Analysis

  • max time kernel
    48s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250619-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2025, 06:52

General

  • Target

    Eksportindustrien.ps1

  • Size

    54KB

  • MD5

    e9e3dfcb65a6f62522714916d1ccd491

  • SHA1

    09319cafa05d6f9fb66e11c6ac3c41046b28e9e0

  • SHA256

    7beab23f05657b7b773b6e6facccfcc81bdde6bbc7a23c435b4a5b8e94674e2e

  • SHA512

    df3999ee5e66db05047989d1c50546bf256bab29bf850985bf89de3aef9b7a3445c7ac1db199a8b22e6b347f0db6e2fc813770b67c14dcc8d12ef4e72332f055

  • SSDEEP

    1536:TK2MNrH82wxdRFew8ACyLqzkK26AgV4VDBs:OfNBwBI9ACyLqYeZKs

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Eksportindustrien.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2532
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1936
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4260
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4328
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2228
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2872
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3660
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1904
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4360
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4132
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1420
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5112
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3488
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2368
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2580
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2532
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3736
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3280
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4960
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4184
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3620
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3032
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4852
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2000
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1188
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:5000
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:60
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:32
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:632
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:4328
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:4704
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:1944
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:3420
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:632
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3628
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:2144
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:2456
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:3096
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:1284
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:220
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:4544
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:4484
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:2888
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:2968
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:112
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:4012
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:1124
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4332
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:2000
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:772
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:3660
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:3088
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:3348
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:4604
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:992
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:1252
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:3500
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:1116
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:4980
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3020
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:3732
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:4728
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:3620
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4772
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:2352
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:1128
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:924
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:1224
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:5020
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3964
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:1996
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:2664
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4680
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:2320
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:3500
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:4948
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:1648
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:4224
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:2972
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:1188
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:4840
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:5112
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:2124
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:1776
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:1204
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:4936
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:32
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:1128
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:4184
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:2920
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                              1⤵
                                                                                                                                PID:3844

                                                                                                                              Network

                                                                                                                                    MITRE ATT&CK Enterprise v16

                                                                                                                                    Replay Monitor

                                                                                                                                    Loading Replay Monitor...

                                                                                                                                    Downloads

                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                                      Filesize

                                                                                                                                      471B

                                                                                                                                      MD5

                                                                                                                                      3ef39b791de2c639ea3f827068b6a875

                                                                                                                                      SHA1

                                                                                                                                      828ff318380258836ffa989c665d8e3d71a76fc9

                                                                                                                                      SHA256

                                                                                                                                      9635cf402e7e153b4398740dd15077ca7b1df339d62e92b8317b4078679fb5d3

                                                                                                                                      SHA512

                                                                                                                                      a5864fee2b4c73533dbd155b6a899109bb3c122b90d8d06d243ba5775ea41593bf14363eb247d9779d5fec752904ce0a416af9fdef4f8bdaf9180750c03275e4

                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                                      Filesize

                                                                                                                                      412B

                                                                                                                                      MD5

                                                                                                                                      5f2d74499cb44d2ee5d7eaf7e59193ee

                                                                                                                                      SHA1

                                                                                                                                      7db1c62e40a87e390bcd8870f418e7939e3d42b6

                                                                                                                                      SHA256

                                                                                                                                      b42aecb6fd207ba85d467496d725c6c2b4c4c92b0b87cb1544c6669d04537420

                                                                                                                                      SHA512

                                                                                                                                      87e67f44cfb7ca14aa220080a29f3cb9428258f434293fa8add9eab9f48dd63dddf30d95ab4964eba0a4344832f1f611204bffe6f41139e8339d69f7fdb0de09

                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                                      Filesize

                                                                                                                                      2KB

                                                                                                                                      MD5

                                                                                                                                      03bb0224b67e088e8d6fc4722b34e688

                                                                                                                                      SHA1

                                                                                                                                      8b99b4c5c16dd75c3eea1dedfee1cd66dad5a3d3

                                                                                                                                      SHA256

                                                                                                                                      dc4f673e6e942b8c6348d3c892482ab3d11417dbc0e42cd56643edcefa24fc3d

                                                                                                                                      SHA512

                                                                                                                                      558401976850f94e821ab2297f148b1f23fb4f4c7e9e523018cb4688b2e488fccf49509b99728c21947f49b62e9fc19d10e315759f8d6bf36534187fdba24b11

                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133958263429264628.txt

                                                                                                                                      Filesize

                                                                                                                                      84KB

                                                                                                                                      MD5

                                                                                                                                      664e9da80e91e4d52f991f3323c55d90

                                                                                                                                      SHA1

                                                                                                                                      af089d19ba4c11fda9a53f1f52d42143146c9081

                                                                                                                                      SHA256

                                                                                                                                      9288f8d81c16acd6fce22ad54806deae2fc8eff7459dd9d60f139ab0277d48f7

                                                                                                                                      SHA512

                                                                                                                                      ca991663cb2503bb7fbc4f381f81bb122a7bc51010a4138f240fb712f92f5ab175267ee4fc966d2b305ff6645714487e8f72b3bcdda911c9b6ab2300a03ef95a

                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

                                                                                                                                      Filesize

                                                                                                                                      22KB

                                                                                                                                      MD5

                                                                                                                                      3df8ac037df4e0a0490a3ee8f9978e16

                                                                                                                                      SHA1

                                                                                                                                      248e073c48f0aa12897e5c149aebe86b4a2048bc

                                                                                                                                      SHA256

                                                                                                                                      fec8df3dd3c267ddd241795591443e39afdfc8547b572cb6358fe3fabebcbd19

                                                                                                                                      SHA512

                                                                                                                                      30a8bb65e9085ef817a2fc11a0be75cc3ee11437e4bb427304196a985e4ea1f8415eaa019649588f53c7ca72fedfb10bb34d746f8d376b1c333fedd57699b62a

                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\57X22WH4\microsoft.windows[1].xml

                                                                                                                                      Filesize

                                                                                                                                      96B

                                                                                                                                      MD5

                                                                                                                                      844ccb6ac9b2bb4dc07e56e3c9ff7e60

                                                                                                                                      SHA1

                                                                                                                                      31b71ae6a5880c6f4b0fd0a13b240b628dde7247

                                                                                                                                      SHA256

                                                                                                                                      ba984aa6d21ecc237e0755ceb14302d667625eb9023240589974d6b779dd149d

                                                                                                                                      SHA512

                                                                                                                                      db01992a9e59dec053f29351c7217301ad554ca61529575d9c1fb994b59e38a31377f2b2f3ee06770b0c1f214cdf61bf7830a86fc7d8d69ab5f6c6213f317040

                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u5knvhap.nmz.ps1

                                                                                                                                      Filesize

                                                                                                                                      60B

                                                                                                                                      MD5

                                                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                      SHA1

                                                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                      SHA256

                                                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                      SHA512

                                                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                    • memory/60-1098-0x0000000004570000-0x0000000004571000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/632-1104-0x00000138032D0000-0x00000138032F0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/632-1100-0x0000013802500000-0x0000013802600000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/632-1099-0x0000013802500000-0x0000013802600000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/632-1127-0x00000138038A0000-0x00000138038C0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/632-1116-0x0000013803290000-0x00000138032B0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/1284-1691-0x00000000045C0000-0x00000000045C1000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/1420-245-0x0000018BA7150000-0x0000018BA7170000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/1420-226-0x0000018BA6D40000-0x0000018BA6D60000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/1420-213-0x0000018BA6D80000-0x0000018BA6DA0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/1420-208-0x0000018BA5C20000-0x0000018BA5D20000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/1944-1254-0x0000015E8B1F0000-0x0000015E8B210000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/1944-1248-0x0000015E8A020000-0x0000015E8A120000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/1944-1265-0x0000015E8B1B0000-0x0000015E8B1D0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/1944-1285-0x0000015E8B5C0000-0x0000015E8B5E0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/2000-955-0x00000000041F0000-0x00000000041F1000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/2144-1543-0x00000000040A0000-0x00000000040A1000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/2368-362-0x0000020C2DF70000-0x0000020C2DF90000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/2368-373-0x0000020C2DF30000-0x0000020C2DF50000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/2368-393-0x0000020C2E340000-0x0000020C2E360000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/2532-16-0x000002C1D8230000-0x000002C1D8254000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      144KB

                                                                                                                                    • memory/2532-13-0x000002C1D7660000-0x000002C1D7670000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      64KB

                                                                                                                                    • memory/2532-14-0x000002C1D7660000-0x000002C1D7670000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      64KB

                                                                                                                                    • memory/2532-18-0x000002C1D7660000-0x000002C1D7670000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      64KB

                                                                                                                                    • memory/2532-1-0x000002C1D7660000-0x000002C1D7670000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      64KB

                                                                                                                                    • memory/2532-15-0x000002C1D8230000-0x000002C1D825A000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      168KB

                                                                                                                                    • memory/2532-19-0x000002C1D8250000-0x000002C1D8252000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      8KB

                                                                                                                                    • memory/2532-12-0x000002C1D7660000-0x000002C1D7670000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      64KB

                                                                                                                                    • memory/2532-2-0x000002C1D8090000-0x000002C1D80B2000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      136KB

                                                                                                                                    • memory/2532-0-0x000002C1D7660000-0x000002C1D7670000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      64KB

                                                                                                                                    • memory/2580-503-0x00000000043F0000-0x00000000043F1000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/2872-30-0x000001BE10FD0000-0x000001BE110D0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/2872-34-0x000001BE12010000-0x000001BE12030000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/2872-65-0x000001BE125E0000-0x000001BE12600000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/2872-46-0x000001BE11FD0000-0x000001BE11FF0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/2968-1832-0x000002AB46100000-0x000002AB46200000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/2968-1834-0x000002AB46100000-0x000002AB46200000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/2968-1833-0x000002AB46100000-0x000002AB46200000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/3096-1581-0x0000018468FE0000-0x0000018469000000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/3096-1544-0x0000018467B00000-0x0000018467C00000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/3096-1549-0x0000018468C20000-0x0000018468C40000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/3096-1577-0x00000184689D0000-0x00000184689F0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/3280-655-0x0000000003EF0000-0x0000000003EF1000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/3420-1395-0x0000000004980000-0x0000000004981000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/3620-807-0x0000000004610000-0x0000000004611000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/3628-1402-0x0000017948F80000-0x0000017948FA0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/3628-1419-0x0000017949350000-0x0000017949370000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/3628-1406-0x0000017948F40000-0x0000017948F60000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/3736-531-0x0000028D838A0000-0x0000028D838C0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/3736-506-0x0000028D82500000-0x0000028D82600000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/3736-505-0x0000028D82500000-0x0000028D82600000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/3736-510-0x0000028D832D0000-0x0000028D832F0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/3736-518-0x0000028D83290000-0x0000028D832B0000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/3736-507-0x0000028D82500000-0x0000028D82600000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/4184-682-0x0000013FDCD30000-0x0000013FDCD50000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/4184-671-0x0000013FDC920000-0x0000013FDC940000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/4184-663-0x0000013FDC960000-0x0000013FDC980000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/4328-1246-0x0000000004DE0000-0x0000000004DE1000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/4328-28-0x0000000002810000-0x0000000002811000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/4360-206-0x0000000003FF0000-0x0000000003FF1000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/4484-1830-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB

                                                                                                                                    • memory/4544-1699-0x000001B2B8140000-0x000001B2B8160000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/4544-1693-0x000001B2B7000000-0x000001B2B7100000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/4544-1730-0x000001B2B8510000-0x000001B2B8530000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/4544-1710-0x000001B2B8100000-0x000001B2B8120000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/4852-815-0x000001C6CBD40000-0x000001C6CBD60000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/4852-835-0x000001C6CC110000-0x000001C6CC130000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/4852-824-0x000001C6CBD00000-0x000001C6CBD20000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/5000-958-0x000002617DF20000-0x000002617E020000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/5000-974-0x000002617F030000-0x000002617F050000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/5000-962-0x000002617F070000-0x000002617F090000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/5000-957-0x000002617DF20000-0x000002617E020000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      1024KB

                                                                                                                                    • memory/5000-985-0x000002617F440000-0x000002617F460000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      128KB

                                                                                                                                    • memory/5112-354-0x00000000029C0000-0x00000000029C1000-memory.dmp

                                                                                                                                      Filesize

                                                                                                                                      4KB