Analysis

  • max time kernel
    50s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/03/2024, 23:33

General

  • Target

    Fdrelandskrligehed/Tenuto/Sauria/Handelsbalancerne122.ps1

  • Size

    57KB

  • MD5

    0c865acf7c347c6dd359f98c8251a9bc

  • SHA1

    dc6ad24450f7a966e5c090abce2ec06f23cef9ae

  • SHA256

    00f3155ff5edff6c7b7286095854eae05446345e358018fee4c5fb141a458d7e

  • SHA512

    a7ead01800f440b0d4e8f07040818ed72ff1c768cb44ffc1823230b5bee96238b25373a652be4509c88cb371772da1061f5b14b3fa5a7e1e7833dc07d56f1aaa

  • SSDEEP

    1536:zSoQQtIqgBuwNgZdhr1l4jOLjMr0q7hB5V6jNpCDWS6BuqVkzW:eoKBuwN+3COLwr0q7f5iNY6XiS

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 11 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Fdrelandskrligehed\Tenuto\Sauria\Handelsbalancerne122.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4192
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
      2⤵
        PID:704
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4864
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2772
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:964
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2592
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1612
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SendNotifyMessage
      PID:1620
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1612
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5076
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:704
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3576
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1972
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:912
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3596
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5036
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4968
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:5076
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2984
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:5020
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1384
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4332
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3596
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3604
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3108
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4824
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3436
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4572
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2532
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2752
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3988
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Modifies registry class
      PID:1236
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:2152
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:3108
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:2432
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:4032
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3596
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:4268
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:2940
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:4652
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:2772
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:5048
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:2532
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:3376
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:2992
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:956
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:5016
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:436
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:3104
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:1368
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:896
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:944
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:956
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:4284
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:3652
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:3712
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:2512
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:1540
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:4860
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:3672
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:1176
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:1188
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:3672
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:1924
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4800
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:2120
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:3316
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3580
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:2188
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:216
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3364
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:2024
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:2432
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:4568
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:2548
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:3268
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:2708
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:1520
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:4528
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:1312
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:1080
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:2620
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:3788
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:4664
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:3744
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:3124
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:4172
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:2440
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:2780
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:3780
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:3064
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:1612
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                              1⤵
                                                                                                                                PID:4864

                                                                                                                              Network

                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                              Replay Monitor

                                                                                                                              Loading Replay Monitor...

                                                                                                                              Downloads

                                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                                                Filesize

                                                                                                                                471B

                                                                                                                                MD5

                                                                                                                                6475b19cdf10d6f0ccf27ebf0fe76309

                                                                                                                                SHA1

                                                                                                                                6c3ca7a137c2b3041cdb22c994bba356e33f93c4

                                                                                                                                SHA256

                                                                                                                                635f833910db4e0915ecfe0d515341d4feec384dd83d6309f71f336c838a75d1

                                                                                                                                SHA512

                                                                                                                                9f695eae05fd9bc6f775cd2e8ec1a235976d82bf8b206449b0595e97afd335b31e79706b281b920e08de6d90a05a7e8b777f6d15bdbf815e61bf96e19542f4ce

                                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                                                Filesize

                                                                                                                                412B

                                                                                                                                MD5

                                                                                                                                253ccbd12a6d7019a82b87b552eb8f6c

                                                                                                                                SHA1

                                                                                                                                2929b6669f14db4bc07428f494a676ac64afb746

                                                                                                                                SHA256

                                                                                                                                edcadff928d597b7d5d7d10192068c8d95d183ed0fbc2122dd4c94ef4362b509

                                                                                                                                SHA512

                                                                                                                                81912e839e7c81056e34ebc1aaeddc913bdc3a1d62c4d768c5f66c80a70dc6568fc2511e8b25b1bf404c66f6bc804eba564a6b488b634e6f231e035e90a265fa

                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                                Filesize

                                                                                                                                2KB

                                                                                                                                MD5

                                                                                                                                111570670c7da6a2648e068927dbe130

                                                                                                                                SHA1

                                                                                                                                b806d05279d03120e0c00e02fc70264e9be3a478

                                                                                                                                SHA256

                                                                                                                                724bae0dbb734edaa8be014c57ddf81c81563279a874b54277727457837ccbb0

                                                                                                                                SHA512

                                                                                                                                b0f7fb5ecef420938bdf9fbebf692f6af17edd4d1b05fc4547c84a016616f8ec35213494bf19df5073254bcf45409334a0ecba87b2607cdba5f37d1817c4d7b6

                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\39XIXV5T\microsoft.windows[1].xml

                                                                                                                                Filesize

                                                                                                                                96B

                                                                                                                                MD5

                                                                                                                                29e3c94dfa03b794f03e17d8b45295d9

                                                                                                                                SHA1

                                                                                                                                1a598a72d3d486f77e861f98abcd2f4a8e936365

                                                                                                                                SHA256

                                                                                                                                7ff0263086f28cc1d842d07a23128b955780d3c8b85b130228c7f65ce2b4262a

                                                                                                                                SHA512

                                                                                                                                e2180d73f45da32ac4fb355546103496d73cdf7cb966c60f6a414bc7052e46431177e9009bdfd730d2fe6955b986392720fe3bdc8afbc0388f1b70e438a4ef9c

                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mvwq3f4b.dzh.ps1

                                                                                                                                Filesize

                                                                                                                                60B

                                                                                                                                MD5

                                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                SHA1

                                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                SHA256

                                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                SHA512

                                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                              • memory/436-343-0x0000000004830000-0x0000000004831000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/704-68-0x0000000004440000-0x0000000004441000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/912-89-0x0000000004670000-0x0000000004671000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/944-376-0x0000029DCE140000-0x0000029DCE160000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/944-374-0x0000029DCE180000-0x0000029DCE1A0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/944-378-0x0000029DCE550000-0x0000029DCE570000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/956-331-0x0000022233520000-0x0000022233540000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/956-329-0x0000022233120000-0x0000022233140000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/956-327-0x0000022233160000-0x0000022233180000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/964-27-0x0000000002900000-0x0000000002901000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/1236-225-0x0000000003390000-0x0000000003391000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/1368-367-0x0000000004860000-0x0000000004861000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/1612-37-0x000001B03BF50000-0x000001B03BF70000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/1612-33-0x000001B03BB00000-0x000001B03BB20000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/1612-35-0x000001B03B7B0000-0x000001B03B7D0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/1620-46-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/1972-80-0x0000025E858A0000-0x0000025E858C0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/1972-76-0x0000025E854D0000-0x0000025E854F0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/1972-78-0x0000025E85490000-0x0000025E854B0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/2432-248-0x0000000004600000-0x0000000004601000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/2532-307-0x00000201C82E0000-0x00000201C8300000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/2532-214-0x000002C4F8BD0000-0x000002C4F8BF0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/2532-212-0x000002C4F87C0000-0x000002C4F87E0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/2532-210-0x000002C4F8800000-0x000002C4F8820000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/2532-302-0x00000201C7D00000-0x00000201C7D20000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/2532-304-0x00000201C7CC0000-0x00000201C7CE0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/2752-203-0x0000000004820000-0x0000000004821000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/2772-294-0x0000000004650000-0x0000000004651000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/2984-121-0x0000025683490000-0x00000256834B0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/2984-123-0x0000025683AA0000-0x0000025683AC0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/2984-119-0x00000256834D0000-0x00000256834F0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/3108-233-0x00000241754B0000-0x00000241754D0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/3108-235-0x0000024175470000-0x0000024175490000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/3108-164-0x00000226EBEC0000-0x00000226EBEE0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/3108-166-0x00000226EBE80000-0x00000226EBEA0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/3108-168-0x00000226EC4A0000-0x00000226EC4C0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/3108-237-0x0000024175880000-0x00000241758A0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/3376-319-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/3596-258-0x000001A3B6EC0000-0x000001A3B6EE0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/3596-256-0x000001A3B6F00000-0x000001A3B6F20000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/3596-261-0x000001A3B74E0000-0x000001A3B7500000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/3596-157-0x0000000002D90000-0x0000000002D91000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/4192-14-0x000001BDEC4A0000-0x000001BDEC4B0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                64KB

                                                                                                                              • memory/4192-18-0x00007FFD6C170000-0x00007FFD6CC31000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                              • memory/4192-0-0x000001BDD3FB0000-0x000001BDD3FD2000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                136KB

                                                                                                                              • memory/4192-12-0x000001BDEC4A0000-0x000001BDEC4B0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                64KB

                                                                                                                              • memory/4192-17-0x000001BDEC3B0000-0x000001BDEC3B4000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                16KB

                                                                                                                              • memory/4192-16-0x000001BDEC4A0000-0x000001BDEC4B0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                64KB

                                                                                                                              • memory/4192-10-0x00007FFD6C170000-0x00007FFD6CC31000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                              • memory/4192-11-0x000001BDEC4A0000-0x000001BDEC4B0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                64KB

                                                                                                                              • memory/4192-13-0x000001BDEC4A0000-0x000001BDEC4B0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                64KB

                                                                                                                              • memory/4268-271-0x0000000004640000-0x0000000004641000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/4332-147-0x000002107B6E0000-0x000002107B700000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/4332-143-0x000002107B090000-0x000002107B0B0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/4332-141-0x000002107B0D0000-0x000002107B0F0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/4572-190-0x000001E2EF500000-0x000001E2EF520000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/4572-187-0x000001E2EF540000-0x000001E2EF560000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/4572-192-0x000001E2EF910000-0x000001E2EF930000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/4652-279-0x000001DF0A380000-0x000001DF0A3A0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/4652-281-0x000001DF0A340000-0x000001DF0A360000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/4652-283-0x000001DF0A750000-0x000001DF0A770000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/4824-180-0x00000000046D0000-0x00000000046D1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/4968-112-0x0000000004410000-0x0000000004411000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/5016-354-0x00000240EAC70000-0x00000240EAC90000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/5016-350-0x00000240EA8A0000-0x00000240EA8C0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/5016-352-0x00000240EA860000-0x00000240EA880000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/5020-133-0x0000000004080000-0x0000000004081000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                              • memory/5036-101-0x0000028562850000-0x0000028562870000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/5036-98-0x0000028562440000-0x0000028562460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/5036-96-0x0000028562480000-0x00000285624A0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/5076-57-0x000002075FB00000-0x000002075FB20000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/5076-55-0x000002075F4F0000-0x000002075F510000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                              • memory/5076-53-0x000002075F530000-0x000002075F550000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB