Analysis

  • max time kernel
    41s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-11-2024 16:48

General

  • Target

    Overkeenly.ps1

  • Size

    55KB

  • MD5

    e1aaf4db5b49f5077aa39b8e8ca91243

  • SHA1

    f1d68c2d223d1112f80b798a131da9e91c826bce

  • SHA256

    76a1f9a4593917cdb08c30b9a444a43a7100fb1332aab4d7a4e335819eeeae55

  • SHA512

    80d95f4062e06d0706c070b1071d9ba8ca3fa824532dbd3978cd95405502d48cf81dd2e5c6c329a90ebe8793e2065f22cb5502c510076ca626f6e92f0ba8608a

  • SSDEEP

    1536:EBuR7slSxKxB6bwQZdh+1vnpTWOogw5C2YwBLNHh:EBuRoiKx0bvdsllCDBL/

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 8 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Enumerates connected drives 3 TTPs 14 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Overkeenly.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4672
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4432
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5080
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4572
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:968
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1204
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3852
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3696
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3052
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1684
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4040
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4420
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4364
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1600
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4856
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:448
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3600
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1852
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2800
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2832
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4484
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:3744
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:1260
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:1388
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:2800
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:3444
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3868
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:760
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:8
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:1524
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:3640
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:2144
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:936
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:656
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:3804
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2060
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:1372
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:1640
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1048
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4216
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:1208
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:1920
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4672
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:1060
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:3680
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:912
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4124
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:5004
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:400
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:1448
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:4024
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:5096
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:1324
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:800
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:208
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:2896
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:456
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:1524
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:4684
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:1068
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:536
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3720
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:3848
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4488
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:2496
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:1352
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:2144
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:2096
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:4680
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:1748
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:4412
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:1636
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3884
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:1676
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:860
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:4284
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:3028
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:872
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:2200
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:208
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:1728
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:1512
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:3532
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                              1⤵
                                                                                                                                PID:1380
                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                explorer.exe
                                                                                                                                1⤵
                                                                                                                                  PID:4168
                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                  1⤵
                                                                                                                                    PID:4608

                                                                                                                                  Network

                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                  Replay Monitor

                                                                                                                                  Loading Replay Monitor...

                                                                                                                                  Downloads

                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                                    Filesize

                                                                                                                                    471B

                                                                                                                                    MD5

                                                                                                                                    1f2d7ef8cddbdc9993dc3cecd01e96bc

                                                                                                                                    SHA1

                                                                                                                                    effd0abf0646b67f5407fa732df673e739df49dc

                                                                                                                                    SHA256

                                                                                                                                    6cb9f916579a761bbbfb9c04b284221d0559730c32472e175199188ad6334096

                                                                                                                                    SHA512

                                                                                                                                    b485ba08413f718ec39ab45f92be1345d95cd29cf63637e2768d52bbe89c6967fdf02efb4da9a1381751f0ae5b272c21f547d982fc1a412edb4e7fda04bc04d0

                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                                    Filesize

                                                                                                                                    412B

                                                                                                                                    MD5

                                                                                                                                    5e1cb49e713351ecc26704b01976fcdb

                                                                                                                                    SHA1

                                                                                                                                    3bce2a00979ce948e2149f8be8b0d49e8c4170b4

                                                                                                                                    SHA256

                                                                                                                                    dc2e528c42ebc5753bc3ba752382c8810f04efdbfc07215080391ea0238ca62f

                                                                                                                                    SHA512

                                                                                                                                    f18992091b41da312b6b7cbf934455ae73726a1bb2142e650219a60cac3fdb3821e0f8c02b9d6857085f741f289bab7739e66e7c1acdb85cbb94099c1b601980

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    b41c684439ac76441bfdca6cc02363d0

                                                                                                                                    SHA1

                                                                                                                                    cb03beba882f14d448149c1c8162d6a7799056c6

                                                                                                                                    SHA256

                                                                                                                                    fdf1523cdbb2f0305e1fae836ca3927e0ec063c4092a6900d6a4b23a94d550a6

                                                                                                                                    SHA512

                                                                                                                                    7028d14146afc90fdb304639a1a447ea027033beff3e6fa6648a9a3f3d2e22747eef3b3330ee48638697919511bf2e01028ac90f0ec2064412460b2c203d9117

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2CFNWDLC\microsoft.windows[1].xml

                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    539db492f33fccee9be530dd0bf34a46

                                                                                                                                    SHA1

                                                                                                                                    650b2a3583d6c9499b4ed73e9a5dca37f342a50e

                                                                                                                                    SHA256

                                                                                                                                    f6d425aad05b46e77b53e5737c85f4ceab6531e773ea87eb985754be5ec19999

                                                                                                                                    SHA512

                                                                                                                                    9328f2fa286b4a9ca6ae57ddd9fca0b1140e5f68a5e143fd8ae6ea212a1af5d7b6b2289c324fa9480ca8d2e6d3b0cf7115611a56a3a161c5ad2f988f6ae62a0a

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_agytx3pl.fot.ps1

                                                                                                                                    Filesize

                                                                                                                                    60B

                                                                                                                                    MD5

                                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                    SHA1

                                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                    SHA256

                                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                    SHA512

                                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                  • memory/448-623-0x0000000004EE0000-0x0000000004EE1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/656-1513-0x0000000004460000-0x0000000004461000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/760-1216-0x0000000004480000-0x0000000004481000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/936-1376-0x00000217C7360000-0x00000217C7380000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/936-1399-0x00000217C7720000-0x00000217C7740000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/936-1388-0x00000217C7320000-0x00000217C7340000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1048-1660-0x000002B961850000-0x000002B961950000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/1204-46-0x0000024D29BB0000-0x0000024D29BD0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1204-66-0x0000024D2A2C0000-0x0000024D2A2E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1204-31-0x0000024D28F00000-0x0000024D29000000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/1204-35-0x0000024D29F00000-0x0000024D29F20000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1372-1659-0x00000000048F0000-0x00000000048F1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/1388-939-0x0000028D7FF40000-0x0000028D7FF60000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1388-927-0x0000028D7FF80000-0x0000028D7FFA0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1388-950-0x0000028500350000-0x0000028500370000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1524-1220-0x0000020996D00000-0x0000020996E00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/1524-1218-0x0000020996D00000-0x0000020996E00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/1524-1235-0x0000020997BE0000-0x0000020997C00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1524-1247-0x00000209981F0000-0x0000020998210000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1524-1219-0x0000020996D00000-0x0000020996E00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/1524-1223-0x0000020997E20000-0x0000020997E40000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1684-337-0x0000000004870000-0x0000000004871000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/1852-662-0x00000238294A0000-0x00000238294C0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1852-630-0x0000023828EC0000-0x0000023828EE0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/1852-640-0x0000023828E80000-0x0000023828EA0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/2060-1551-0x0000016521B70000-0x0000016521B90000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/2060-1521-0x00000165217A0000-0x00000165217C0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/2060-1530-0x0000016521760000-0x0000016521780000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/2800-1071-0x0000000003E90000-0x0000000003E91000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/2800-773-0x0000000004E40000-0x0000000004E41000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/3052-222-0x00000196AB1B0000-0x00000196AB1D0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/3052-190-0x00000196AADE0000-0x00000196AAE00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/3052-199-0x00000196AADA0000-0x00000196AADC0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/3640-1368-0x0000000004C50000-0x0000000004C51000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/3744-919-0x00000000042F0000-0x00000000042F1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/3852-183-0x0000000004290000-0x0000000004291000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/3868-1104-0x000001891BC00000-0x000001891BC20000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/3868-1078-0x000001891B840000-0x000001891B860000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/3868-1092-0x000001891B800000-0x000001891B820000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/3868-1074-0x000001891A700000-0x000001891A800000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/3868-1073-0x000001891A700000-0x000001891A800000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/4364-471-0x0000000004110000-0x0000000004111000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/4420-352-0x0000013A05490000-0x0000013A054B0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/4420-340-0x0000013A04700000-0x0000013A04800000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/4420-362-0x0000013A05AA0000-0x0000013A05AC0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/4420-343-0x0000013A054D0000-0x0000013A054F0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/4420-339-0x0000013A04700000-0x0000013A04800000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/4420-338-0x0000013A04700000-0x0000013A04800000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/4484-788-0x000001B3089A0000-0x000001B3089C0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/4484-774-0x000001AB06900000-0x000001AB06A00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/4484-800-0x000001B308FB0000-0x000001B308FD0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/4484-779-0x000001B3089E0000-0x000001B308A00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/4572-28-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                  • memory/4672-18-0x00007FFFDA290000-0x00007FFFDAD51000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                  • memory/4672-15-0x00007FFFDA290000-0x00007FFFDAD51000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                  • memory/4672-1-0x0000021126FC0000-0x0000021126FE2000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                  • memory/4672-11-0x00007FFFDA290000-0x00007FFFDAD51000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                  • memory/4672-12-0x00007FFFDA290000-0x00007FFFDAD51000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                  • memory/4672-13-0x0000021129570000-0x000002112959A000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    168KB

                                                                                                                                  • memory/4672-20-0x00007FFFDA290000-0x00007FFFDAD51000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                  • memory/4672-19-0x00007FFFDA290000-0x00007FFFDAD51000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                  • memory/4672-14-0x0000021129570000-0x0000021129594000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    144KB

                                                                                                                                  • memory/4672-16-0x00007FFFDA290000-0x00007FFFDAD51000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                  • memory/4672-0-0x00007FFFDA293000-0x00007FFFDA295000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                  • memory/4856-510-0x0000023BD9820000-0x0000023BD9840000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/4856-488-0x0000023BD9420000-0x0000023BD9440000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/4856-474-0x0000023BD8300000-0x0000023BD8400000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                  • memory/4856-478-0x0000023BD9460000-0x0000023BD9480000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                  • memory/4856-473-0x0000023BD8300000-0x0000023BD8400000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB