Overview

overview

10

Static

static

1

justifican...09.exe

windows10-2004-x64

10

Lsebgers.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    47s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2025, 15:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lsebgers.ps1

  • Size

    54KB

  • MD5

    ca6b30d971f2b79383c80f5c12718e8f

  • SHA1

    3f49b9675ce0d5df8f426436624507e5276b5a5a

  • SHA256

    4ac783e447712a8001e6abdc47c4e1b2bbc4a990a0af8c0dc60468762cfd89e0

  • SHA512

    c20c75bc3b1a8a52061072bbc2e7e0dc60980e04d7a78e96fd2552a1a56f023ae84675dd3599245a539a2219c262310d73c4e43530b7a1b7e8b46ceb49aa2707

  • SSDEEP

    768:gcxPtxqjY9q6/XCN4l64sp9yjcyRfrybdKwKZ9sjthzPCklX8H77cw4zQzEjm:t19qJI1cyjnBPZCDPHYv40zEm

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Lsebgers.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5304
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2688
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5948
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3616
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5320
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3248
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2636
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2800
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3808
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2652
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4996
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3676
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:388
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5648
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4648
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3596
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4324
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3652
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3752
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5412
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2548
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1804
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4432
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5100
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2460
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4948
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:2944
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:392
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:5676
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:5228
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:1164
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4164
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:3444
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:1260
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3600
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4792
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:2928
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:1900
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:5432
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:5932
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:1904
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:1076
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4308
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:5984
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4092
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3952
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4204
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:1932
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:5432
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:3396
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:5308
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:5764
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:3804
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:1208
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:3636
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:2984
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4148
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:668
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:5632
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4876
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:736
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:220
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:8
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:2088
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:4720
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:4832
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:4304
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:4740
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:5308
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:1032
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:748
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:464
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:5780
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:2680
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:4488
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:3584
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:388
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:5136
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:4052
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:668
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:5932
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:3832
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:2184
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:5376
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                      1⤵
                                                                                                                        PID:3436
                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                        explorer.exe
                                                                                                                        1⤵
                                                                                                                          PID:652
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                          1⤵
                                                                                                                            PID:1020
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                            1⤵
                                                                                                                              PID:4284
                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                              explorer.exe
                                                                                                                              1⤵
                                                                                                                                PID:4904
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                1⤵
                                                                                                                                  PID:2232
                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                  1⤵
                                                                                                                                    PID:5124

                                                                                                                                  Network

                                                                                                                                  MITRE ATT&CK Enterprise v16

                                                                                                                                  Replay Monitor

                                                                                                                                  Loading Replay Monitor...

                                                                                                                                  Downloads

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    26a383bdec1d68eadf2bc4a87183dfad

                                                                                                                                    SHA1

                                                                                                                                    b57748934766fb09d06a9ce7968a44ca10dc6859

                                                                                                                                    SHA256

                                                                                                                                    74710ff593ec69dd3418d67ae0cf42e855a4bd97a08507f4d07fe4313eca0d15

                                                                                                                                    SHA512

                                                                                                                                    76792645d6250a5f047f1f9548fa3970e3744c0b61e0ca86b35294ca91e2f0eea131d64c2045eb10b0247c35b64e01478a3840564d9818c67680c5d167a8bfcc

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133891195923179557.txt
                                                                                                                                    Filesize

                                                                                                                                    76KB

                                                                                                                                    MD5

                                                                                                                                    7b6dc9e6b49107c81839974e4cb3dc7b

                                                                                                                                    SHA1

                                                                                                                                    89faecd851163cbbd1dabf102e4e582a0516e8ba

                                                                                                                                    SHA256

                                                                                                                                    3c2f2356690dc89580f0b1671921f8174742c99b26602261bd9b7e0767641c50

                                                                                                                                    SHA512

                                                                                                                                    c228f3d9489048e24f2ee68aeb1e21f952d5115f08493c447a2302a8c30242e22c7f69057615421a030a65dfe718d4093e50b6c506a1a5513f3d3472a6603f03

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\E25LIGWI\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    69ac45c16a93225b0e9a66a5e4945e26

                                                                                                                                    SHA1

                                                                                                                                    d44ce4c00318885af53c27e77921d7b91239c151

                                                                                                                                    SHA256

                                                                                                                                    e0957b7877fc4f2fd795bd625e11b97e13c0160903d35bc338c975d13a5fb3e5

                                                                                                                                    SHA512

                                                                                                                                    2e30174d07b3a47f49d8c5edf0db2c8d7a95fdbb353a28d1d1d3bc0d21b80d6246861d5edc7839f4d35209b4108249f82eae8f74648620ec1046783b48e0e363

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ttqc2txw.unc.ps1
                                                                                                                                    Filesize

                                                                                                                                    60B

                                                                                                                                    MD5

                                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                    SHA1

                                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                    SHA256

                                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                    SHA512

                                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                    Download Submit

                                                                                                                                  • memory/388-488-0x00000000044F0000-0x00000000044F1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/2548-788-0x0000000004A40000-0x0000000004A41000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/2636-190-0x0000000004400000-0x0000000004401000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/2652-340-0x0000000004C20000-0x0000000004C21000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/2944-1084-0x0000000004650000-0x0000000004651000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3248-30-0x00000211D0220000-0x00000211D0320000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3248-31-0x00000211D0220000-0x00000211D0320000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3248-34-0x00000211D1380000-0x00000211D13A0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3248-29-0x00000211D0220000-0x00000211D0320000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3248-56-0x00000211D1790000-0x00000211D17B0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3248-45-0x00000211D1340000-0x00000211D1360000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3596-635-0x0000000004680000-0x0000000004681000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3616-28-0x0000000002FC0000-0x0000000002FC1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3652-637-0x000002438CF60000-0x000002438D060000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3652-642-0x000002438DEC0000-0x000002438DEE0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3652-639-0x000002438CF60000-0x000002438D060000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3652-665-0x000002438E4A0000-0x000002438E4C0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3652-652-0x000002438DE80000-0x000002438DEA0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3676-359-0x0000015308AA0000-0x0000015308AC0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3676-341-0x0000015307C00000-0x0000015307D00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3676-378-0x00000153090C0000-0x00000153090E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3676-346-0x0000015308AE0000-0x0000015308B00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3808-196-0x00000253EC560000-0x00000253EC580000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3808-192-0x00000253EB600000-0x00000253EB700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3808-191-0x00000253EB600000-0x00000253EB700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3808-220-0x00000253ECB40000-0x00000253ECB60000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3808-208-0x00000253EC520000-0x00000253EC540000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4164-1214-0x000001F782500000-0x000001F782600000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4164-1251-0x000001F7838A0000-0x000001F7838C0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4164-1219-0x000001F7830D0000-0x000001F7830F0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4164-1231-0x000001F783090000-0x000001F7830B0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4432-790-0x000001A24E600000-0x000001A24E700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4432-792-0x000001A24E600000-0x000001A24E700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4432-791-0x000001A24E600000-0x000001A24E700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4432-827-0x000001A24FAC0000-0x000001A24FAE0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4432-805-0x000001A24F4B0000-0x000001A24F4D0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4432-795-0x000001A24F4F0000-0x000001A24F510000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-494-0x000001D8F0D40000-0x000001D8F0D60000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-489-0x000001D8EFE00000-0x000001D8EFF00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-515-0x000001D8F1300000-0x000001D8F1320000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-503-0x000001D8F0D00000-0x000001D8F0D20000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-490-0x000001D8EFE00000-0x000001D8EFF00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4948-940-0x000001ABBFE40000-0x000001ABBFF40000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4948-943-0x000001B3C1FA0000-0x000001B3C1FC0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4948-954-0x000001B3C1F60000-0x000001B3C1F80000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4948-966-0x000001B3C2370000-0x000001B3C2390000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4948-939-0x000001ABBFE40000-0x000001ABBFF40000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/5100-937-0x0000000004E60000-0x0000000004E61000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/5228-1213-0x00000000044D0000-0x00000000044D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-16-0x000001B79F7D0000-0x000001B79F7FA000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    168KB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-0-0x00007FFDA4943000-0x00007FFDA4945000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-11-0x00007FFDA4940000-0x00007FFDA5401000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-19-0x00007FFDA4940000-0x00007FFDA5401000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-15-0x00007FFDA4940000-0x00007FFDA5401000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-14-0x00007FFDA4940000-0x00007FFDA5401000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-13-0x00007FFDA4940000-0x00007FFDA5401000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-9-0x000001B786E40000-0x000001B786E62000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-22-0x00007FFDA4940000-0x00007FFDA5401000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-21-0x000001B79F440000-0x000001B79F65C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    2.1MB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-20-0x00007FFDA4940000-0x00007FFDA5401000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-17-0x000001B79F7D0000-0x000001B79F7F4000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    144KB

                                                                                                                                    Download

                                                                                                                                  • memory/5304-12-0x00007FFDA4940000-0x00007FFDA5401000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/5676-1101-0x000001DE7BBD0000-0x000001DE7BBF0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/5676-1113-0x000001DE7C1E0000-0x000001DE7C200000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/5676-1091-0x000001DE7BE20000-0x000001DE7BE40000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/5676-1086-0x000001DE7AD00000-0x000001DE7AE00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download