c2400f68483515e89994c4fcea600c47d4b31123efaf1d6f0d8787e1c5f43ab6

Analysis

max time kernel
140s
max time network
126s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 16:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
Size

1.0MB
MD5

d938f1dacd516a160c718c28b5b935c0
SHA1

0de8bab99b5240b96286aeca4042ca115d0d669d
SHA256

c2400f68483515e89994c4fcea600c47d4b31123efaf1d6f0d8787e1c5f43ab6
SHA512

cb97ea939773bc295c4a1b5ce1077c6868eb55d47628d5acca465b2d2d0df975e9634838dd9fcc9a7f600e03104e51c745736600a79ab912558cccc73703c803
SSDEEP

24576:8uPmLDUMihIXCE58xuTBc5WcXyFUhWPvmkm2Cnv6N8cd/dtl3Y9d/KdsMMN9kfC2:8u+LIIX72EVcHOR

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2948	Isass.exe
2548	Isass.exe
2628	Isass.exe
2692	Isass.exe
2448	Isass.exe
2472	Isass.exe
2668	Isass.exe
1560	Isass.exe
344	Isass.exe
328	Isass.exe
772	Isass.exe
596	Isass.exe
2180	Isass.exe
2040	Isass.exe
1624	Isass.exe
1920	Isass.exe
1912	Isass.exe
384	Isass.exe
1228	Isass.exe
1168	Isass.exe
1708	Isass.exe
1312	Isass.exe
1660	Isass.exe
2868	Isass.exe
404	Isass.exe
2112	Isass.exe
2080	Isass.exe
1500	Isass.exe
2540	Isass.exe
2524	Isass.exe
2560	Isass.exe
2920	Isass.exe
2452	Isass.exe
1852	Isass.exe
2592	Isass.exe
2724	Isass.exe
1896	Isass.exe
1516	Isass.exe
1564	Isass.exe
540	Isass.exe
1324	Isass.exe
2028	Isass.exe
1108	Isass.exe
1488	Isass.exe
1640	Isass.exe
1648	Isass.exe
924	Isass.exe
1420	Isass.exe
2952	Isass.exe
2332	Isass.exe
1520	Isass.exe
1016	Isass.exe
2212	Isass.exe
1812	Isass.exe
1668	Isass.exe
1804	Isass.exe
1528	Isass.exe
2508	Isass.exe
2676	Isass.exe
2716	Isass.exe
2400	Isass.exe
2876	Isass.exe
2712	Isass.exe
2736	Isass.exe

Loads dropped DLL 64 IoCs

pid	Process
2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2684	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2684	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2408	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2408	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2312	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2312	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2416	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2416	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2460	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2728	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2196	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2216	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1564	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1276	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
880	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2000	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1936	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1732	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1924	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2832	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1764	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2128	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2332	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1864	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1012	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
616	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2908	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1364	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1536	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1480	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2504	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2676	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2636	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1376	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2412	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2328	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2416	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2720	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2184	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1492	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1556	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1272	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
336	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2984	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2788	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2376	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2860	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2780	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1736	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2832	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2764	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2828	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1572	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
896	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
744	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
3064	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1884	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
892	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2772	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2704	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe"	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe"	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2948	Isass.exe
2548	Isass.exe
2548	Isass.exe
2548	Isass.exe
2684	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2628	Isass.exe
2628	Isass.exe
2628	Isass.exe
2408	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2692	Isass.exe
2692	Isass.exe
2692	Isass.exe
2312	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2448	Isass.exe
2448	Isass.exe
2448	Isass.exe
2416	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2472	Isass.exe
2472	Isass.exe
2472	Isass.exe
2460	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2668	Isass.exe
2668	Isass.exe
2668	Isass.exe
2728	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1560	Isass.exe
1560	Isass.exe
1560	Isass.exe
2196	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
344	Isass.exe
344	Isass.exe
344	Isass.exe
2216	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
328	Isass.exe
328	Isass.exe
328	Isass.exe
1564	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
772	Isass.exe
772	Isass.exe
772	Isass.exe
1276	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
596	Isass.exe
596	Isass.exe
596	Isass.exe
880	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2180	Isass.exe
2180	Isass.exe
2180	Isass.exe
2000	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
2040	Isass.exe
2040	Isass.exe
2040	Isass.exe
1936	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1624	Isass.exe
1624	Isass.exe
1624	Isass.exe
1732	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1920	Isass.exe
1920	Isass.exe
1920	Isass.exe
1924	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
1912	Isass.exe
1912	Isass.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2948	2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	28
PID 2700 wrote to memory of 2948	2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	28
PID 2700 wrote to memory of 2948	2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	28
PID 2700 wrote to memory of 2948	2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	28
PID 2700 wrote to memory of 2548	2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	29
PID 2700 wrote to memory of 2548	2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	29
PID 2700 wrote to memory of 2548	2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	29
PID 2700 wrote to memory of 2548	2700	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	29
PID 2548 wrote to memory of 2684	2548	Isass.exe	30
PID 2548 wrote to memory of 2684	2548	Isass.exe	30
PID 2548 wrote to memory of 2684	2548	Isass.exe	30
PID 2548 wrote to memory of 2684	2548	Isass.exe	30
PID 2684 wrote to memory of 2628	2684	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	31
PID 2684 wrote to memory of 2628	2684	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	31
PID 2684 wrote to memory of 2628	2684	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	31
PID 2684 wrote to memory of 2628	2684	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	31
PID 2628 wrote to memory of 2408	2628	Isass.exe	160
PID 2628 wrote to memory of 2408	2628	Isass.exe	160
PID 2628 wrote to memory of 2408	2628	Isass.exe	160
PID 2628 wrote to memory of 2408	2628	Isass.exe	160
PID 2408 wrote to memory of 2692	2408	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	33
PID 2408 wrote to memory of 2692	2408	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	33
PID 2408 wrote to memory of 2692	2408	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	33
PID 2408 wrote to memory of 2692	2408	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	33
PID 2692 wrote to memory of 2312	2692	Isass.exe	34
PID 2692 wrote to memory of 2312	2692	Isass.exe	34
PID 2692 wrote to memory of 2312	2692	Isass.exe	34
PID 2692 wrote to memory of 2312	2692	Isass.exe	34
PID 2312 wrote to memory of 2448	2312	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	208
PID 2312 wrote to memory of 2448	2312	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	208
PID 2312 wrote to memory of 2448	2312	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	208
PID 2312 wrote to memory of 2448	2312	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	208
PID 2448 wrote to memory of 2416	2448	Isass.exe	94
PID 2448 wrote to memory of 2416	2448	Isass.exe	94
PID 2448 wrote to memory of 2416	2448	Isass.exe	94
PID 2448 wrote to memory of 2416	2448	Isass.exe	94
PID 2416 wrote to memory of 2472	2416	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	37
PID 2416 wrote to memory of 2472	2416	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	37
PID 2416 wrote to memory of 2472	2416	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	37
PID 2416 wrote to memory of 2472	2416	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	37
PID 2472 wrote to memory of 2460	2472	Isass.exe	38
PID 2472 wrote to memory of 2460	2472	Isass.exe	38
PID 2472 wrote to memory of 2460	2472	Isass.exe	38
PID 2472 wrote to memory of 2460	2472	Isass.exe	38
PID 2460 wrote to memory of 2668	2460	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	39
PID 2460 wrote to memory of 2668	2460	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	39
PID 2460 wrote to memory of 2668	2460	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	39
PID 2460 wrote to memory of 2668	2460	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	39
PID 2668 wrote to memory of 2728	2668	Isass.exe	214
PID 2668 wrote to memory of 2728	2668	Isass.exe	214
PID 2668 wrote to memory of 2728	2668	Isass.exe	214
PID 2668 wrote to memory of 2728	2668	Isass.exe	214
PID 2728 wrote to memory of 1560	2728	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	166
PID 2728 wrote to memory of 1560	2728	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	166
PID 2728 wrote to memory of 1560	2728	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	166
PID 2728 wrote to memory of 1560	2728	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	166
PID 1560 wrote to memory of 2196	1560	Isass.exe	42
PID 1560 wrote to memory of 2196	1560	Isass.exe	42
PID 1560 wrote to memory of 2196	1560	Isass.exe	42
PID 1560 wrote to memory of 2196	1560	Isass.exe	42
PID 2196 wrote to memory of 344	2196	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	43
PID 2196 wrote to memory of 344	2196	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	43
PID 2196 wrote to memory of 344	2196	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	43
PID 2196 wrote to memory of 344	2196	d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe	43

C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Users\Public\Microsoft Build\Isass.exe
  "C:\Users\Public\Microsoft Build\Isass.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2948
- C:\Users\Public\Microsoft Build\Isass.exe
  "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
    3⤵
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Public\Microsoft Build\Isass.exe
      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        5⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2408
      - C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        7⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2312
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        8⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        9⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2416
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        10⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        11⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2460
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        12⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        13⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2728
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        14⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        15⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2196
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        16⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        17⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2216
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        18⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        19⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1564
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        20⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        21⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1276
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        22⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        23⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:880
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        24⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        25⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2000
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        26⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        27⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1936
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        28⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        29⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1732
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        30⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        31⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1924
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        32⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        33⤵
        Loads dropped DLL
        
        PID:2832
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        34⤵
        Executes dropped EXE
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        35⤵
        Loads dropped DLL
        
        PID:1764
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        36⤵
        Executes dropped EXE
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        37⤵
        Loads dropped DLL
        
        PID:2128
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        38⤵
        Executes dropped EXE
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        39⤵
        Loads dropped DLL
        
        PID:2332
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        40⤵
        Executes dropped EXE
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        41⤵
        Loads dropped DLL
        
        PID:1864
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        42⤵
        Executes dropped EXE
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        43⤵
        Loads dropped DLL
        
        PID:1012
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        44⤵
        Executes dropped EXE
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        45⤵
        Loads dropped DLL
        
        PID:616
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        46⤵
        Executes dropped EXE
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        47⤵
        Loads dropped DLL
        
        PID:2908
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        48⤵
        Executes dropped EXE
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        49⤵
        Loads dropped DLL
        
        PID:1364
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        50⤵
        Executes dropped EXE
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        51⤵
        Loads dropped DLL
        
        PID:1536
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        52⤵
        Executes dropped EXE
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        53⤵
        Loads dropped DLL
        
        PID:1480
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        54⤵
        Executes dropped EXE
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        55⤵
        Loads dropped DLL
        
        PID:2504
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        56⤵
        Executes dropped EXE
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        57⤵
        Loads dropped DLL
        
        PID:2676
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        58⤵
        Executes dropped EXE
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        59⤵
        Loads dropped DLL
        
        PID:2636
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        60⤵
        Executes dropped EXE
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        61⤵
        Loads dropped DLL
        
        PID:1376
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        62⤵
        Executes dropped EXE
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        63⤵
        Loads dropped DLL
        
        PID:2412
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        64⤵
        Executes dropped EXE
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        65⤵
        Loads dropped DLL
        
        PID:2328
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        66⤵
        Executes dropped EXE
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        67⤵
        Loads dropped DLL
        
        PID:2416
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        68⤵
        Executes dropped EXE
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        69⤵
        Loads dropped DLL
        
        PID:2720
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        70⤵
        Executes dropped EXE
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        71⤵
        Loads dropped DLL
        
        PID:2184
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        72⤵
        Executes dropped EXE
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        73⤵
        Loads dropped DLL
        
        PID:1492
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        74⤵
        Executes dropped EXE
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        75⤵
        Loads dropped DLL
        
        PID:1556
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        76⤵
        Executes dropped EXE
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        77⤵
        Loads dropped DLL
        
        PID:1272
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        78⤵
        Executes dropped EXE
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        79⤵
        Loads dropped DLL
        
        PID:336
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        80⤵
        Executes dropped EXE
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        81⤵
        Loads dropped DLL
        
        PID:2984
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        82⤵
        Executes dropped EXE
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        83⤵
        Loads dropped DLL
        
        PID:2788
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        84⤵
        Executes dropped EXE
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        85⤵
        Loads dropped DLL
        
        PID:2376
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        86⤵
        Executes dropped EXE
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        87⤵
        Loads dropped DLL
        
        PID:2860
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        88⤵
        Executes dropped EXE
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        89⤵
        Loads dropped DLL
        
        PID:2780
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        90⤵
        Executes dropped EXE
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        91⤵
        Loads dropped DLL
        
        PID:1736
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        92⤵
        Executes dropped EXE
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        93⤵
        Loads dropped DLL
        
        PID:2832
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        94⤵
        Executes dropped EXE
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        95⤵
        Loads dropped DLL
        
        PID:2764
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        96⤵
        Executes dropped EXE
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        97⤵
        Loads dropped DLL
        
        PID:2828
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        98⤵
        Executes dropped EXE
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        99⤵
        Loads dropped DLL
        
        PID:1572
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        100⤵
        Executes dropped EXE
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        101⤵
        Loads dropped DLL
        
        PID:896
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        102⤵
        Executes dropped EXE
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        103⤵
        Loads dropped DLL
        
        PID:744
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        104⤵
        Executes dropped EXE
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        105⤵
        Loads dropped DLL
        
        PID:3064
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        106⤵
        Executes dropped EXE
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        107⤵
        Loads dropped DLL
        
        PID:1884
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        108⤵
        Executes dropped EXE
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        109⤵
        Loads dropped DLL
        
        PID:892
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        110⤵
        Executes dropped EXE
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        111⤵
        Loads dropped DLL
        
        PID:2772
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        112⤵
        Executes dropped EXE
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        113⤵
        Loads dropped DLL
        
        PID:2704
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        114⤵
        Executes dropped EXE
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        115⤵
        
        PID:2544
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        116⤵
        Executes dropped EXE
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        117⤵
        
        PID:2696
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        118⤵
        Executes dropped EXE
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        119⤵
        
        PID:2564
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        120⤵
        Executes dropped EXE
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        121⤵
        
        PID:2596
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        122⤵
        Executes dropped EXE
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        123⤵
        
        PID:2328
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        124⤵
        Executes dropped EXE
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        125⤵
        
        PID:2660
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        126⤵
        Executes dropped EXE
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        127⤵
        
        PID:2724
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        128⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        129⤵
        
        PID:548
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        130⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        131⤵
        
        PID:1964
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        132⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        133⤵
        
        PID:2408
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        134⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        135⤵
        
        PID:704
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        136⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        137⤵
        
        PID:1992
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        138⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        139⤵
        
        PID:1560
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        140⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        141⤵
        
        PID:2496
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        142⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        143⤵
        
        PID:2788
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        144⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        145⤵
        
        PID:1488
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        146⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        147⤵
        
        PID:2252
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        148⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        149⤵
        
        PID:2076
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        150⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        151⤵
        
        PID:2820
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        152⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        153⤵
        
        PID:2132
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        154⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        155⤵
        
        PID:2100
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        156⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        157⤵
        
        PID:1028
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        158⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        159⤵
        
        PID:2088
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        160⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        161⤵
        
        PID:1228
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        162⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        163⤵
        
        PID:912
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        164⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        165⤵
        
        PID:2212
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        166⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        167⤵
        
        PID:2116
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        168⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        169⤵
        
        PID:2104
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        170⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        171⤵
        
        PID:1804
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        172⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        173⤵
        
        PID:2492
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        174⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        175⤵
        
        PID:2640
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        176⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        177⤵
        
        PID:2808
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        178⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        179⤵
        
        PID:2920
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        180⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        181⤵
        
        PID:2448
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        182⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        183⤵
        
        PID:2200
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        184⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        185⤵
        
        PID:2740
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        186⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        187⤵
        
        PID:2728
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        188⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        189⤵
        
        PID:2748
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        190⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        191⤵
        
        PID:2536
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        192⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        193⤵
        
        PID:1284
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        194⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        195⤵
        
        PID:600
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        196⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        197⤵
        
        PID:540
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        198⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        199⤵
        
        PID:2012
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        200⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        201⤵
        
        PID:2152
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        202⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        203⤵
        
        PID:2648
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        204⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        205⤵
        
        PID:1600
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        206⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        207⤵
        
        PID:1624
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        208⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        209⤵
        
        PID:1912
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        210⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        211⤵
        
        PID:1736
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        212⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        213⤵
        
        PID:1084
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        214⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        215⤵
        
        PID:848
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        216⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        217⤵
        
        PID:2828
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        218⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d938f1dacd516a160c718c28b5b935c0_JaffaCakes118.exe"
        219⤵
        
        PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Public\Microsoft Build\Isass.exe

Filesize
624KB

MD5
e4ef7a26186274fed7a4c0551d59548a

SHA1
7d7e01d23b581129b01a7bbec249fdfc1438b473

SHA256
a2557b1afc4c297c90151b0cf7e19c3c4b760fcc8f2392c7a86c02c52e2ae56a

SHA512
70b94a25be8ecdffeaac329b30405439865f0deb9ac6361c77d7aab00bc682d49d19794a804fd3c8d0641926bab70c1bd5ea90009bb5dacbb72bc36a45a75f8e

Download Submit
memory/328-66-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/328-68-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/336-204-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/344-61-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/344-62-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/384-108-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/384-106-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/404-149-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/404-148-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/540-202-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/596-76-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/596-78-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/616-143-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/616-141-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/772-73-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/772-72-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/880-82-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/880-81-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1012-134-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1012-135-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1108-211-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1168-120-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1228-114-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1228-112-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1272-200-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1276-77-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1312-131-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1312-132-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1324-206-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1364-150-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1364-153-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1376-177-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1376-176-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1480-163-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1500-165-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1500-164-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1516-195-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1536-159-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1556-197-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1560-56-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1560-55-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1564-71-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1624-94-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1624-92-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1648-222-0x0000000001720000-0x0000000001721000-memory.dmp

Filesize
4KB

Download
memory/1660-137-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1708-125-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1708-126-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1732-98-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1736-228-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1764-113-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1764-115-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1864-129-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1864-130-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1912-103-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1920-99-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1920-97-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1924-102-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/1936-93-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2000-86-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2000-88-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2040-87-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2040-89-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2080-158-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2080-160-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2112-155-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2112-154-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2128-118-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2128-119-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2180-83-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2196-60-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2196-59-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2216-67-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2216-65-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2312-31-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2312-34-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2328-183-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2332-124-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2332-123-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2408-24-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2408-27-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2412-181-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2416-38-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2416-42-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2448-36-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2448-37-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2452-180-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2460-48-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2460-45-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2472-43-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2472-44-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2504-167-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2524-170-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2524-172-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2540-169-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2540-168-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2548-15-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2548-16-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2560-175-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2560-173-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2592-186-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2628-22-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2628-23-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2636-174-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2668-49-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2668-50-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2676-171-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2684-17-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2684-20-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2692-30-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2692-29-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2700-1-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2700-14-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2720-189-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2728-54-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2728-51-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2780-219-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2788-210-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2832-107-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2832-109-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2860-216-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2868-142-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2908-144-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2908-146-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2920-179-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2920-178-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download
memory/2948-10-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2948-138-0x0000000000400000-0x00000000016A3000-memory.dmp

Filesize
18.6MB

Download