Analysis

  • max time kernel
    65s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/03/2024, 23:31

General

  • Target

    Fdrelandskrligehed/Tenuto/Sauria/Handelsbalancerne122.ps1

  • Size

    57KB

  • MD5

    0c865acf7c347c6dd359f98c8251a9bc

  • SHA1

    dc6ad24450f7a966e5c090abce2ec06f23cef9ae

  • SHA256

    00f3155ff5edff6c7b7286095854eae05446345e358018fee4c5fb141a458d7e

  • SHA512

    a7ead01800f440b0d4e8f07040818ed72ff1c768cb44ffc1823230b5bee96238b25373a652be4509c88cb371772da1061f5b14b3fa5a7e1e7833dc07d56f1aaa

  • SSDEEP

    1536:zSoQQtIqgBuwNgZdhr1l4jOLjMr0q7hB5V6jNpCDWS6BuqVkzW:eoKBuwN+3COLwr0q7f5iNY6XiS

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 13 IoCs
  • Enumerates connected drives 3 TTPs 26 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Fdrelandskrligehed\Tenuto\Sauria\Handelsbalancerne122.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4804
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
      2⤵
        PID:5028
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2744
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1196
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4712
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4296
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2932
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4916
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4876
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:1884
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4280
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1908
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3736
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3768
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1500
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4188
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4240
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4276
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1552
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3768
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2280
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3036
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:5060
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2132
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:116
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3320
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3620
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2536
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4528
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4064
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1364
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3712
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4248
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2472
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3552
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3340
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4904
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2828
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:588
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:2416
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:3584
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:544
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3764
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:3096
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4928
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4168
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:2924
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:2144
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3876
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3860
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:3112
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:4080
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:3444
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:2556
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:640
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:1832
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:5060
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:3068
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:4372
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:3596
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:4940
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:4612
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:4540
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:3656
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:232
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:1716
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:2172
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:3740
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:4980
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:1668
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:4736
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:3488
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:552
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:1584
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:728
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:4620
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:2324
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3860
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3952
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:5108
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:3040
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:1080
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:688
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:1588
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:2260
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:3064
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:4056
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:2556
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:3636
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:2496
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:3160
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:1664

                                                                                                              Network

                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                              Replay Monitor

                                                                                                              Loading Replay Monitor...

                                                                                                              Downloads

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                                Filesize

                                                                                                                471B

                                                                                                                MD5

                                                                                                                6475b19cdf10d6f0ccf27ebf0fe76309

                                                                                                                SHA1

                                                                                                                6c3ca7a137c2b3041cdb22c994bba356e33f93c4

                                                                                                                SHA256

                                                                                                                635f833910db4e0915ecfe0d515341d4feec384dd83d6309f71f336c838a75d1

                                                                                                                SHA512

                                                                                                                9f695eae05fd9bc6f775cd2e8ec1a235976d82bf8b206449b0595e97afd335b31e79706b281b920e08de6d90a05a7e8b777f6d15bdbf815e61bf96e19542f4ce

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                                Filesize

                                                                                                                412B

                                                                                                                MD5

                                                                                                                10266b62cc2bdbe4f63c2be689257e72

                                                                                                                SHA1

                                                                                                                37e5433ca08ad8de083d54f05af46bde7930d930

                                                                                                                SHA256

                                                                                                                4237bdba2cfab88d85bb7d093f192df4274c81a04cf67f7ee0497459d3cf91aa

                                                                                                                SHA512

                                                                                                                11fbe20484b96dbd85f7a37baf239a6fcc979548ceac35e4f432f2a3ed0ce4debd149449712eab56ec769150b4daf73381ec2291158943ccf05639a265859635

                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15

                                                                                                                Filesize

                                                                                                                36KB

                                                                                                                MD5

                                                                                                                0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                SHA1

                                                                                                                92495421ad887f27f53784c470884802797025ad

                                                                                                                SHA256

                                                                                                                0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                SHA512

                                                                                                                61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QDDM1QX5\microsoft.windows[1].xml

                                                                                                                Filesize

                                                                                                                96B

                                                                                                                MD5

                                                                                                                2415f1b0b1e5150e9f1e871081fd1fad

                                                                                                                SHA1

                                                                                                                a79e4bfddc3daf75f059fda3547bd18282d993f7

                                                                                                                SHA256

                                                                                                                3eff25035403aba506d0dbf69c76a22fa90ec66d2094cbf39bc5267a850902ae

                                                                                                                SHA512

                                                                                                                5d05da9ec1471dbf91f0c474c8db3897130543ff3c4da70724ce3a36adc38f628264c3dae4f54caef493f7593a0986a944dda0e19e947f3dfc34fc16fbd3e6bb

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5flna3pe.igo.ps1

                                                                                                                Filesize

                                                                                                                60B

                                                                                                                MD5

                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                SHA1

                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                SHA256

                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                SHA512

                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                              • memory/116-162-0x0000000002600000-0x0000000002601000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/1364-203-0x0000000004D50000-0x0000000004D51000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/1500-82-0x0000026B958E0000-0x0000026B95900000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/1500-80-0x0000026B952D0000-0x0000026B952F0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/1500-78-0x0000026B95310000-0x0000026B95330000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/1552-116-0x0000000004D60000-0x0000000004D61000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/1884-50-0x0000000004A60000-0x0000000004A61000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/1908-58-0x0000024794020000-0x0000024794040000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/1908-62-0x00000247943E0000-0x0000024794400000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/1908-60-0x0000024793DD0000-0x0000024793DF0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2132-151-0x000002A5150A0000-0x000002A5150C0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2132-149-0x000002A514A80000-0x000002A514AA0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2132-147-0x000002A514AC0000-0x000002A514AE0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2280-126-0x000001B1922A0000-0x000001B1922C0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2280-128-0x000001B1928C0000-0x000001B1928E0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2280-124-0x000001B1922E0000-0x000001B192300000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2416-260-0x000001D4E8960000-0x000001D4E8980000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2416-256-0x000001D4E8390000-0x000001D4E83B0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2416-258-0x000001D4E8350000-0x000001D4E8370000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2472-225-0x0000000004DD0000-0x0000000004DD1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/2536-182-0x0000000004120000-0x0000000004121000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/2556-342-0x000001E07CDE0000-0x000001E07CE00000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2556-340-0x000001E07D020000-0x000001E07D040000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2556-344-0x000001E07D3F0000-0x000001E07D410000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/2828-248-0x0000000004510000-0x0000000004511000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/2924-308-0x0000000004D40000-0x0000000004D41000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/2932-28-0x0000000003230000-0x0000000003231000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/3036-140-0x0000000004500000-0x0000000004501000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/3096-288-0x00000000046C0000-0x00000000046C1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/3340-233-0x00000206DA500000-0x00000206DA520000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/3340-237-0x00000206DAAE0000-0x00000206DAB00000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/3340-235-0x00000206DA4C0000-0x00000206DA4E0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/3584-268-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/3620-172-0x000002824EF20000-0x000002824EF40000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/3620-174-0x000002824F320000-0x000002824F340000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/3620-170-0x000002824EF60000-0x000002824EF80000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/3736-70-0x00000000045E0000-0x00000000045E1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/3764-280-0x0000019E66A80000-0x0000019E66AA0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/3764-278-0x0000019E66470000-0x0000019E66490000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/3764-276-0x0000019E664B0000-0x0000019E664D0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/3876-320-0x000001E9CE6A0000-0x000001E9CE6C0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/3876-316-0x000001E9CE0C0000-0x000001E9CE0E0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/3876-318-0x000001E9CE080000-0x000001E9CE0A0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4064-190-0x000001A9747E0000-0x000001A974800000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4064-192-0x000001A9747A0000-0x000001A9747C0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4064-194-0x000001A974DB0000-0x000001A974DD0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4080-332-0x0000000004C20000-0x0000000004C21000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/4168-300-0x000002119A510000-0x000002119A530000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4168-298-0x000002119A100000-0x000002119A120000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4168-296-0x000002119A140000-0x000002119A160000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4188-94-0x0000000004970000-0x0000000004971000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                              • memory/4248-210-0x000002126BC90000-0x000002126BCB0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4248-214-0x000002126C060000-0x000002126C080000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4248-212-0x000002126BC50000-0x000002126BC70000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4276-104-0x00000284327B0000-0x00000284327D0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4276-103-0x00000284323A0000-0x00000284323C0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4276-101-0x00000284323E0000-0x0000028432400000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4372-364-0x0000025BA6AE0000-0x0000025BA6B00000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4372-366-0x0000025BA6AA0000-0x0000025BA6AC0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4372-369-0x0000025BA70C0000-0x0000025BA70E0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4804-13-0x00000299E3940000-0x00000299E3950000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                              • memory/4804-14-0x00000299E3940000-0x00000299E3950000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                              • memory/4804-16-0x00000299E3940000-0x00000299E3950000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                              • memory/4804-0-0x00000299CB370000-0x00000299CB392000-memory.dmp

                                                                                                                Filesize

                                                                                                                136KB

                                                                                                              • memory/4804-17-0x00000299E4560000-0x00000299E4564000-memory.dmp

                                                                                                                Filesize

                                                                                                                16KB

                                                                                                              • memory/4804-18-0x00007FFB39C30000-0x00007FFB3A6F1000-memory.dmp

                                                                                                                Filesize

                                                                                                                10.8MB

                                                                                                              • memory/4804-12-0x00000299E3940000-0x00000299E3950000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                              • memory/4804-11-0x00000299E3940000-0x00000299E3950000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                              • memory/4804-10-0x00007FFB39C30000-0x00007FFB3A6F1000-memory.dmp

                                                                                                                Filesize

                                                                                                                10.8MB

                                                                                                              • memory/4876-35-0x000002242AC60000-0x000002242AC80000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4876-39-0x000002242B030000-0x000002242B050000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/4876-37-0x000002242AC20000-0x000002242AC40000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                              • memory/5060-356-0x00000000049B0000-0x00000000049B1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB