007FFC80550000-0x00007FFC81011000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/984-12-0x00007FFC80550000-0x00007FFC81011000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/984-16-0x000001F759010000-0x000001F759034000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          144KB

                                                                                                                          Download

                                                                                                                        • memory/984-18-0x00007FFC80550000-0x00007FFC81011000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/984-19-0x00007FFC80550000-0x00007FFC81011000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/984-20-0x00007FFC80550000-0x00007FFC81011000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/984-0-0x00007FFC80553000-0x00007FFC80555000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          Download

                                                                                                                        • memory/984-1-0x000001F758AE0000-0x000001F758B02000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          136KB

                                                                                                                          Download

                                                                                                                        • memory/984-11-0x00007FFC80550000-0x00007FFC81011000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/984-15-0x000001F759010000-0x000001F75903A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/984-13-0x00007FFC80550000-0x00007FFC81011000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/1052-1163-0x0000000004070000-0x0000000004071000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1480-304-0x0000000002940000-0x0000000002941000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1716-63-0x00000252101B0000-0x00000252101D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1716-49-0x000002520FDA0000-0x000002520FDC0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1716-32-0x000002520FDE0000-0x000002520FE00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1716-29-0x000002520EC40000-0x000002520ED40000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1716-28-0x000002520EC40000-0x000002520ED40000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/2076-151-0x00000223EF300000-0x00000223EF400000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/2076-180-0x00000223F07E0000-0x00000223F0800000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2076-169-0x00000223EFFD0000-0x00000223EFFF0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2076-156-0x00000223F0420000-0x00000223F0440000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2892-1313-0x0000017C59800000-0x0000017C59900000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/2892-1314-0x0000017C59800000-0x0000017C59900000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3324-441-0x0000000002930000-0x0000000002931000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/3528-728-0x00000201F2020000-0x00000201F2120000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3528-732-0x00000201F3180000-0x00000201F31A0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3528-744-0x00000201F3140000-0x00000201F3160000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3528-727-0x00000201F2020000-0x00000201F2120000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3528-752-0x00000201F3550000-0x00000201F3570000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3620-1185-0x000001BBB2F60000-0x000001BBB2F80000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3620-1165-0x000001BBB1A40000-0x000001BBB1B40000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3620-1170-0x000001BBB2B90000-0x000001BBB2BB0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3620-1175-0x000001BBB2B50000-0x000001BBB2B70000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3620-1166-0x000001BBB1A40000-0x000001BBB1B40000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3648-150-0x0000000004670000-0x0000000004671000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/3980-870-0x0000015A69D20000-0x0000015A69D40000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3980-865-0x0000015A68E00000-0x0000015A68F00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3980-886-0x0000015A699D0000-0x0000015A699F0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3980-896-0x0000015A6A370000-0x0000015A6A390000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3980-867-0x0000015A68E00000-0x0000015A68F00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3980-866-0x0000015A68E00000-0x0000015A68F00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/4164-311-0x000002486D940000-0x000002486D960000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4164-308-0x000002406B800000-0x000002406B900000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/4164-330-0x000002486DD10000-0x000002486DD30000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4164-323-0x000002486D900000-0x000002486D920000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4252-1003-0x0000000004EE0000-0x0000000004EE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4400-582-0x000001D675640000-0x000001D675660000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4400-591-0x000001D675600000-0x000001D675620000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4400-577-0x000001D674500000-0x000001D674600000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/4400-602-0x000001D675A10000-0x000001D675A30000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4412-447-0x000001D2DD8B0000-0x000001D2DD8D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4412-454-0x000001D2DD870000-0x000001D2DD890000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4412-474-0x000001D2DDE80000-0x000001D2DDEA0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4412-442-0x000001D2DC950000-0x000001D2DCA50000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/4412-444-0x000001D2DC950000-0x000001D2DCA50000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/4468-575-0x0000000004720000-0x0000000004721000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4516-26-0x0000000003930000-0x0000000003931000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4544-1311-0x00000000040D0000-0x00000000040D1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4852-1006-0x00000132EC140000-0x00000132EC240000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/4852-1005-0x00000132EC140000-0x00000132EC240000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/4852-1010-0x00000132ED0A0000-0x00000132ED0C0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4852-1031-0x00000132ED680000-0x00000132ED6A0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4852-1022-0x00000132ED060000-0x00000132ED080000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4856-863-0x0000000002E50000-0x0000000002E51000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download