Analysis

  • max time kernel
    69s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-04-2024 12:09

General

  • Target

    ravnemorens/Frsteinstanserne/Instantiations.ps1

  • Size

    54KB

  • MD5

    63d0c546b30964e943c2ac8fd5e236db

  • SHA1

    7d46713cb1d3cbfe25efcaf24369fb067d310920

  • SHA256

    eb26aa5b4ec7a1c0c0ad2be344c02a23f770815a40e84e5b1b5fe24c9b64edda

  • SHA512

    91399fec920e3be9526e1af39a632512c6c00cea3566a9ce43fdbadf813c5b2b830620bfc381747b195a4e2c52b8ef4d81295b484ea6ed925979a97b8cf6a1ed

  • SSDEEP

    768:stRSpMsDEBbiYzC9AUQg+Fj0VY6fgw8cl+ZzPhkrV439KaEJQkP5HF0GEFGRGI:uRUM0qbiCYYo3gnZzPKrOtKaiT8rE

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 14 IoCs
  • Enumerates connected drives 3 TTPs 28 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 25 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ravnemorens\Frsteinstanserne\Instantiations.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2576
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
      2⤵
        PID:2920
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1052
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3892
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3436
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:912
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:760
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SendNotifyMessage
      PID:5012
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1464
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1936
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:2156
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4200
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:32
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1836
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1360
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3620
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1396
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:5036
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4064
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2528
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4640
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3588
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:1600
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4824
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3216
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2912
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1976
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1904
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4924
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4256
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4152
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4376
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2160
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2172
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3444
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3712
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2428
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4360
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3232
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1072
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:4512
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:212
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:2280
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:2156
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:3328
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:4324
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3736
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:1072
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:4104
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:2024
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:3816
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:3508
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:3548
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:4192
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:2036
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:2948
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:2120
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:3148
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:752
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:4196
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:4228
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:552
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:4824
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:1416
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:4692
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:2744
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:3696
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:3420
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:1200
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:3204
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3628
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:5024
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:1424
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:3164
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4652
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:1516
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:2280
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:3488
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:3436
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3904
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3732
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:2156
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:1436
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:3428
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:2796
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:3524
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3284
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:4092
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:3712
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:4148

                                                                                                      Network

                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                      Replay Monitor

                                                                                                      Loading Replay Monitor...

                                                                                                      Downloads

                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                        Filesize

                                                                                                        471B

                                                                                                        MD5

                                                                                                        e69dda0aca7bcb3d7f5f01e6e7fd0d84

                                                                                                        SHA1

                                                                                                        8f40ae5d756580bc396bf0e5e9be138f48b11e39

                                                                                                        SHA256

                                                                                                        648760ee6faa6e233b4354f3a21b687e9a894231b738a41f8b1288b897a21bee

                                                                                                        SHA512

                                                                                                        622470cb39b5f1ae13e1e6596971fbe75cfe92c9e107a8c763267491d296e075d2fa5de6d2d4136705ee7349150ffb781e0ecbd8dd0419705b7c171d54f6cb8f

                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                        Filesize

                                                                                                        412B

                                                                                                        MD5

                                                                                                        dc6c3cb2593394a78fdbb70a32366764

                                                                                                        SHA1

                                                                                                        207ebd4db30ebd154f76565eaf0fce371e919ed9

                                                                                                        SHA256

                                                                                                        02ec6eb48cb5c861bbd81cacc14508e3a8c9dd26f4512cb96ffba79c09f6031b

                                                                                                        SHA512

                                                                                                        caf3a5721003115b53cb0a980476ce74aeba55503a430be7c03ff3e47f0757152805e169ecf20a31b8f1014c1badefb90101e67c0bfd886c13c86e1dbec1501b

                                                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\6HXMW4P4\microsoft.windows[1].xml

                                                                                                        Filesize

                                                                                                        97B

                                                                                                        MD5

                                                                                                        feffd338250393eea6b6aa63cb0d77b7

                                                                                                        SHA1

                                                                                                        883005ab3903a0996824a9c39a312fd931ed30a7

                                                                                                        SHA256

                                                                                                        d7e0954477a02822a900acbdc90af0a32e2a00bc059356bb661d0aa6bbd78057

                                                                                                        SHA512

                                                                                                        170215ca9f94134c9d3ac4438d65c8e49ef85f160b5d3c3327f3fbd1fb7abb0ad950e838dd2e8220fd1d198f4d50546693d0f5317328fca1f7f8e81c3dbd43d2

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rye3hwfj.jkg.ps1

                                                                                                        Filesize

                                                                                                        60B

                                                                                                        MD5

                                                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                                                        SHA1

                                                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                        SHA256

                                                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                        SHA512

                                                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                      • memory/32-79-0x0000025AB6FC0000-0x0000025AB6FE0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/32-77-0x0000025AB7300000-0x0000025AB7320000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/32-81-0x0000025AB76D0000-0x0000025AB76F0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/760-31-0x000002B793670000-0x000002B793690000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/760-33-0x000002B793630000-0x000002B793650000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/760-35-0x000002B793C40000-0x000002B793C60000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/1072-279-0x000001C5FF8C0000-0x000001C5FF8E0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/1072-277-0x000001C5FF2A0000-0x000001C5FF2C0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/1072-275-0x000001C5FF2E0000-0x000001C5FF300000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/1396-115-0x00000000030A0000-0x00000000030A1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/1600-162-0x0000000004430000-0x0000000004431000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/1836-92-0x00000000045E0000-0x00000000045E1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/1904-189-0x000001C447C20000-0x000001C447C40000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/1904-191-0x000001C4479D0000-0x000001C4479F0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/1904-193-0x000001C447FE0000-0x000001C448000000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/1936-54-0x000001A18F910000-0x000001A18F930000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/1936-57-0x000001A18FEE0000-0x000001A18FF00000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/1936-56-0x000001A18F8D0000-0x000001A18F8F0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/2024-359-0x0000000004520000-0x0000000004521000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/2156-70-0x0000000004A00000-0x0000000004A01000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/2156-313-0x0000000004740000-0x0000000004741000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/2172-234-0x000001E4AA120000-0x000001E4AA140000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/2172-232-0x000001E4AA160000-0x000001E4AA180000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/2172-236-0x000001E4AA520000-0x000001E4AA540000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/2280-300-0x0000016ED1E50000-0x0000016ED1E70000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/2280-298-0x0000016ED1E90000-0x0000016ED1EB0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/2280-302-0x0000016ED2460000-0x0000016ED2480000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/2428-259-0x0000024473B40000-0x0000024473B60000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/2428-257-0x0000024473730000-0x0000024473750000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/2428-255-0x0000024473770000-0x0000024473790000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/2528-138-0x0000000004C60000-0x0000000004C61000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/2576-11-0x0000014463CD0000-0x0000014463CE0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/2576-12-0x0000014463CD0000-0x0000014463CE0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/2576-10-0x00007FFEE4140000-0x00007FFEE4C01000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                      • memory/2576-16-0x00007FFEE4140000-0x00007FFEE4C01000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                      • memory/2576-14-0x0000014463CD0000-0x0000014463CE0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/2576-13-0x0000014463CD0000-0x0000014463CE0000-memory.dmp

                                                                                                        Filesize

                                                                                                        64KB

                                                                                                      • memory/2576-9-0x00000144646C0000-0x00000144646E2000-memory.dmp

                                                                                                        Filesize

                                                                                                        136KB

                                                                                                      • memory/2912-181-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/3216-169-0x000001E51D500000-0x000001E51D520000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3216-172-0x000001E51D8C0000-0x000001E51D8E0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3216-171-0x000001E51D1B0000-0x000001E51D1D0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3436-25-0x0000000004760000-0x0000000004761000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/3444-247-0x0000000005120000-0x0000000005121000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/3508-369-0x000001DA03290000-0x000001DA032B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3508-371-0x000001DA038A0000-0x000001DA038C0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3508-367-0x000001DA032D0000-0x000001DA032F0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3588-146-0x000002CD20FD0000-0x000002CD20FF0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3588-148-0x000002CD20F90000-0x000002CD20FB0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3588-150-0x000002CD213A0000-0x000002CD213C0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3620-104-0x0000018D4FF70000-0x0000018D4FF90000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3620-100-0x0000018D4FBA0000-0x0000018D4FBC0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3620-102-0x0000018D4FB60000-0x0000018D4FB80000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/3736-337-0x0000000004D90000-0x0000000004D91000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/4064-125-0x00000287CBAC0000-0x00000287CBAE0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4064-123-0x00000287CBB00000-0x00000287CBB20000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4064-128-0x00000287CC0E0000-0x00000287CC100000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4104-346-0x0000025556360000-0x0000025556380000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4104-344-0x00000255563A0000-0x00000255563C0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4104-348-0x0000025556770000-0x0000025556790000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4152-214-0x000001CA95420000-0x000001CA95440000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4152-211-0x000001CA95020000-0x000001CA95040000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4152-209-0x000001CA95060000-0x000001CA95080000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4324-323-0x00000249C1880000-0x00000249C18A0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4324-327-0x00000249C1C90000-0x00000249C1CB0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4324-321-0x00000249C18C0000-0x00000249C18E0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                      • memory/4360-267-0x0000000004950000-0x0000000004951000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/4376-225-0x00000000043C0000-0x00000000043C1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/4512-291-0x00000000036C0000-0x00000000036C1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/4924-201-0x0000000004880000-0x0000000004881000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                      • memory/5012-46-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB