Overview

overview

10

Static

static

3

MSUpdates.exe

windows7-x64

10

MSUpdates.exe

windows10-2004-x64

10

enlpu.dll

windows7-x64

10

enlpu.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    50s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2025 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    enlpu.dll

  • Size

    50.2MB

  • MD5

    16a2f5d1ac6a7f134d808050c3697a68

  • SHA1

    d192bcedbedec45f8770bf1b225936862aa78727

  • SHA256

    c57b86b7e816cddb68e0903b12c30bb0495ca4cdf69f5dee9fc281eea3cd39ca

  • SHA512

    dbb163f0fee43a2ffe9cbaca0aa8542a70570eb527efaee44748666b09d75db91f51826adbd845715633c359423cb2ab66ef8c758b62c05152ee7b9ea1296659

  • SSDEEP

    3072:tSorJcpkszwTzM6ZCtOSMiwO2njCampn6VwJ3VY0yX6a4:tSbWsazMzMiunZmd6VwJFY0yX6V

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Signatures

  • Gh0st RAT payload 1 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Gh0strat family
    gh0strat
  • Blocklisted process makes network request 4 IoCs
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\enlpu.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\enlpu.dll,#1
      2⤵
      • Blocklisted process makes network request
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3400
      • C:\Windows\SysWOW64\Userinit.exe
        Userinit.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2968
        • C:\Windows\Explorer.EXE
          C:\Windows\Explorer.EXE
          4⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:4656
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1988
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1356
    • C:\Windows\System32\2s3f_b.exe
      "C:\Windows\System32\2s3f_b.exe"
      2⤵
        PID:2784
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2076
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:852
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SendNotifyMessage
      PID:5088
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2340
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4860
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:744
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1660
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3096
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1484
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:856
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4580
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:960
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3436
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:540
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2036
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:896
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3172
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4224
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4420
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1972
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:388
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:5096
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3452
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4392
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2220
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1412
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:3812
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:1992
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:4848
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:4616
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:2648
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:4652
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:4040
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:3632
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:4908
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:4528
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:1184
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:4776
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:2220
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:1708
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:2228
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:3984
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:4220
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:4028
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:4016
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:2416
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:3456
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:3172
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:4592
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:4484
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4392
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:3908
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:5012
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:5068
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:3600
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:1164
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:4076
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:1808
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:3824
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:1308
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:3064
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:4196
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:1160
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:1208
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:1040
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:1180
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3580
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:2076
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:1524
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:1556
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:2372
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:2732
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:5044
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:676
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:828
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:4792
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:3800
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:4268
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:2028
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:1324
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:3912
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:4772
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:3732
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:4764
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:2352

                                                                                                                          Network

                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                          Replay Monitor

                                                                                                                          Loading Replay Monitor...

                                                                                                                          Downloads

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SXHNX8M2\ips138[1].htm
                                                                                                                            Filesize

                                                                                                                            162B

                                                                                                                            MD5

                                                                                                                            4f8e702cc244ec5d4de32740c0ecbd97

                                                                                                                            SHA1

                                                                                                                            3adb1f02d5b6054de0046e367c1d687b6cdf7aff

                                                                                                                            SHA256

                                                                                                                            9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

                                                                                                                            SHA512

                                                                                                                            21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            047574121ffa0ed75735477891540914

                                                                                                                            SHA1

                                                                                                                            65cb0635d04de5eb8a6f095aa32c4a336e0e0e62

                                                                                                                            SHA256

                                                                                                                            1c08621a109d736a8231451a782afc06cea5ec4ac9680c125a176e347d89209f

                                                                                                                            SHA512

                                                                                                                            4510fb13e7ff8fd226110ce17992aa5e41abefc59bd8d3bb5aa9065b4813bdfde8c5f80c86c3d98e0e565a935452f2c96a18fe9985fd1ffde2d1fcc92af28ca2

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133826426138080472.txt
                                                                                                                            Filesize

                                                                                                                            75KB

                                                                                                                            MD5

                                                                                                                            ffc679e765965e2ddf4ae9ea6108d1d2

                                                                                                                            SHA1

                                                                                                                            10b86e24c0b6007cfe4e2bd7bf2f4e98f0c3e691

                                                                                                                            SHA256

                                                                                                                            a48ac12ca0a34e811effb75289d6de988c1e100d387bbfc58480498675fc51dd

                                                                                                                            SHA512

                                                                                                                            e8086d8e7928fbb2332e59667b9cc398e255c074714983ae980e11cfbc6ebe1302d189f28b262e0adef7c9d50d6727c137facc20e5e9d084d62761b48afadc5f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QYLSGBRE\microsoft.windows[1].xml
                                                                                                                            Filesize

                                                                                                                            97B

                                                                                                                            MD5

                                                                                                                            bcfc637d71de995845ab604d45d85a63

                                                                                                                            SHA1

                                                                                                                            9c61f2a58eac7a938f1d2846fc1949d4a9dd9e5e

                                                                                                                            SHA256

                                                                                                                            7562f5f17076bce0f9c56eddd3331e2a89ebc97ff12ac5703371e7e8570250b4

                                                                                                                            SHA512

                                                                                                                            214eda9024d4bc9135ead531f2db440323606b156f813a8883ca71888e6e2756b97c40981f024c2625df3ced5b49abf8203d1e1baaecaea3a4aecaed0c2cea6a

                                                                                                                            Download Submit

                                                                                                                          • memory/388-1063-0x0000000004990000-0x0000000004991000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/540-625-0x0000019516E60000-0x0000019516E80000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/540-652-0x0000019517220000-0x0000019517240000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/540-638-0x0000019516E20000-0x0000019516E40000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/744-332-0x0000000004910000-0x0000000004911000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/852-37-0x0000014E1DA90000-0x0000014E1DAB0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/852-55-0x0000014E1E0E0000-0x0000014E1E100000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/852-19-0x0000014E1CB70000-0x0000014E1CC70000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/852-24-0x0000014E1DAD0000-0x0000014E1DAF0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/960-618-0x00000000049B0000-0x00000000049B1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/1356-17-0x0000000004710000-0x0000000004711000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/1412-1222-0x000002081C4D0000-0x000002081C4F0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1412-1233-0x000002081C490000-0x000002081C4B0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1412-1253-0x000002081C8A0000-0x000002081C8C0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1484-477-0x0000000004170000-0x0000000004171000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/1972-949-0x0000020BED670000-0x0000020BED690000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1972-956-0x0000020BEDC80000-0x0000020BEDCA0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1972-922-0x0000020BEC800000-0x0000020BEC900000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1972-920-0x0000020BEC800000-0x0000020BEC900000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1972-925-0x0000020BED6B0000-0x0000020BED6D0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2036-770-0x0000000004F30000-0x0000000004F31000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3096-362-0x0000018DDF310000-0x0000018DDF330000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3096-333-0x0000018DDDE00000-0x0000018DDDF00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3096-338-0x0000018DDEF40000-0x0000018DDEF60000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3096-334-0x0000018DDDE00000-0x0000018DDDF00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3096-350-0x0000018DDEF00000-0x0000018DDEF20000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3172-777-0x000001ECB5960000-0x000001ECB5980000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3172-785-0x000001ECB5920000-0x000001ECB5940000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3172-772-0x000001ECB4800000-0x000001ECB4900000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3172-773-0x000001ECB4800000-0x000001ECB4900000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3172-796-0x000001ECB5D30000-0x000001ECB5D50000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3400-0-0x00000000010C0000-0x000000000112E000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            440KB

                                                                                                                            Download

                                                                                                                          • memory/3452-1069-0x00000263E3960000-0x00000263E3980000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3452-1064-0x00000263E2800000-0x00000263E2900000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3452-1079-0x00000263E3920000-0x00000263E3940000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3452-1092-0x00000263E3D30000-0x00000263E3D50000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3452-1065-0x00000263E2800000-0x00000263E2900000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3812-1348-0x00000000040A0000-0x00000000040A1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/4224-918-0x0000000004630000-0x0000000004631000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/4392-1215-0x0000000003620000-0x0000000003621000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/4580-478-0x0000022FEBD00000-0x0000022FEBE00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4580-479-0x0000022FEBD00000-0x0000022FEBE00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4580-483-0x0000022FECE60000-0x0000022FECE80000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4580-497-0x0000022FED230000-0x0000022FED250000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4580-486-0x0000022FECE20000-0x0000022FECE40000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4848-1350-0x00000250F4450000-0x00000250F4550000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4848-1351-0x00000250F4450000-0x00000250F4550000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4860-208-0x0000021F9DC60000-0x0000021F9DC80000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4860-182-0x0000021F9C530000-0x0000021F9C630000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4860-183-0x0000021F9C530000-0x0000021F9C630000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4860-181-0x0000021F9C530000-0x0000021F9C630000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4860-196-0x0000021F9D850000-0x0000021F9D870000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4860-186-0x0000021F9D890000-0x0000021F9D8B0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/5088-179-0x0000000002760000-0x0000000002761000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download