Analysis

  • max time kernel
    64s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-10-2024 12:26

General

  • Target

    Kontokurantens.ps1

  • Size

    50KB

  • MD5

    8a4da8bab6993bc24f8ba89b1a5035ba

  • SHA1

    0266616ebaff76b9027bdf4a52742bbb6d7dbf90

  • SHA256

    d19add8d848501931650d9c2f77d4519b15ffe2399a161dac88ea99c07f1b62d

  • SHA512

    1f604a65b0fb4543feab6eb9584aab3c47c5ebcabf251492c7be827e3c5d547f310ff05354bf30837fe8192be427c1855ec22783a0be14db15b40b1f05a13c50

  • SSDEEP

    1536:em3/0wJ5Bo29iuM2fkfAFr6+nw0JefyiwDs:/3/0EbiuRcot6Ocfyiwo

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 13 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Enumerates connected drives 3 TTPs 26 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 25 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Kontokurantens.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3120
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3468
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1168
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4580
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1292
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3840
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of SendNotifyMessage
    PID:1620
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2536
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4712
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of SendNotifyMessage
    PID:3720
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3608
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4220
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:320
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3280
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1620
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3884
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3032
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2696
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4124
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4908
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1356
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2072
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4268
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1960
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3568
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1392
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3532
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3372
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3788
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1076
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2020
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1176
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4276
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3776
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1960
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1416
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2784
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1808
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1520
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:2052
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:1548
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:4220
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:4340
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:4616
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:4088
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:4036
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:2136
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:3928
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:1016
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:2312
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4268
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:1292
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:3088
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3760
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4296
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:2376
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:640
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4032
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:228
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4608
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:3200
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:2384
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:1548
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:1960
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4132
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:3672
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:4208
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:3984
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:1936
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:1668
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:2256
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:4932
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:3080
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:1500
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:2324
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:2004
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:3892
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:1992
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:640
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:1516
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:4064
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:1720
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:4772
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:3752
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:3616
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:228
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:4580
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:4528
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:4628
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:2256
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:4016

                                                                                                          Network

                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                          Replay Monitor

                                                                                                          Loading Replay Monitor...

                                                                                                          Downloads

                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                            Filesize

                                                                                                            471B

                                                                                                            MD5

                                                                                                            62c508511a794bcc4d6228a0b4ef61d1

                                                                                                            SHA1

                                                                                                            b4e378c16fa898c3a2169f9fecad811becae6635

                                                                                                            SHA256

                                                                                                            5ed56c9d8284974af69a48b972977e0fe4467995eb74e8741094cb99d8ff498a

                                                                                                            SHA512

                                                                                                            458bfbe6ed86badb5a1ca2368828e048da6cb641c334f09943d47cd61a58e9f15f054de28e6d4289351405792a3f68ce2bff3766613149e61cca6a4ab439193d

                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                            Filesize

                                                                                                            412B

                                                                                                            MD5

                                                                                                            d99337f8de2750ab3f6e6120b9f3faef

                                                                                                            SHA1

                                                                                                            a1d9a7f71a8276c483c1d5860dd3cf994aa05da2

                                                                                                            SHA256

                                                                                                            1e7814e492ee38622bdef0ae85e2298d710b8c815ef0ae4bf5735c5da028d4a6

                                                                                                            SHA512

                                                                                                            19f960dc4b65e58e811b67a7ff9b296496cc91520c652184b663983b2b9e57ea1829857e0187b6dd83d16d85634cf99131d1281864e3bdaecc6c465d511dfcb3

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            9238602ce7f48b63158531f793f1741a

                                                                                                            SHA1

                                                                                                            2a4dfba2c07fd19f79664cd9666f6d7e7719a952

                                                                                                            SHA256

                                                                                                            af94e838d8787ac11a6c87398c9273cafaa3e6356cc3a70b939c849cea106de6

                                                                                                            SHA512

                                                                                                            526b8a5055d0aa582508d372ce0944dac6e8ffa231d82a61e4a498486e27f32e9b9d1425c2b7e56860e4902d22215d9c41d0595a4dece83c17b11e5537cf5ac8

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help

                                                                                                            Filesize

                                                                                                            36KB

                                                                                                            MD5

                                                                                                            8aaad0f4eb7d3c65f81c6e6b496ba889

                                                                                                            SHA1

                                                                                                            231237a501b9433c292991e4ec200b25c1589050

                                                                                                            SHA256

                                                                                                            813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

                                                                                                            SHA512

                                                                                                            1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_osk_exe

                                                                                                            Filesize

                                                                                                            36KB

                                                                                                            MD5

                                                                                                            f6a5ffe5754175d3603c3a77dcfeca6b

                                                                                                            SHA1

                                                                                                            dacd500aeef9dd69b87feae7521899040e7df1d9

                                                                                                            SHA256

                                                                                                            fab3529f4a4df98271fa2f6a7860a28fdc30215144b7eefbaf6d424a2847d035

                                                                                                            SHA512

                                                                                                            66ec46041f1fe20203cda7a4d68b61d2e5bcdd09a36ee8171efa53fe92a9e6e023c5a254a4c43c110a99749829d7b99613f8d13dfb4c42656097cb8d224a531e

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133740735887060309.txt

                                                                                                            Filesize

                                                                                                            74KB

                                                                                                            MD5

                                                                                                            7d4cedc98a2ae6ca99a9df4b9cecec13

                                                                                                            SHA1

                                                                                                            2717b3371155c15ec0dce54ea59d855e7d2f37c9

                                                                                                            SHA256

                                                                                                            072c63fa37baa7ca4fc04c6d3e44de31647b7fade4985c3f4aff06d9102379db

                                                                                                            SHA512

                                                                                                            232d6ff7af974a711884ef52e2b021307612f9c10d6f4eea03d9d6de4ad7b41d3ea2867ba10a6dfb1a96eb02ac23f038a0c5c485c27024a8c266866331c9f6ba

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\M6JCG2RK\microsoft.windows[1].xml

                                                                                                            Filesize

                                                                                                            96B

                                                                                                            MD5

                                                                                                            732a32ad072ef786d816a4f85b1b6bea

                                                                                                            SHA1

                                                                                                            fe1945717c160ac3266f291564a003c044d409b0

                                                                                                            SHA256

                                                                                                            7dd2262373fcd6ebe2ed2c6e66242c85b1434c3fe23ca92ba41ae328ce8b941e

                                                                                                            SHA512

                                                                                                            55b57d5bf942f20a3557f20adeebb4c01cde4aec9d7a4fa8bfe6281fe0981773d8ce637fdbd1dc64f25abe72d75fad2a6538fadc86483ede9fdc5b59c0d36b79

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cokioqme.csr.ps1

                                                                                                            Filesize

                                                                                                            60B

                                                                                                            MD5

                                                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                                                            SHA1

                                                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                            SHA256

                                                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                            SHA512

                                                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                          • memory/320-488-0x0000000004160000-0x0000000004161000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                          • memory/1076-1243-0x0000023147300000-0x0000023147320000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/1076-1255-0x0000023147700000-0x0000023147720000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/1076-1229-0x0000023146200000-0x0000023146300000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/1076-1234-0x0000023147340000-0x0000023147360000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/1076-1230-0x0000023146200000-0x0000023146300000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/1356-791-0x0000020713270000-0x0000020713290000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/1356-788-0x0000020712120000-0x0000020712220000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/1356-787-0x0000020712120000-0x0000020712220000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/1356-812-0x0000020713640000-0x0000020713660000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/1356-799-0x0000020713230000-0x0000020713250000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/1356-786-0x0000020712120000-0x0000020712220000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/1620-526-0x00000237874C0000-0x00000237874E0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/1620-510-0x0000023786EB0000-0x0000023786ED0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/1620-192-0x0000000004920000-0x0000000004921000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                          • memory/1620-489-0x0000023786100000-0x0000023786200000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/1620-494-0x0000023786EF0000-0x0000023786F10000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/1960-936-0x00000272B5C00000-0x00000272B5D00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/1960-937-0x00000272B5C00000-0x00000272B5D00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/1960-948-0x00000272B6AD0000-0x00000272B6AF0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/1960-961-0x00000272B70E0000-0x00000272B7100000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/1960-935-0x00000272B5C00000-0x00000272B5D00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/1960-940-0x00000272B6B10000-0x00000272B6B30000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/2020-1375-0x0000000004DE0000-0x0000000004DE1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                          • memory/2072-933-0x0000000004830000-0x0000000004831000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                          • memory/2696-638-0x0000025BCB300000-0x0000025BCB400000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/2696-654-0x0000025BCC3C0000-0x0000025BCC3E0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/2696-666-0x0000025BCC7D0000-0x0000025BCC7F0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/2696-643-0x0000025BCC400000-0x0000025BCC420000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/3120-19-0x00007FFB34540000-0x00007FFB35001000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                          • memory/3120-13-0x00000118BC250000-0x00000118BC27A000-memory.dmp

                                                                                                            Filesize

                                                                                                            168KB

                                                                                                          • memory/3120-1-0x00000118BBEB0000-0x00000118BBED2000-memory.dmp

                                                                                                            Filesize

                                                                                                            136KB

                                                                                                          • memory/3120-0-0x00007FFB34543000-0x00007FFB34545000-memory.dmp

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                          • memory/3120-12-0x00007FFB34540000-0x00007FFB35001000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                          • memory/3120-14-0x00000118BC250000-0x00000118BC274000-memory.dmp

                                                                                                            Filesize

                                                                                                            144KB

                                                                                                          • memory/3120-11-0x00007FFB34540000-0x00007FFB35001000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                          • memory/3120-16-0x00007FFB34540000-0x00007FFB35001000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                          • memory/3120-15-0x00007FFB34540000-0x00007FFB35001000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                          • memory/3120-18-0x00007FFB34540000-0x00007FFB35001000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                          • memory/3120-20-0x00007FFB34540000-0x00007FFB35001000-memory.dmp

                                                                                                            Filesize

                                                                                                            10.8MB

                                                                                                          • memory/3372-1227-0x00000000044D0000-0x00000000044D1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                          • memory/3532-1085-0x000002BE62860000-0x000002BE62880000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/3532-1105-0x000002BE62C20000-0x000002BE62C40000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/3532-1095-0x000002BE62820000-0x000002BE62840000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/3532-1080-0x000002BE61500000-0x000002BE61600000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/3568-1078-0x0000000004D60000-0x0000000004D61000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                          • memory/3720-338-0x0000000004B60000-0x0000000004B61000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                          • memory/3840-30-0x0000014FDF2B0000-0x0000014FDF3B0000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/3840-35-0x0000014FDFEE0000-0x0000014FDFF00000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/3840-43-0x0000014FDFEA0000-0x0000014FDFEC0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/3840-55-0x0000014FE06C0000-0x0000014FE06E0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/3884-636-0x0000000004A60000-0x0000000004A61000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                          • memory/4124-785-0x0000000004830000-0x0000000004831000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                          • memory/4220-342-0x0000020964720000-0x0000020964820000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/4220-345-0x0000020965880000-0x00000209658A0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/4220-340-0x0000020964720000-0x0000020964820000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/4220-353-0x0000020965840000-0x0000020965860000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/4220-341-0x0000020964720000-0x0000020964820000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/4220-377-0x0000020965C50000-0x0000020965C70000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/4580-29-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                          • memory/4712-208-0x00000164A6520000-0x00000164A6540000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/4712-195-0x00000164A5600000-0x00000164A5700000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/4712-199-0x00000164A6560000-0x00000164A6580000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                          • memory/4712-194-0x00000164A5600000-0x00000164A5700000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                          • memory/4712-231-0x00000164A6B20000-0x00000164A6B40000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB