Analysis

  • max time kernel
    51s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2025, 05:57

General

  • Target

    Pericenter.ps1

  • Size

    53KB

  • MD5

    2d7a9b17a981757aeb3b8945b15bb897

  • SHA1

    7c27d9e5ce5ec9dfc5f13985769ca91698980e2a

  • SHA256

    7c7023149ea38184f67f040b8fac8f56804e7a84886678e7df8409354d3b0b7d

  • SHA512

    83370533553f6f55c644fc3b203c1e7e3572c69bc570776f0fbe79c146174fdfd3a037cf54c943222fd07d72fb0ac466b9154753adf4c5314a91ebfdbd8b2efe

  • SSDEEP

    1536:9pVgd3Kz6PAoQUUCuqfG2F9M15qJ3hLafjHcmM:9qKO4cnN59M15Ogg

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Pericenter.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2508
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4644
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3232
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1312
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3912
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:720
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3784
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4348
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2960
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3160
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2788
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4200
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2028
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2960
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2552
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3996
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:220
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1884
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:2072
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3928
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2316
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1356
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4468
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2728
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2132
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3400
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4252
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:228
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5060
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
      PID:4112
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:688
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:3820
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:3524
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:3916
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:5104
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:2412
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:4004
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:1884
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:2596
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:3564
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:3980
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:2188
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:2992
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:4404
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:4004
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:3888
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:4296
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:4120
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:2956
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:1152
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:3744
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:3904
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:4016
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:228
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4932
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:1184
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:3160
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:4988
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:748
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:3320
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:3516
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:4220
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:4468
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:2444
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:4428
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:3328
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:4720
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:624
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:3300
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:3148
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:4324
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:3888
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:3172
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:4472
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:4556
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:4196
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:712
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:2084
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:3568
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:2636
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:3644
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:1904
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:2052
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:1884
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:408

                                                                                                                  Network

                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                  Replay Monitor

                                                                                                                  Loading Replay Monitor...

                                                                                                                  Downloads

                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                    Filesize

                                                                                                                    471B

                                                                                                                    MD5

                                                                                                                    36614131e7d219481f6732e91c9f8eeb

                                                                                                                    SHA1

                                                                                                                    1019465753971aa2bfbc3fb0bb359d5cf7486070

                                                                                                                    SHA256

                                                                                                                    f7024fc4b0221b897a567d0cdd17096887adb04e42cb3747bb61bf7b602d2166

                                                                                                                    SHA512

                                                                                                                    2749cdc6fbfbbd3adcef2dd4dfd3f6094ceeeb74ee98abbe6e63a8b5c8f4ff91f8536acb53554203bbf81adf6225154f95b0a56779bf1f0107830d6866a543b1

                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                    Filesize

                                                                                                                    412B

                                                                                                                    MD5

                                                                                                                    6e41604403136c18fdb039d0d117ad6e

                                                                                                                    SHA1

                                                                                                                    73b5543854b793d7a0b50bc44a3d80c7eeefaec2

                                                                                                                    SHA256

                                                                                                                    7c305af54006ffcec7156fda6cb1aeb693db39fb3bc1206ed7298d8d5cc2fc0e

                                                                                                                    SHA512

                                                                                                                    a771787b99b7322783c759b35dde62505b92695ce0b58930e364f758c985b0c92d137e1bd455350868eeaf3daad43280dd0b692dc8ca7a1a506772e8db761d59

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                    Filesize

                                                                                                                    2KB

                                                                                                                    MD5

                                                                                                                    f5b911f3c0ce8f798a19118f4b074f5b

                                                                                                                    SHA1

                                                                                                                    75a8856766c5ce7a01b8bec4d704d7151ba4ec64

                                                                                                                    SHA256

                                                                                                                    29116ab19174b610e8a3d3f05652955475886c70bf08e45c565ef997f680569e

                                                                                                                    SHA512

                                                                                                                    074aeae6e11ba467ef52956ae729f7c354fcc3566e5fb333ba8876893450604de02f575c35c89117eec7c365f4271c30e744223dd977f9e755891d8540dad557

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}

                                                                                                                    Filesize

                                                                                                                    36KB

                                                                                                                    MD5

                                                                                                                    8aaad0f4eb7d3c65f81c6e6b496ba889

                                                                                                                    SHA1

                                                                                                                    231237a501b9433c292991e4ec200b25c1589050

                                                                                                                    SHA256

                                                                                                                    813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

                                                                                                                    SHA512

                                                                                                                    1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer

                                                                                                                    Filesize

                                                                                                                    36KB

                                                                                                                    MD5

                                                                                                                    ab0262f72142aab53d5402e6d0cb5d24

                                                                                                                    SHA1

                                                                                                                    eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                                    SHA256

                                                                                                                    20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                                    SHA512

                                                                                                                    bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133858870749677641.txt

                                                                                                                    Filesize

                                                                                                                    75KB

                                                                                                                    MD5

                                                                                                                    aacbe518751f5fb3b6324bfe185ff788

                                                                                                                    SHA1

                                                                                                                    b8cabdea74838c372e16d3948c7912ffbbc1eaa9

                                                                                                                    SHA256

                                                                                                                    5864b1b59d924ea2c4080553ecd11d22a2e9b262f0d1cd883858bc24e7a1f003

                                                                                                                    SHA512

                                                                                                                    89b97222d6c68cd3b17926a3ac247a3fd70e6c4d478e72872e743b3bcfd7a49c739c23c79fb55bad16cac6948d8a1b39f4b45963e6a80690b77fc993dd333e8b

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\8PKTZ3BC\microsoft.windows[1].xml

                                                                                                                    Filesize

                                                                                                                    97B

                                                                                                                    MD5

                                                                                                                    77cc82955ce893463f41601027f87ac2

                                                                                                                    SHA1

                                                                                                                    735452540cbaec9e70d0e63c0d8433a3ea230678

                                                                                                                    SHA256

                                                                                                                    9be9016f70328b4742f54c3a3bb7387bccd76210084593015a42972593d48a34

                                                                                                                    SHA512

                                                                                                                    0b060b863f9ec90c3c9e3bac05111f0a793c570b443af6a982df027d13f4377c4b50662c7cbd7e1862fdd985410a08895b45eb80d86a95a950bdc7a4ba727ac8

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dwkhpp5o.n45.ps1

                                                                                                                    Filesize

                                                                                                                    60B

                                                                                                                    MD5

                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                    SHA1

                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                    SHA256

                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                    SHA512

                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                  • memory/228-1205-0x00000000044B0000-0x00000000044B1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/688-1353-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/720-46-0x000001C7F67E0000-0x000001C7F6800000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/720-31-0x000001C7F5900000-0x000001C7F5A00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/720-60-0x000001C7F6F30000-0x000001C7F6F50000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/720-35-0x000001C7F6B20000-0x000001C7F6B40000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/720-30-0x000001C7F5900000-0x000001C7F5A00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/1312-28-0x0000000003FE0000-0x0000000003FE1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/1356-907-0x0000000004DA0000-0x0000000004DA1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/1884-657-0x00000148F8030000-0x00000148F8050000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/1884-630-0x00000148F6B00000-0x00000148F6C00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/1884-645-0x00000148F7C20000-0x00000148F7C40000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/1884-629-0x00000148F6B00000-0x00000148F6C00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/1884-633-0x00000148F7C60000-0x00000148F7C80000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/1884-628-0x00000148F6B00000-0x00000148F6C00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2028-485-0x00000000040D0000-0x00000000040D1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/2072-764-0x00000000049D0000-0x00000000049D1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/2132-1055-0x0000000004220000-0x0000000004221000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/2316-771-0x00000280B8C80000-0x00000280B8CA0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2316-767-0x00000280B7B20000-0x00000280B7C20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2316-766-0x00000280B7B20000-0x00000280B7C20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2316-788-0x00000280B9050000-0x00000280B9070000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2316-779-0x00000280B8C40000-0x00000280B8C60000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2508-14-0x00007FFF92D60000-0x00007FFF93821000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                  • memory/2508-20-0x00007FFF92D60000-0x00007FFF93821000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                  • memory/2508-19-0x00007FFF92D60000-0x00007FFF93821000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                  • memory/2508-18-0x00007FFF92D60000-0x00007FFF93821000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                  • memory/2508-15-0x000001A976250000-0x000001A97627A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    168KB

                                                                                                                  • memory/2508-16-0x000001A976250000-0x000001A976274000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    144KB

                                                                                                                  • memory/2508-13-0x00007FFF92D60000-0x00007FFF93821000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                  • memory/2508-12-0x00007FFF92D60000-0x00007FFF93821000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                  • memory/2508-11-0x00007FFF92D60000-0x00007FFF93821000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    10.8MB

                                                                                                                  • memory/2508-10-0x000001A976070000-0x000001A976092000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    136KB

                                                                                                                  • memory/2508-0-0x00007FFF92D63000-0x00007FFF92D65000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    8KB

                                                                                                                  • memory/2552-487-0x000001D93C000000-0x000001D93C100000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2552-514-0x000001E13ED00000-0x000001E13ED20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2552-504-0x000001E13E900000-0x000001E13E920000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2552-491-0x000001E13E940000-0x000001E13E960000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2552-486-0x000001D93C000000-0x000001D93C100000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2728-908-0x000001ECDDB20000-0x000001ECDDC20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2728-913-0x000001F4DFC80000-0x000001F4DFCA0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2728-923-0x000001F4DFC40000-0x000001F4DFC60000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2728-934-0x000001F4E0050000-0x000001F4E0070000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2960-197-0x000001CA2FE00000-0x000001CA2FE20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2960-193-0x000001CA2ED00000-0x000001CA2EE00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2960-206-0x000001CA2FDC0000-0x000001CA2FDE0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2960-229-0x000001CA301D0000-0x000001CA301F0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/3160-343-0x0000000004C10000-0x0000000004C11000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/3784-191-0x0000000004E10000-0x0000000004E11000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/3996-627-0x0000000004290000-0x0000000004291000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/4112-1211-0x000001F45A6B0000-0x000001F45A6D0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4112-1234-0x000001F45AC80000-0x000001F45ACA0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4112-1206-0x000001F459750000-0x000001F459850000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4112-1208-0x000001F459750000-0x000001F459850000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4112-1220-0x000001F45A670000-0x000001F45A690000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4200-345-0x0000025D96700000-0x0000025D96800000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4200-372-0x0000025D97C00000-0x0000025D97C20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4200-359-0x0000025D97800000-0x0000025D97820000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4200-350-0x0000025D97840000-0x0000025D97860000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4252-1059-0x0000025553600000-0x0000025553700000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4252-1067-0x0000025554710000-0x0000025554730000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4252-1080-0x0000025554B20000-0x0000025554B40000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4252-1062-0x0000025554750000-0x0000025554770000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4252-1057-0x0000025553600000-0x0000025553700000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB