Overview

overview

10

Static

static

1

pago-56809...34.exe

windows10-2004-x64

10

Undvrligst130.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    52s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2025, 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Undvrligst130.ps1

  • Size

    54KB

  • MD5

    63d3e9e12462b3b7ad4ca8835d3d08bd

  • SHA1

    d9aa8a0fad0c4c9eeb030e4da83b37aae9ae132b

  • SHA256

    1c739a595448826a25d50af246010dbb70fd6a78c5af3316509ff2073e5cad2c

  • SHA512

    8e5e65554e94703b893dcbc210d4d5c0949059eeb0a0e41ec3b16ffc746d5571b74d102c68c286670a2523447c1f9c2cb1a47c3088865bfe9752d744a9578274

  • SSDEEP

    1536:NVi4bqCaM+oZ8nqA3w4mmzuI3gBxNFBD1ed:7izpoZ+5m1CgBDFBD1ed

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 11 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Undvrligst130.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4532
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4812
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4080
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1516
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1964
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:740
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4656
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3148
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:552
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:6104
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1164
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4628
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5040
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1168
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2524
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1668
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2016
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2024
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:212
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4884
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5680
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:772
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2520
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4604
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5756
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2584
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1892
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5020
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5032
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:4340
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:4600
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:5236
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4888
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:5732
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:5344
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:6064
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:1052
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3680
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4200
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4044
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:5332
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:1296
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:692
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2900
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:4388
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:1244
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1688
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:1740
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3584
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4492
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:836
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:5068
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:1296
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:2344
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:912
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:4208
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:4956
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:424
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:2980
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:1976
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:736
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:1100
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:6100
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:1788
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:3240
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:2852
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:1200
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:3320
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:5340
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3016
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:5508
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:5208
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:3772
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:1692
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:3336
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:2768
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:4828
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:3864
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:752
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:4508
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3848
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:1124
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:5056
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:3272
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:1796
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:4636
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:5268
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:1564
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:2264

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v16

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          ca9f98faaa4ef5ef9542c6e8319d3e83

                                                                                                                          SHA1

                                                                                                                          d8cf5f8ecce3aa6eb9d2b7207c3178c81096c370

                                                                                                                          SHA256

                                                                                                                          862b2a954c0fddd8344c1d4fa260cab9456b29254721d074740076a6c1113f94

                                                                                                                          SHA512

                                                                                                                          13aa5d9c967090887fc0e61ca9c8a9f2b427bd6f5f9dabdb79db36c7a205ce059696416e69f631aee452365673361480aea5bb3addfb27f79221e0187bde5a99

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133891176121438752.txt
                                                                                                                          Filesize

                                                                                                                          75KB

                                                                                                                          MD5

                                                                                                                          4d6c470c53c492fe90f88494b86641aa

                                                                                                                          SHA1

                                                                                                                          5aecaf0518ce68f9c2591aa923a28f1225d36b54

                                                                                                                          SHA256

                                                                                                                          fb761529662548f0f676feed41f8ab81589e7c307587878a069117b9a648ae0d

                                                                                                                          SHA512

                                                                                                                          880f91057a6b890a840dbbe17f009ebb6194580c19356b80a74a663ffc6a6461185782ea71234698bb337a998a71f3205514e94ee21ba180a313bb8735c8a5cd

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\E25LIGWI\microsoft.windows[1].xml
                                                                                                                          Filesize

                                                                                                                          97B

                                                                                                                          MD5

                                                                                                                          69ac45c16a93225b0e9a66a5e4945e26

                                                                                                                          SHA1

                                                                                                                          d44ce4c00318885af53c27e77921d7b91239c151

                                                                                                                          SHA256

                                                                                                                          e0957b7877fc4f2fd795bd625e11b97e13c0160903d35bc338c975d13a5fb3e5

                                                                                                                          SHA512

                                                                                                                          2e30174d07b3a47f49d8c5edf0db2c8d7a95fdbb353a28d1d1d3bc0d21b80d6246861d5edc7839f4d35209b4108249f82eae8f74648620ec1046783b48e0e363

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mbtuvrgd.xst.ps1
                                                                                                                          Filesize

                                                                                                                          60B

                                                                                                                          MD5

                                                                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                          SHA1

                                                                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                          SHA256

                                                                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                          SHA512

                                                                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                          Download Submit

                                                                                                                        • memory/212-788-0x0000000004130000-0x0000000004131000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/552-196-0x000001C70C8C0000-0x000001C70C8E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/552-218-0x000001C70CEA0000-0x000001C70CEC0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/552-206-0x000001C70C880000-0x000001C70C8A0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/552-191-0x000001C70BA00000-0x000001C70BB00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/552-193-0x000001C70BA00000-0x000001C70BB00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/740-42-0x000002350CF10000-0x000002350CF30000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/740-32-0x000002350CF50000-0x000002350CF70000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/740-29-0x000002350C000000-0x000002350C100000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/740-28-0x000002350C000000-0x000002350C100000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/740-27-0x000002350C000000-0x000002350C100000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/740-53-0x000002350D520000-0x000002350D540000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/772-932-0x0000000004A90000-0x0000000004A91000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1516-26-0x0000000003400000-0x0000000003401000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1668-635-0x0000000004B20000-0x0000000004B21000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1892-1087-0x000001E9C3C00000-0x000001E9C3D00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1892-1088-0x000001E9C3C00000-0x000001E9C3D00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1892-1086-0x000001E9C3C00000-0x000001E9C3D00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1892-1123-0x000001E9C5040000-0x000001E9C5060000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1892-1122-0x000001E9C4AA0000-0x000001E9C4AC0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1892-1091-0x000001E9C4AE0000-0x000001E9C4B00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2024-656-0x0000026B72FC0000-0x0000026B72FE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2024-666-0x0000026B736D0000-0x0000026B736F0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2024-643-0x0000026B73300000-0x0000026B73320000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2524-489-0x000002002F600000-0x000002002F700000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/2524-516-0x0000020030B20000-0x0000020030B40000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2524-505-0x0000020030720000-0x0000020030740000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2524-493-0x0000020030760000-0x0000020030780000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2524-488-0x000002002F600000-0x000002002F700000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/4200-1526-0x0000000004440000-0x0000000004441000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4340-1235-0x0000000004BF0000-0x0000000004BF1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4532-19-0x00007FFA32630000-0x00007FFA330F1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/4532-0-0x00007FFA32633000-0x00007FFA32635000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          Download

                                                                                                                        • memory/4532-14-0x00007FFA32630000-0x00007FFA330F1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/4532-12-0x00007FFA32630000-0x00007FFA330F1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/4532-15-0x00000193B83F0000-0x00000193B841A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/4532-20-0x00007FFA32630000-0x00007FFA330F1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/4532-13-0x00007FFA32630000-0x00007FFA330F1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/4532-11-0x00007FFA32630000-0x00007FFA330F1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/4532-16-0x00000193B83F0000-0x00000193B8414000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          144KB

                                                                                                                          Download

                                                                                                                        • memory/4532-6-0x00000193B8050000-0x00000193B8072000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          136KB

                                                                                                                          Download

                                                                                                                        • memory/4532-18-0x00007FFA32630000-0x00007FFA330F1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/4604-962-0x0000028409F90000-0x0000028409FB0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4604-939-0x0000028409BC0000-0x0000028409BE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4604-951-0x0000028409B80000-0x0000028409BA0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4628-346-0x00000226A2E60000-0x00000226A2E80000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4628-366-0x00000226A3230000-0x00000226A3250000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4628-355-0x00000226A2E20000-0x00000226A2E40000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4656-189-0x0000000004680000-0x0000000004681000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4888-1373-0x0000000004B10000-0x0000000004B11000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/5040-486-0x0000000004DC0000-0x0000000004DC1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/5236-1264-0x0000026005AA0000-0x0000026005AC0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/5236-1241-0x00000260052D0000-0x00000260052F0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/5236-1252-0x0000026005290000-0x00000260052B0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/5236-1236-0x0000026004700000-0x0000026004800000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/5332-1529-0x000001895C800000-0x000001895C900000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/5344-1403-0x00000226C41E0000-0x00000226C4200000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/5344-1375-0x0000021EC1D00000-0x0000021EC1E00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/5344-1379-0x00000226C3E20000-0x00000226C3E40000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/5344-1374-0x0000021EC1D00000-0x0000021EC1E00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/5344-1391-0x00000226C3BD0000-0x00000226C3BF0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/5680-800-0x000001EF6EF40000-0x000001EF6EF60000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/5680-789-0x000001E76CE20000-0x000001E76CF20000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/5680-794-0x000001EF6EF80000-0x000001EF6EFA0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/5680-790-0x000001E76CE20000-0x000001E76CF20000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/5680-826-0x000001EF6F350000-0x000001EF6F370000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/5756-1084-0x0000000004D40000-0x0000000004D41000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/6064-1524-0x0000000004B50000-0x0000000004B51000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/6104-339-0x0000000004490000-0x0000000004491000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download