Overview

overview

10

Static

static

3

MSUpdates.exe

windows7-x64

10

MSUpdates.exe

windows10-2004-x64

10

enlpu.dll

windows7-x64

10

enlpu.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2025 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MSUpdates.exe

  • Size

    97KB

  • MD5

    c30111e3592bf03a022b6369c110ad7f

  • SHA1

    f7f57137a029457f132ae63c1b41eac24ac21524

  • SHA256

    239eee98bbcc692f13bffb4d01eb5588b69c75c3e97587f428ca6042d53fb573

  • SHA512

    31df97aba34d102b6b07594fd91966a5120a6a320dbec5bc34c8d4480261891a082ede96be2cd850c5ce0fab1c17a502e4f33d64731f571a15932d84708e0dd2

  • SSDEEP

    1536:bXMujB//+wHnOcWnl5SZ2gcUNEr8JiPZkoo45Ddcq+gQV/caiCj:b8udHPHGlaNJiC+Dcq+gQV1J

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Signatures

  • Gh0st RAT payload 1 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Gh0strat family
    gh0strat
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 11 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MSUpdates.exe
    "C:\Users\Admin\AppData\Local\Temp\MSUpdates.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3244
    • C:\Windows\SysWOW64\Userinit.exe
      Userinit.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1792
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2064
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2980
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3556
    • C:\Windows\System32\m6z17w.exe
      "C:\Windows\System32\m6z17w.exe"
      2⤵
        PID:840
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:5020
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4112
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:3740
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4184
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2152
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:4592
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2976
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4060
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:5036
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:5008
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3808
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2172
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3988
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2392
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4256
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4204
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2856
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:808
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4496
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4736
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:5112
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4868
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4136
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3892
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3844
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2120
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2384
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3548
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1908
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:2488
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:5052
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:1168
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:1908
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:2168
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:2400
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:3712
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:4272
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:4972
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:4304
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:696
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:5032
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:3276
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:3780
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:4172
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:3980
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:3684
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:2152
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:4628
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:3028
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:5020
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:3512
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:4972
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:1412
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:2832
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:2756
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:4444
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:1616
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:4964
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:3584
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:5064
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:3024
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:1168
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:3588
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:1888
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:4512
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:396
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:2040
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:4104
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:2236
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:1940
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:4440
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:1624
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:4604
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:3184
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:720
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:952
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:3548
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:2312
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:2028
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:3756
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:4000
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:3980
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:1560
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:4296
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:404
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                      1⤵
                                                                                                                        PID:1240

                                                                                                                      Network

                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                      Replay Monitor

                                                                                                                      Loading Replay Monitor...

                                                                                                                      Downloads

                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\960T0N6D\ips138[1].htm
                                                                                                                        Filesize

                                                                                                                        162B

                                                                                                                        MD5

                                                                                                                        4f8e702cc244ec5d4de32740c0ecbd97

                                                                                                                        SHA1

                                                                                                                        3adb1f02d5b6054de0046e367c1d687b6cdf7aff

                                                                                                                        SHA256

                                                                                                                        9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

                                                                                                                        SHA512

                                                                                                                        21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                        Filesize

                                                                                                                        2KB

                                                                                                                        MD5

                                                                                                                        2447e65eb2c74d342b670bc7b2540b2b

                                                                                                                        SHA1

                                                                                                                        22a6ea43688fac3829e21fa6bb8b3a31693540bc

                                                                                                                        SHA256

                                                                                                                        d6dd37187f5a89da7de5c145704de9fe684c5aa57fc994eaf565449f4e38ede5

                                                                                                                        SHA512

                                                                                                                        b4662ab0eec1d5c3ec25ce70b416ca9ad2e1a03eab2f04dd849fb92e4233103329d094c409947152c2d2d6b6524e655866aee491a6220b4ba0d0a811812fee2a

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133826426150667812.txt
                                                                                                                        Filesize

                                                                                                                        75KB

                                                                                                                        MD5

                                                                                                                        589a33e8cca36e5f5c61ddf4ca103753

                                                                                                                        SHA1

                                                                                                                        298c0455b151f198ed924404773fce18f4181a5a

                                                                                                                        SHA256

                                                                                                                        fce814f0afc4886ca0645083034fc5f74c3e78a8675f7a0dd510193e64e4e43d

                                                                                                                        SHA512

                                                                                                                        b8730b13cdd62694007f5b93f97fdaf4d13170054913822fedd7a0bddc4b4a33dcfc34964c302c5a60a926e5e7759960d9e4df8ebbcde5f1ff5dd084cb68acf8

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\P56Q32J4\microsoft.windows[1].xml
                                                                                                                        Filesize

                                                                                                                        97B

                                                                                                                        MD5

                                                                                                                        75de445e72210c4fc85641c9121a64cf

                                                                                                                        SHA1

                                                                                                                        991e559f592b96bd50e72705811f05b453d889aa

                                                                                                                        SHA256

                                                                                                                        7fdafd928f21a79d34079338964c9ad86f6cd56a09f60e325d2144a1cf311299

                                                                                                                        SHA512

                                                                                                                        f1cc988b855fe4a64d94b0344175a14fc5207b4a6b6cb8666e9c6c0a3531e422f62940616a2029da294c80cf6aa161ae302ccee0a5e53692f6dc05afda22852a

                                                                                                                        Download Submit

                                                                                                                      • memory/808-931-0x00000000041B0000-0x00000000041B1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/2120-1240-0x0000020D36200000-0x0000020D36220000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2120-1252-0x0000020D36610000-0x0000020D36630000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2120-1223-0x0000020D35100000-0x0000020D35200000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2120-1228-0x0000020D36240000-0x0000020D36260000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2120-1225-0x0000020D35100000-0x0000020D35200000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2120-1224-0x0000020D35100000-0x0000020D35200000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2152-193-0x000001B1A9B90000-0x000001B1A9BB0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2152-190-0x000001B1A8C40000-0x000001B1A8D40000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2152-219-0x000001B1A9B50000-0x000001B1A9B70000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2152-188-0x000001B1A8C40000-0x000001B1A8D40000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2152-225-0x000001B1AA160000-0x000001B1AA180000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2152-189-0x000001B1A8C40000-0x000001B1A8D40000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2172-635-0x0000000002C20000-0x0000000002C21000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/2392-636-0x000002B7BD840000-0x000002B7BD940000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2392-641-0x000002B7BE9B0000-0x000002B7BE9D0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2392-649-0x000002B7BE970000-0x000002B7BE990000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2392-663-0x000002B7BED80000-0x000002B7BEDA0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2856-784-0x000001BE8DB40000-0x000001BE8DC40000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2856-812-0x000001BE8F060000-0x000001BE8F080000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2856-785-0x000001BE8DB40000-0x000001BE8DC40000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2856-786-0x000001BE8DB40000-0x000001BE8DC40000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/2856-798-0x000001BE8EA50000-0x000001BE8EA70000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/2856-789-0x000001BE8EA90000-0x000001BE8EAB0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3244-0-0x00000000009F0000-0x0000000000A5E000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        440KB

                                                                                                                        Download

                                                                                                                      • memory/3556-18-0x0000000004D60000-0x0000000004D61000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/3740-186-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/3808-490-0x000001591C000000-0x000001591C100000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/3808-519-0x000001591D4C0000-0x000001591D4E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3808-506-0x000001591CDB0000-0x000001591CDD0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3808-488-0x000001591C000000-0x000001591C100000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/3808-493-0x000001591D100000-0x000001591D120000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3808-489-0x000001591C000000-0x000001591C100000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/3892-1222-0x00000000027E0000-0x00000000027E1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/4060-341-0x000002037EA00000-0x000002037EB00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4060-357-0x0000020300850000-0x0000020300870000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4060-368-0x0000020300E60000-0x0000020300E80000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4060-340-0x000002037EA00000-0x000002037EB00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4060-344-0x0000020300890000-0x00000203008B0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4060-339-0x000002037EA00000-0x000002037EB00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4112-24-0x00000264BE2A0000-0x00000264BE2C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4112-36-0x00000264BE260000-0x00000264BE280000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4112-55-0x00000264BE880000-0x00000264BE8A0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4136-1089-0x000001B039570000-0x000001B039590000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4136-1102-0x000001B039530000-0x000001B039550000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4136-1086-0x000001B038420000-0x000001B038520000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4136-1085-0x000001B038420000-0x000001B038520000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4136-1113-0x000001B039940000-0x000001B039960000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4136-1084-0x000001B038420000-0x000001B038520000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4256-783-0x0000000004F50000-0x0000000004F51000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/4592-337-0x0000000004300000-0x0000000004301000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/4736-932-0x000001BAAC550000-0x000001BAAC650000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4736-937-0x000001BAAD4B0000-0x000001BAAD4D0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4736-946-0x000001BAAD470000-0x000001BAAD490000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4736-959-0x000001BAAD880000-0x000001BAAD8A0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4736-933-0x000001BAAC550000-0x000001BAAC650000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4736-934-0x000001BAAC550000-0x000001BAAC650000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/5036-486-0x0000000003F60000-0x0000000003F61000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/5112-1082-0x0000000004810000-0x0000000004811000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download