Analysis

  • max time kernel
    42s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/03/2024, 03:55

General

  • Target

    Bedwarmer.ps1

  • Size

    58KB

  • MD5

    aae5fcb1e66470ef7a08ea335b80ac05

  • SHA1

    9422c0898c87a134c72c6ffa35c594d93dba9dc9

  • SHA256

    8bd9205c7c8f112ff5cba1307842eddccc18e20e227cccb7b74e6a24e686b8b0

  • SHA512

    031d187a47a9b687d6822f34e74029f2f1cf4eb8687dc2846a3d84efbf9d30d5459870842a22cdab89130915501e2593f79b2a32da5c266d382120e0a042b072

  • SSDEEP

    1536:kIA6tvaB6ot7AWRT/HFQzHYDLaKzxxkRq:kIltiBhzlQELaKzjD

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 9 IoCs
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Bedwarmer.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
      2⤵
        PID:2972
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3024
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1844
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4536
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3652
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4172
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:2508
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3168
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4992
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:1980
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3164
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3116
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4520
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4172
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3340
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2972
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3040
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1324
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4872
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4936
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:864
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1980
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4088
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4280
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1388
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4236
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:4312
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:2060
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:636
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3696
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:3972
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4040
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:1016
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:1604
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:1980
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:3724
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:2576
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:1604
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:4968
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:4068
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:4044
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:5048
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:2768
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4400
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:4960
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:4068
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:2756
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:1284
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:924
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:1440
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:4284
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:2328
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:3644
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:3036
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:660
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3548
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:4036
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:3536
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:208
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4596
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:3584
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:4040
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:1608
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:3680
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:5088
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:5008
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:4524
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:2028
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:396
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:3696
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:2068
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:2092
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:1216
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:4020
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:3872
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:2696
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:1404
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:3252
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:2068
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:724
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:4732
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:1920
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:732
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:4744
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:2820
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:4956
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                              1⤵
                                                                                                                                PID:2556
                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                explorer.exe
                                                                                                                                1⤵
                                                                                                                                  PID:232
                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                  1⤵
                                                                                                                                    PID:1012
                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                    1⤵
                                                                                                                                      PID:4936
                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                      explorer.exe
                                                                                                                                      1⤵
                                                                                                                                        PID:2556
                                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                        1⤵
                                                                                                                                          PID:4084
                                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                          1⤵
                                                                                                                                            PID:2828

                                                                                                                                          Network

                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                          Replay Monitor

                                                                                                                                          Loading Replay Monitor...

                                                                                                                                          Downloads

                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                                                            Filesize

                                                                                                                                            471B

                                                                                                                                            MD5

                                                                                                                                            6475b19cdf10d6f0ccf27ebf0fe76309

                                                                                                                                            SHA1

                                                                                                                                            6c3ca7a137c2b3041cdb22c994bba356e33f93c4

                                                                                                                                            SHA256

                                                                                                                                            635f833910db4e0915ecfe0d515341d4feec384dd83d6309f71f336c838a75d1

                                                                                                                                            SHA512

                                                                                                                                            9f695eae05fd9bc6f775cd2e8ec1a235976d82bf8b206449b0595e97afd335b31e79706b281b920e08de6d90a05a7e8b777f6d15bdbf815e61bf96e19542f4ce

                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                                                            Filesize

                                                                                                                                            412B

                                                                                                                                            MD5

                                                                                                                                            512b9d0888587333c33a07ff09ed3e3a

                                                                                                                                            SHA1

                                                                                                                                            33ecf0fe3029915e5ae037318eea8d7d55f55507

                                                                                                                                            SHA256

                                                                                                                                            73399385c7e1a78888b8fa1f4293efae7789e626117366f99a6887b5b9261ffb

                                                                                                                                            SHA512

                                                                                                                                            7a495234ffdc7b0efc18d72a0b9c940f9260b62b4d76e93bfd19542c5c5a761b4498d3628b50a1f8ecd2331cc889d506dfd30415ae196e517116776c2f4f1785

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                                            Filesize

                                                                                                                                            2KB

                                                                                                                                            MD5

                                                                                                                                            bdd3f4a0737c694c29dc04f56933c4e2

                                                                                                                                            SHA1

                                                                                                                                            f59e30c897393cabf9d551df4e820e52fb1a5832

                                                                                                                                            SHA256

                                                                                                                                            39d3d6cbb4db046ccc3dcc5c03a2764f00bdb8dfc3d8406ffac80b4762d9dc77

                                                                                                                                            SHA512

                                                                                                                                            aaafa9ec1e18a95e235e5373f061aa704fbebc8fab941ae89953d7651969dfa88271f3487e028255d6c17509d78477e1a7880255ae1fa9dab509f908637b5beb

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\S6429SHP\microsoft.windows[1].xml

                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            7e39acb1017053b924cf303370a12e55

                                                                                                                                            SHA1

                                                                                                                                            9c440dcafded082c00184b9b56e227028d055085

                                                                                                                                            SHA256

                                                                                                                                            b869cba3bf0e6ac6a65964e24a354bb1a787cb2c72db5da939e5a077d7848209

                                                                                                                                            SHA512

                                                                                                                                            895d599af4410d14543a699ecb70555a7ce606d9550c220b715ba1d8c6ef9e24b715c983499a162a222fdaa474dfdee1ad016b47b831e72acc994bd7c53dba1c

                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5clkduwf.v1e.ps1

                                                                                                                                            Filesize

                                                                                                                                            60B

                                                                                                                                            MD5

                                                                                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                            SHA1

                                                                                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                            SHA256

                                                                                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                            SHA512

                                                                                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                          • memory/636-198-0x000001E28F1C0000-0x000001E28F1E0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/636-203-0x000001E28F590000-0x000001E28F5B0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/636-200-0x000001E28F180000-0x000001E28F1A0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/660-378-0x00000287A63F0000-0x00000287A6410000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/660-376-0x00000287A5DE0000-0x00000287A5E00000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/660-374-0x00000287A6020000-0x00000287A6040000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/864-144-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/924-328-0x000002A6D24C0000-0x000002A6D24E0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/924-332-0x000002A6D2890000-0x000002A6D28B0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/924-330-0x000002A6D2480000-0x000002A6D24A0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/1324-128-0x0000028DAF1E0000-0x0000028DAF200000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/1324-130-0x0000028DAF1A0000-0x0000028DAF1C0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/1324-133-0x0000028DAF5B0000-0x0000028DAF5D0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/1440-343-0x0000000004DB0000-0x0000000004DB1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/1604-257-0x0000000004EF0000-0x0000000004EF1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/1980-71-0x0000000004520000-0x0000000004521000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/1980-238-0x0000000004AD0000-0x0000000004AD1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/2328-353-0x0000020BE9690000-0x0000020BE96B0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/2328-351-0x0000020BE96D0000-0x0000020BE96F0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/2328-356-0x0000020BE9AA0000-0x0000020BE9AC0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/2508-49-0x00000000045D0000-0x00000000045D1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/2576-245-0x0000027530840000-0x0000027530860000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/2576-247-0x0000027530800000-0x0000027530820000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/2576-249-0x0000027530CA0000-0x0000027530CC0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/2756-320-0x0000000004450000-0x0000000004451000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/2972-120-0x00000000048E0000-0x00000000048E1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/3116-81-0x00000197F1920000-0x00000197F1940000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/3116-83-0x00000197F1D30000-0x00000197F1D50000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/3116-79-0x00000197F1960000-0x00000197F1980000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/3172-17-0x0000028A5DDE0000-0x0000028A5DDE4000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            16KB

                                                                                                                                          • memory/3172-12-0x0000028A432E0000-0x0000028A432F0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            64KB

                                                                                                                                          • memory/3172-13-0x0000028A432E0000-0x0000028A432F0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            64KB

                                                                                                                                          • memory/3172-10-0x00007FFE8CE20000-0x00007FFE8D8E1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            10.8MB

                                                                                                                                          • memory/3172-14-0x0000028A432E0000-0x0000028A432F0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            64KB

                                                                                                                                          • memory/3172-0-0x0000028A44C00000-0x0000028A44C22000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            136KB

                                                                                                                                          • memory/3172-11-0x0000028A432E0000-0x0000028A432F0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            64KB

                                                                                                                                          • memory/3172-16-0x0000028A432E0000-0x0000028A432F0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            64KB

                                                                                                                                          • memory/3172-18-0x00007FFE8CE20000-0x00007FFE8D8E1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            10.8MB

                                                                                                                                          • memory/3340-106-0x00000284EDB90000-0x00000284EDBB0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/3340-104-0x00000284EDBD0000-0x00000284EDBF0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/3340-110-0x00000284EDFA0000-0x00000284EDFC0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/3644-366-0x00000000041B0000-0x00000000041B1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/3696-221-0x000002AD55680000-0x000002AD556A0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/3696-223-0x000002AD55640000-0x000002AD55660000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/3696-226-0x000002AD55A50000-0x000002AD55A70000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/3972-214-0x0000000004460000-0x0000000004461000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/4044-285-0x0000026B1F270000-0x0000026B1F290000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4044-287-0x0000026B1F230000-0x0000026B1F250000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4044-289-0x0000026B1F640000-0x0000026B1F660000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4068-267-0x000001A20BD00000-0x000001A20BD20000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4068-265-0x000001A20BD40000-0x000001A20BD60000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4068-269-0x000001A20C110000-0x000001A20C130000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4068-305-0x0000026EB7190000-0x0000026EB71B0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4068-307-0x0000026EB7150000-0x0000026EB7170000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4068-310-0x0000026EB7560000-0x0000026EB7580000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4088-156-0x000001F1C9EC0000-0x000001F1C9EE0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4088-154-0x000001F1C98A0000-0x000001F1C98C0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4088-152-0x000001F1C98E0000-0x000001F1C9900000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4172-33-0x000001CD7A8D0000-0x000001CD7A8F0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4172-34-0x000001CD7A890000-0x000001CD7A8B0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4172-37-0x000001CD7AEA0000-0x000001CD7AEC0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4236-175-0x0000016E49910000-0x0000016E49930000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4236-179-0x0000016E49EE0000-0x0000016E49F00000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4236-177-0x0000016E498D0000-0x0000016E498F0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4280-167-0x0000000001590000-0x0000000001591000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/4312-191-0x0000000004670000-0x0000000004671000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/4400-298-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/4520-97-0x00000000044A0000-0x00000000044A1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/4536-26-0x0000000004B00000-0x0000000004B01000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                          • memory/4992-60-0x000001B035510000-0x000001B035530000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4992-58-0x000001B035100000-0x000001B035120000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/4992-56-0x000001B035140000-0x000001B035160000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                          • memory/5048-277-0x0000000004B30000-0x0000000004B31000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB