Analysis

  • max time kernel
    74s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-03-2024 07:02

General

  • Target

    Handelshindringens.ps1

  • Size

    49KB

  • MD5

    26ac3d358904de47313a08e6e95b9ef8

  • SHA1

    d8cb62fa3f065244d37862489962401a3c829a9a

  • SHA256

    a87dc179ea36df155f5d8b7a8a5963ef1de61fa7032db510a8a1f64033182ff2

  • SHA512

    efc8932a6e6cb055fd76603cade1ce298c2d19f250d9e3234255f55b2ec28b6c34345f35a017816b35400a4258eb0cca8fdf885a1c8b5f0c08f50731d17bae71

  • SSDEEP

    1536:8cdYRGdh2mJBi9i2cMJC/uvyxOd8maeZ1q6KwDN2C:Bbh7J+5CHxOdbn1qr2Nh

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 15 IoCs
  • Enumerates connected drives 3 TTPs 30 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 27 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Handelshindringens.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
      2⤵
        PID:468
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:5000
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2200
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:412
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3196
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4700
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Suspicious use of SendNotifyMessage
      PID:4036
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1828
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2064
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:5004
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1400
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4056
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:876
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4812
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2440
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2692
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4960
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4920
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4136
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4804
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4056
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:3932
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3196
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4168
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2008
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4408
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3396
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2268
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3172
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:432
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1700
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1384
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4460
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3516
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4780
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5040
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4736
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3228
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3664
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:3208
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2440
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4892
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Modifies registry class
      PID:8
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:3844
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:2164
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:3824
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:2572
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:1400
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:4236
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:116
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:3804
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:4408
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:3492
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:3516
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:1060
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:4544
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:4940
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:4228
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:4464
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:2440
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4940
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:4268
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:2300
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:2440
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:3512
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:2076
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:1944
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:3520
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:1736
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:2992
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:3144
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:5076
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:4452
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:2240
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:5004
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:2584
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4276
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:2412
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:4976
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:1792
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4904
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:1240
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:4004
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:4236
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:3580
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:2412
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:4584

                                                                                            Network

                                                                                            MITRE ATT&CK Enterprise v15

                                                                                            Replay Monitor

                                                                                            Loading Replay Monitor...

                                                                                            Downloads

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                              Filesize

                                                                                              471B

                                                                                              MD5

                                                                                              4305f3b83ea7e48583ca9863f6a51c75

                                                                                              SHA1

                                                                                              83587d71d6baeca1bc553f67a84c399789c91cb5

                                                                                              SHA256

                                                                                              2251e0ab16b12b3590efe8b9793dc002345123f8a9dd98c4c31c957995b99273

                                                                                              SHA512

                                                                                              94c77f16fa66618ed073af0157d191efd39b9ef78ff7113a224117c8156594b36076b40ab7aafb8ec534dd82a069339486b693c8d672e431e2330be4a4c4eea5

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                              Filesize

                                                                                              412B

                                                                                              MD5

                                                                                              2404010fe00dd1b0e8a5a54b96f6ef5f

                                                                                              SHA1

                                                                                              8c1b43f13bc3b7f61d1bbd691815038d3296e6fb

                                                                                              SHA256

                                                                                              113292c3befc6d8395ea730ff2a1975df94f950dac9cf36fc8e85a4a7f3acb45

                                                                                              SHA512

                                                                                              c20a2d04324bb152b7d62e6702b7e52d7fcb8da270eb91a0a85a57ccfd2bcf1eacba701c3bb48eecdd23392ab8b97956854278d7c2f42a2f8f094afc595cbfc6

                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                              Filesize

                                                                                              2KB

                                                                                              MD5

                                                                                              b334f7c2ac79714dba6799ae7eaab033

                                                                                              SHA1

                                                                                              a25f8cdb3d25e5ecbe103ff283cb77ad1e854680

                                                                                              SHA256

                                                                                              a7d402f0229e0b5379479f47f337adf8a8a1622c5fde71c2e23a2ac810b973e9

                                                                                              SHA512

                                                                                              bbe1f5d7e492fc53a51a697dabd311e14dacbd7c6a14aeac17b25266a9b43a6338fc593042c0378fe6bc62b18a42bcb76bf0114c238b58b84023afbfb79212f1

                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UXZE23G7\microsoft.windows[1].xml

                                                                                              Filesize

                                                                                              97B

                                                                                              MD5

                                                                                              cf431c7d433b1384d2f6df919483feeb

                                                                                              SHA1

                                                                                              f8ab70eb8a468990556a07731e8f4f698b8a159e

                                                                                              SHA256

                                                                                              12be83d718acf262c1535d1109ed07b917a3fd7d55f8a0d8f5d5bcdeeafcf626

                                                                                              SHA512

                                                                                              be8ba596a5c29006d5edc9e4089b63ec120062de8e2297b34756dea825b68a0afe361a9b5bcd9a8a9390308ddc97d3108328437b20cd14b89dda54a2991c4218

                                                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rwo1uwuo.2ws.ps1

                                                                                              Filesize

                                                                                              60B

                                                                                              MD5

                                                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                                                              SHA1

                                                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                              SHA256

                                                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                              SHA512

                                                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                            • memory/8-308-0x0000000004770000-0x0000000004771000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/412-25-0x0000000004020000-0x0000000004021000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/432-214-0x000002CCD7B70000-0x000002CCD7B90000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/432-212-0x000002CCD7760000-0x000002CCD7780000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/432-210-0x000002CCD77A0000-0x000002CCD77C0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/876-90-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/1400-344-0x000002673B730000-0x000002673B750000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/1400-341-0x000002673B320000-0x000002673B340000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/1400-339-0x000002673B360000-0x000002673B380000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/1700-225-0x00000000044A0000-0x00000000044A1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/2008-182-0x0000000004630000-0x0000000004631000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/2064-56-0x0000020CD5080000-0x0000020CD50A0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2064-52-0x0000020CD4CB0000-0x0000020CD4CD0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2064-54-0x0000020CD4C70000-0x0000020CD4C90000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2164-320-0x00000141F2460000-0x00000141F2480000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2164-318-0x00000141F1E50000-0x00000141F1E70000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2164-316-0x00000141F1E90000-0x00000141F1EB0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2268-203-0x0000000004050000-0x0000000004051000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/2440-100-0x000002C685690000-0x000002C6856B0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2440-98-0x000002C6856D0000-0x000002C6856F0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2440-102-0x000002C685CA0000-0x000002C685CC0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2692-113-0x0000000003FB0000-0x0000000003FB1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/2844-10-0x00007FFAC70D0000-0x00007FFAC7B91000-memory.dmp

                                                                                              Filesize

                                                                                              10.8MB

                                                                                            • memory/2844-15-0x000001416A5D0000-0x000001416A5E0000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/2844-17-0x00007FFAC70D0000-0x00007FFAC7B91000-memory.dmp

                                                                                              Filesize

                                                                                              10.8MB

                                                                                            • memory/2844-13-0x000001416A5D0000-0x000001416A5E0000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/2844-12-0x000001416A5D0000-0x000001416A5E0000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/2844-11-0x000001416A5D0000-0x000001416A5E0000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                            • memory/2844-5-0x000001416A060000-0x000001416A082000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                            • memory/2844-16-0x0000014169F30000-0x0000014169F34000-memory.dmp

                                                                                              Filesize

                                                                                              16KB

                                                                                            • memory/3208-285-0x0000000000DF0000-0x0000000000DF1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/3396-194-0x000001C743760000-0x000001C743780000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3396-192-0x000001C743350000-0x000001C743370000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3396-190-0x000001C743390000-0x000001C7433B0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3516-245-0x0000000004BC0000-0x0000000004BC1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/3664-275-0x000002DEF56B0000-0x000002DEF56D0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3664-273-0x000002DEF56F0000-0x000002DEF5710000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3664-278-0x000002DEF5CC0000-0x000002DEF5CE0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3804-366-0x000001F1373D0000-0x000001F1373F0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3804-364-0x000001F136DC0000-0x000001F136DE0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3804-362-0x000001F137000000-0x000001F137020000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3824-331-0x0000000004AC0000-0x0000000004AC1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/3932-159-0x00000000031C0000-0x00000000031C1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/4036-44-0x0000000004710000-0x0000000004711000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/4056-148-0x000001C0A0280000-0x000001C0A02A0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4056-75-0x000001D49E940000-0x000001D49E960000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4056-79-0x000001D49ED10000-0x000001D49ED30000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4056-144-0x000001C09FCB0000-0x000001C09FCD0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4056-77-0x000001D49E900000-0x000001D49E920000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4056-146-0x000001C09FC70000-0x000001C09FC90000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4136-136-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/4168-167-0x000002198EC20000-0x000002198EC40000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4168-169-0x000002198E9D0000-0x000002198E9F0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4168-171-0x000002198EFE0000-0x000002198F000000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4236-355-0x0000000004B10000-0x0000000004B11000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/4460-233-0x000001E679740000-0x000001E679760000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4460-238-0x000001E679B10000-0x000001E679B30000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4460-236-0x000001E679700000-0x000001E679720000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4700-32-0x0000029ABEF20000-0x0000029ABEF40000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4700-36-0x0000029ABF2F0000-0x0000029ABF310000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4700-34-0x0000029ABEBE0000-0x0000029ABEC00000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4736-265-0x00000000049B0000-0x00000000049B1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/4892-293-0x000001339ECC0000-0x000001339ECE0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4892-297-0x000001339F090000-0x000001339F0B0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4892-295-0x000001339EC80000-0x000001339ECA0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4920-121-0x00000216BD9D0000-0x00000216BD9F0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4920-123-0x00000216BD990000-0x00000216BD9B0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4920-125-0x00000216BDDA0000-0x00000216BDDC0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/5004-67-0x0000000004DF0000-0x0000000004DF1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/5040-257-0x000001D6FDA20000-0x000001D6FDA40000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/5040-255-0x000001D6FD620000-0x000001D6FD640000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/5040-253-0x000001D6FD660000-0x000001D6FD680000-memory.dmp

                                                                                              Filesize

                                                                                              128KB