Overview

overview

10

Static

static

1

justifican...09.exe

windows10-2004-x64

10

Lsebgers.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    61s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2025, 15:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lsebgers.ps1

  • Size

    54KB

  • MD5

    ca6b30d971f2b79383c80f5c12718e8f

  • SHA1

    3f49b9675ce0d5df8f426436624507e5276b5a5a

  • SHA256

    4ac783e447712a8001e6abdc47c4e1b2bbc4a990a0af8c0dc60468762cfd89e0

  • SHA512

    c20c75bc3b1a8a52061072bbc2e7e0dc60980e04d7a78e96fd2552a1a56f023ae84675dd3599245a539a2219c262310d73c4e43530b7a1b7e8b46ceb49aa2707

  • SSDEEP

    768:gcxPtxqjY9q6/XCN4l64sp9yjcyRfrybdKwKZ9sjthzPCklX8H77cw4zQzEjm:t19qJI1cyjnBPZCDPHYv40zEm

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 12 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Lsebgers.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2920
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:5664
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1324
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:5100
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:784
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5596
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4252
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1960
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4168
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2888
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2172
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5736
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5244
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5632
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3564
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1940
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5168
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3224
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:5548
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3716
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1492
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3132
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5372
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5444
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5736
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4152
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:4760
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3220
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5036
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4712
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5044
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4100
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3680
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:5820
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:4792
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4668
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4840
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:2736
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:1380
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:4460
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4024
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:772
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:1108
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3912
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:1460
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:5012
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:3840
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:5588
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3916
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:720
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1180
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:5364
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:1064
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4508
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:1696
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4760
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:4356
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4056
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:1672
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:2336
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:3348
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:936
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:4144
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4312
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:3564
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:5736
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:3984
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4064
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:3832
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4252
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3824
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:1856
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:1120
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:4456
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:1640
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3376
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:1012
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:3608
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4868
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4292
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:1664
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:3564
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:1952
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:4232
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3816
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:4164
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:1964

                                                                                                            Network

                                                                                                            MITRE ATT&CK Enterprise v16

                                                                                                            Replay Monitor

                                                                                                            Loading Replay Monitor...

                                                                                                            Downloads

                                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                              Filesize

                                                                                                              471B

                                                                                                              MD5

                                                                                                              2b97df3cdd629da26b5a81ad97f2ebd8

                                                                                                              SHA1

                                                                                                              175924c5b81a4cd4117abdecf2274d05de09044a

                                                                                                              SHA256

                                                                                                              9c8b20644cbcf277754a4d55fd2eb42c86d49d25aed96147c179eefb86ed2a01

                                                                                                              SHA512

                                                                                                              4c18a3f134d4353ba2bea2bf19f2b4c87b7eaccbbf6945a5d136a9bc406218ebfb965e5dbfb0bc13f2f26b6835efa48b62b6017a4bca5508d1745358515c8743

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                              Filesize

                                                                                                              412B

                                                                                                              MD5

                                                                                                              96b0b2e565579e03e0a44e92dcdf8332

                                                                                                              SHA1

                                                                                                              b68743e84e63f1d5c2a1a7542e3ffaa9fc6b4a5d

                                                                                                              SHA256

                                                                                                              08ab1213d5aa21b56407fd059be88ed8d0069bf4d8c89f6c2b2da369a9f173c5

                                                                                                              SHA512

                                                                                                              0b4db918b5ad678d795c0985be0da64787b83d0f217820a9688a03793dc83794ff755436454d66bf92b0fd62a25d82a123a0145a2743e15b7e7d206c73f81c90

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                              Filesize

                                                                                                              2KB

                                                                                                              MD5

                                                                                                              9976321dcbb586089424cab7187d6a11

                                                                                                              SHA1

                                                                                                              3fb7575fb485cc576923af1efd238acace7636be

                                                                                                              SHA256

                                                                                                              60d64691b394f0da785a1506ce7d2b0128958bdab82a3fdb1b76ad1143911b2b

                                                                                                              SHA512

                                                                                                              46cd63b41efe6c57e3a9367454fdf0986043d91927ea71f94f967d4d76ebd81ab471bcfdf578ed9d3fdb570aea3c6697c276bf6495b27a68bcea5e314ca76766

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\TRZE6I7N\microsoft.windows[1].xml
                                                                                                              Filesize

                                                                                                              97B

                                                                                                              MD5

                                                                                                              5f20566632409cf5766e4a9bc1ddc989

                                                                                                              SHA1

                                                                                                              39d40c974e76857957ef966ba650519b0a5b2d6c

                                                                                                              SHA256

                                                                                                              acc2ad05e0e666a4f809dabe7e8124e825c5ae8dc41195cc05b1dd2c5442e7d0

                                                                                                              SHA512

                                                                                                              11ac109902f8aa21ec877ad44d6982a004dcfa46198a7650bdc40ab0713ab546144234a67edf4bff45e1021c634aaf2fd73ef347c2dece2ce2db587e167d23a2

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bnbthhpv.t2z.ps1
                                                                                                              Filesize

                                                                                                              60B

                                                                                                              MD5

                                                                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                                                                              SHA1

                                                                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                              SHA256

                                                                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                              SHA512

                                                                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                              Download Submit

                                                                                                            • memory/1492-778-0x000001E8F7A40000-0x000001E8F7B40000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/1492-783-0x000001E8F89A0000-0x000001E8F89C0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/1492-806-0x000001E8F8F70000-0x000001E8F8F90000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/1492-795-0x000001E8F8960000-0x000001E8F8980000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/1940-625-0x0000000004390000-0x0000000004391000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/2888-320-0x0000000003F70000-0x0000000003F71000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/2920-13-0x00007FF8227B0000-0x00007FF823271000-memory.dmp

                                                                                                              Filesize

                                                                                                              10.8MB

                                                                                                              Download

                                                                                                            • memory/2920-21-0x00007FF8227B0000-0x00007FF823271000-memory.dmp

                                                                                                              Filesize

                                                                                                              10.8MB

                                                                                                              Download

                                                                                                            • memory/2920-20-0x00007FF8227B0000-0x00007FF823271000-memory.dmp

                                                                                                              Filesize

                                                                                                              10.8MB

                                                                                                              Download

                                                                                                            • memory/2920-19-0x00007FF8227B0000-0x00007FF823271000-memory.dmp

                                                                                                              Filesize

                                                                                                              10.8MB

                                                                                                              Download

                                                                                                            • memory/2920-16-0x000002DE2D390000-0x000002DE2D3BA000-memory.dmp

                                                                                                              Filesize

                                                                                                              168KB

                                                                                                              Download

                                                                                                            • memory/2920-17-0x000002DE2D390000-0x000002DE2D3B4000-memory.dmp

                                                                                                              Filesize

                                                                                                              144KB

                                                                                                              Download

                                                                                                            • memory/2920-0-0x00007FF8227B3000-0x00007FF8227B5000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                              Download

                                                                                                            • memory/2920-15-0x00007FF8227B0000-0x00007FF823271000-memory.dmp

                                                                                                              Filesize

                                                                                                              10.8MB

                                                                                                              Download

                                                                                                            • memory/2920-14-0x00007FF8227B0000-0x00007FF823271000-memory.dmp

                                                                                                              Filesize

                                                                                                              10.8MB

                                                                                                              Download

                                                                                                            • memory/2920-12-0x00007FF8227B0000-0x00007FF823271000-memory.dmp

                                                                                                              Filesize

                                                                                                              10.8MB

                                                                                                              Download

                                                                                                            • memory/2920-11-0x00007FF8227B0000-0x00007FF823271000-memory.dmp

                                                                                                              Filesize

                                                                                                              10.8MB

                                                                                                              Download

                                                                                                            • memory/2920-10-0x000002DE2CFB0000-0x000002DE2CFD2000-memory.dmp

                                                                                                              Filesize

                                                                                                              136KB

                                                                                                              Download

                                                                                                            • memory/3132-928-0x0000000004970000-0x0000000004971000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/3220-1218-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/3224-631-0x0000026460590000-0x00000264605B0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/3224-663-0x0000026460960000-0x0000026460980000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/3224-653-0x0000026460550000-0x0000026460570000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/3564-511-0x00000164AD480000-0x00000164AD4A0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/3564-474-0x00000164ABF40000-0x00000164AC040000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/3564-491-0x00000164ACE60000-0x00000164ACE80000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/3564-479-0x00000164ACEA0000-0x00000164ACEC0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/3564-475-0x00000164ABF40000-0x00000164AC040000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/3680-1366-0x00000222A5200000-0x00000222A5300000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/3680-1367-0x00000222A5200000-0x00000222A5300000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4168-210-0x000001255A180000-0x000001255A1A0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4168-179-0x0000011D57C50000-0x0000011D57D50000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4168-180-0x0000011D57C50000-0x0000011D57D50000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4168-184-0x0000012559BB0000-0x0000012559BD0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4168-197-0x0000012559B70000-0x0000012559B90000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4252-178-0x0000000004F70000-0x0000000004F71000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/4712-1220-0x00000198F4500000-0x00000198F4600000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4712-1257-0x00000198F59F0000-0x00000198F5A10000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4712-1234-0x00000198F53E0000-0x00000198F5400000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4712-1225-0x00000198F5620000-0x00000198F5640000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4712-1222-0x00000198F4500000-0x00000198F4600000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4712-1221-0x00000198F4500000-0x00000198F4600000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4760-1107-0x000001F271A00000-0x000001F271A20000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4760-1095-0x000001F2715F0000-0x000001F271610000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4760-1076-0x000001F271630000-0x000001F271650000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4760-1072-0x000001F270500000-0x000001F270600000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/5044-1364-0x0000000004970000-0x0000000004971000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/5100-30-0x00000000033D0000-0x00000000033D1000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/5244-473-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/5444-930-0x0000022BBE100000-0x0000022BBE200000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/5444-967-0x0000022BBF5B0000-0x0000022BBF5D0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/5444-943-0x0000022BBF1A0000-0x0000022BBF1C0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/5444-935-0x0000022BBF1E0000-0x0000022BBF200000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/5444-931-0x0000022BBE100000-0x0000022BBE200000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/5548-776-0x00000000043E0000-0x00000000043E1000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/5596-32-0x000001C4C2500000-0x000001C4C2600000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/5596-36-0x000001C4C34D0000-0x000001C4C34F0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/5596-47-0x000001C4C3490000-0x000001C4C34B0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/5596-59-0x000001C4C38A0000-0x000001C4C38C0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/5596-31-0x000001C4C2500000-0x000001C4C2600000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/5736-1070-0x0000000004350000-0x0000000004351000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/5736-348-0x0000020AB37C0000-0x0000020AB37E0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/5736-336-0x0000020AB31B0000-0x0000020AB31D0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/5736-327-0x0000020AB3400000-0x0000020AB3420000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/5736-322-0x0000020AB2300000-0x0000020AB2400000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/5736-323-0x0000020AB2300000-0x0000020AB2400000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download