Analysis

  • max time kernel
    51s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/03/2024, 07:30

General

  • Target

    Fangarme/Unfrocked/Beside.ps1

  • Size

    57KB

  • MD5

    4b7717b799924b965c87395fd3525e75

  • SHA1

    497905fee98b47d49d2a307e63a3a150e9024da4

  • SHA256

    3328223bc86a8827b1790755d0c91c6b7f3cea91b18f8cfb24247ca0526ecf60

  • SHA512

    eabcd57e04d51874ef723663443f4f61abd1a11877f9c78e9724e1af0407f8f89fe4e22df66af96f3a3654b77fb197c8d93235764d52b3a91c513fed8a66ba0e

  • SSDEEP

    768:W/CIxu9s4ROzL5W7brBAkk9uBsiSq2mGj2hwHjhImHYlNQmu+DVgku/thQk:UyxRO3I7tyiSq2Xj2hSQnWEmN/TQk

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 10 IoCs
  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Fangarme\Unfrocked\Beside.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4908
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
      2⤵
        PID:2060
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3236
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4332
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1900
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4172
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3200
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:2500
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3656
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3636
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:4420
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4892
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1668
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4156
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3628
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3488
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4324
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1492
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:316
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1556
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3724
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1560
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:752
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3224
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3584
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1492
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:60
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3956
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4420
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:2644
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:3996
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:1376
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:4252
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:4376
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:4144
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:2284
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:1192
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:3800
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:2580
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:2408
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:632
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:3200
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:5024
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:4512
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:4864
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:3340
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:3468
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:2004
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:3360
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:632
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:4360
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:5024
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:2276
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:1584
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:884
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:1548
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:2992
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:3140
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:4932
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:3644
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:4620
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:4128
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:2420
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4752
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3648
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:3184
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:2424
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:1916
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:4336
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3424
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:4884
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4360
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:1088
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:3640
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3504
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:4872
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:2424
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:1876
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3956
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:3264
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:4588
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:4360
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:1280
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:1620
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:944
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:1684
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:4900
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:3564
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:3996
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                              1⤵
                                                                                                                                PID:4816
                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                explorer.exe
                                                                                                                                1⤵
                                                                                                                                  PID:1448

                                                                                                                                Network

                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                Replay Monitor

                                                                                                                                Loading Replay Monitor...

                                                                                                                                Downloads

                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                                                  Filesize

                                                                                                                                  471B

                                                                                                                                  MD5

                                                                                                                                  6475b19cdf10d6f0ccf27ebf0fe76309

                                                                                                                                  SHA1

                                                                                                                                  6c3ca7a137c2b3041cdb22c994bba356e33f93c4

                                                                                                                                  SHA256

                                                                                                                                  635f833910db4e0915ecfe0d515341d4feec384dd83d6309f71f336c838a75d1

                                                                                                                                  SHA512

                                                                                                                                  9f695eae05fd9bc6f775cd2e8ec1a235976d82bf8b206449b0595e97afd335b31e79706b281b920e08de6d90a05a7e8b777f6d15bdbf815e61bf96e19542f4ce

                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                                                  Filesize

                                                                                                                                  412B

                                                                                                                                  MD5

                                                                                                                                  0b67147c1d1780f81193e4dde9e5d848

                                                                                                                                  SHA1

                                                                                                                                  de24d3712de14162e0e05b73c38502e9a2cddfae

                                                                                                                                  SHA256

                                                                                                                                  799cf172c65f920cd8d2c6860a4799100d6c08d305ae6c81a2577f4bcbce2fc7

                                                                                                                                  SHA512

                                                                                                                                  8527f029373c22921a8500277ea29fa63d1fd858e56bf3c484a7ac2ba8c24cd840f00cac9656ac713156ad66aeb91657d9953abcfd90abcfaf19abf9d53d2657

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                                  Filesize

                                                                                                                                  2KB

                                                                                                                                  MD5

                                                                                                                                  c7dd4b4b1ec24688c549b5b44a9882e1

                                                                                                                                  SHA1

                                                                                                                                  488558459bbe35af2924c745fe64082179340ea8

                                                                                                                                  SHA256

                                                                                                                                  39437e992c755d1e94767dcdf330422555315238949ad6a9d843d67afe9a14f7

                                                                                                                                  SHA512

                                                                                                                                  1312f04acb33e1c00bf77fb1b2f0445c6248ae614927ec03905acbc822bbd21a94a3fd2dff5f2a8888fe492d7be6b3b972908684a615a746b8207fac14058cab

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UXZE23G7\microsoft.windows[1].xml

                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  cf431c7d433b1384d2f6df919483feeb

                                                                                                                                  SHA1

                                                                                                                                  f8ab70eb8a468990556a07731e8f4f698b8a159e

                                                                                                                                  SHA256

                                                                                                                                  12be83d718acf262c1535d1109ed07b917a3fd7d55f8a0d8f5d5bcdeeafcf626

                                                                                                                                  SHA512

                                                                                                                                  be8ba596a5c29006d5edc9e4089b63ec120062de8e2297b34756dea825b68a0afe361a9b5bcd9a8a9390308ddc97d3108328437b20cd14b89dda54a2991c4218

                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3wfg0qtp.uls.ps1

                                                                                                                                  Filesize

                                                                                                                                  60B

                                                                                                                                  MD5

                                                                                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                  SHA1

                                                                                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                  SHA256

                                                                                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                  SHA512

                                                                                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                • memory/60-165-0x00000000044C0000-0x00000000044C1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/632-266-0x000001F7A54A0000-0x000001F7A54C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/632-268-0x000001F7A5AC0000-0x000001F7A5AE0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/632-264-0x000001F7A54E0000-0x000001F7A5500000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/752-133-0x0000020503AA0000-0x0000020503AC0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/752-131-0x0000020503490000-0x00000205034B0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/752-129-0x00000205034D0000-0x00000205034F0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1376-195-0x000001D769EA0000-0x000001D769EC0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1376-199-0x000001D76A520000-0x000001D76A540000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1376-197-0x000001D769E60000-0x000001D769E80000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1492-159-0x000002CB5EF70000-0x000002CB5EF90000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1492-152-0x000002CB5EBA0000-0x000002CB5EBC0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1492-154-0x000002CB5EB60000-0x000002CB5EB80000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1548-378-0x0000026556C20000-0x0000026556C40000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1548-376-0x0000026556C60000-0x0000026556C80000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1548-379-0x0000026557030000-0x0000026557050000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1584-368-0x00000000042C0000-0x00000000042C1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/1668-83-0x0000028C707F0000-0x0000028C70810000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1668-78-0x0000028C701E0000-0x0000028C70200000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1668-76-0x0000028C70420000-0x0000028C70440000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/1900-27-0x00000000028A0000-0x00000000028A1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/2004-338-0x000001E7035A0000-0x000001E7035C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/2004-335-0x000001E702F80000-0x000001E702FA0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/2004-333-0x000001E702FC0000-0x000001E702FE0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/2276-356-0x000001AB90600000-0x000001AB90620000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/2276-358-0x000001AB903C0000-0x000001AB903E0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/2276-362-0x000001AB909D0000-0x000001AB909F0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/2284-234-0x0000000004DE0000-0x0000000004DE1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/2500-49-0x0000000003480000-0x0000000003481000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/2580-257-0x0000000004B20000-0x0000000004B21000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/2644-187-0x00000000043E0000-0x00000000043E1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3200-33-0x000001A46A690000-0x000001A46A6B0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3200-280-0x0000000004640000-0x0000000004641000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3200-35-0x000001A46A650000-0x000001A46A670000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3200-37-0x000001A46AA60000-0x000001A46AA80000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3224-145-0x00000000040F0000-0x00000000040F1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3360-326-0x0000000004120000-0x0000000004121000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3468-310-0x00000268DA480000-0x00000268DA4A0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3468-312-0x00000268DA440000-0x00000268DA460000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3468-315-0x00000268DA850000-0x00000268DA870000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3488-101-0x00000171D93D0000-0x00000171D93F0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3488-103-0x00000171D9390000-0x00000171D93B0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3488-105-0x00000171D97A0000-0x00000171D97C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3636-56-0x000001E3FE9E0000-0x000001E3FEA00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3636-58-0x000001E3FE9A0000-0x000001E3FE9C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3636-60-0x000001E3FF0B0000-0x000001E3FF0D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3724-121-0x0000000004450000-0x0000000004451000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3800-241-0x000001E855A20000-0x000001E855A40000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3800-243-0x000001E8557D0000-0x000001E8557F0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/3800-246-0x000001E855DE0000-0x000001E855E00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/4144-225-0x000001F726D00000-0x000001F726D20000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/4144-220-0x000001F7266E0000-0x000001F726700000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/4144-218-0x000001F726720000-0x000001F726740000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/4156-93-0x00000000044E0000-0x00000000044E1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4252-210-0x0000000002D90000-0x0000000002D91000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4360-349-0x00000000040A0000-0x00000000040A1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4420-68-0x0000000003030000-0x0000000003031000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4420-172-0x00000284B54B0000-0x00000284B54D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/4420-174-0x00000284B5470000-0x00000284B5490000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/4420-176-0x00000284B5A80000-0x00000284B5AA0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/4512-291-0x0000025465F20000-0x0000025465F40000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/4512-287-0x0000025465B60000-0x0000025465B80000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/4512-289-0x0000025465B20000-0x0000025465B40000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                • memory/4864-303-0x0000000004450000-0x0000000004451000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4908-0-0x0000025CBB240000-0x0000025CBB262000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  136KB

                                                                                                                                • memory/4908-14-0x0000025CB91C0000-0x0000025CB91D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  64KB

                                                                                                                                • memory/4908-13-0x0000025CB91C0000-0x0000025CB91D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  64KB

                                                                                                                                • memory/4908-12-0x0000025CB91C0000-0x0000025CB91D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  64KB

                                                                                                                                • memory/4908-11-0x0000025CB91C0000-0x0000025CB91D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  64KB

                                                                                                                                • memory/4908-16-0x0000025CB91C0000-0x0000025CB91D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  64KB

                                                                                                                                • memory/4908-17-0x0000025CBB290000-0x0000025CBB294000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  16KB

                                                                                                                                • memory/4908-18-0x00007FFF27130000-0x00007FFF27BF1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB

                                                                                                                                • memory/4908-10-0x00007FFF27130000-0x00007FFF27BF1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  10.8MB