Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    68s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 14:41

General

  • Target

    e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe

  • Size

    250KB

  • MD5

    e2c3b908f6ad0b09754a3ffedd9b745b

  • SHA1

    922c99841d3680765063c605f2062945108e61cd

  • SHA256

    e3d39eb60c85c6e9cab923236095cec9848af72c884a5a2e259abba6805ddb26

  • SHA512

    39ed394b24385ad49e6856188886d7b0ab53f7fda891fbfa21aef5d7e395c36030439b7d016119619fcdee34649fb6e0e399f0298f82d29eb9200e431f6cf24f

  • SSDEEP

    6144:mhieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:DeKrJJuf86AYcwoaoSbr

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 15 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates connected drives 3 TTPs 30 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Modifies registry class 64 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • Checks computer location settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1168
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1168 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1700
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3328
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • Runs ping.exe
        PID:3360
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2688
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4620
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
    1⤵
      PID:1220
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4064
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2572
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2824
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3248
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1596
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:3336
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3912
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2312
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4344
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3596
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3464
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4352
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3556
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2332
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2624
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1432
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3548
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3644
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4576
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      PID:4560
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1756
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3044
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1872
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2724
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2144
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:212
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4108
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2008
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4212
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4796
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:804
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3432
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2600
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:448
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3224
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4280
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3208
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Modifies registry class
      PID:3824
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:5016
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:4448
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:3760
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:832
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:4108
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3956
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4976
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:2328
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:4536
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:3912
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:4232
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:4728
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:2304
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:4424
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:332
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:2440
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:4124
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:1804
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:2456
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:1208
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:3584
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:3468
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:3512
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:3168
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:4816
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:4220
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:3616
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:1184
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:2568
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:4788
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:2184
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:1956
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:1628
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:3712
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4316
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:1452
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:4368
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:960
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:5116
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:736
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3668
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:4856
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:4392
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:2620
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:1420
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:1432
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:2140
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:4724

                                                                                                    Network

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Program Files\WinRAR\winrar.jse

                                                                                                      Filesize

                                                                                                      11KB

                                                                                                      MD5

                                                                                                      9208c38b58c7c7114f3149591580b980

                                                                                                      SHA1

                                                                                                      8154bdee622a386894636b7db046744724c3fc2b

                                                                                                      SHA256

                                                                                                      cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

                                                                                                      SHA512

                                                                                                      a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

                                                                                                      Filesize

                                                                                                      471B

                                                                                                      MD5

                                                                                                      47fb6533b90c4095e33d176762480f8d

                                                                                                      SHA1

                                                                                                      86f81b2ff313ea50c5e76d19984e645ce645a092

                                                                                                      SHA256

                                                                                                      ca44a87d2796deb0dcff806372c2746fc9f38b06ec36ffa71bba96681d3f7b69

                                                                                                      SHA512

                                                                                                      b3ded8f66bf033f33fa8f0ec3520415780b2559d47d6268810b7fd09e6a62da22e3a54e44bc9cdb6b4a794e43371ad2257c5855a19e7f2aaaa48131abffc3f39

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                      Filesize

                                                                                                      471B

                                                                                                      MD5

                                                                                                      ba612e60ff16b71cb509986fc82643fc

                                                                                                      SHA1

                                                                                                      ddb4d1a8396ec5723510cfd5edf01ddcd39f9a94

                                                                                                      SHA256

                                                                                                      075c16549faed57f0e825e268169a83da8f5bd1bbd8a7840d999655618dffe79

                                                                                                      SHA512

                                                                                                      cb2f8b5b1bca546002b389d123a0e0182cb35bf46c30235df22cd9259422152b8eed19987fff52333ae5af924bfca8f50287b8590d5d6e57dcdd02e9390f78ed

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

                                                                                                      Filesize

                                                                                                      404B

                                                                                                      MD5

                                                                                                      82e7a47b4fe9c97fa071f085d1a0f876

                                                                                                      SHA1

                                                                                                      1f4441151d6bd0cb53625fdd6c44ea5202ba7496

                                                                                                      SHA256

                                                                                                      e4edef354f86e683555d6eac3984bc842470f4f1e5199cf174910795ede16271

                                                                                                      SHA512

                                                                                                      af481d040602078309c40568db5cc8d1f1c52d90ade4418d422c3e0d5bf1ed9e2888e19901b1a4b483628ad7ac8c2e61637d7c80d970e2faef87b9e53b9b8bb4

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                      Filesize

                                                                                                      412B

                                                                                                      MD5

                                                                                                      eafcd3cb2640b55654d680e8538e667c

                                                                                                      SHA1

                                                                                                      c37daf3aeef89d18924b1e46da6bd877d0253da9

                                                                                                      SHA256

                                                                                                      74e724507e17c2cc91003b4736298488e4d01890a4a7d90fed649c4f69117b3f

                                                                                                      SHA512

                                                                                                      3e74086a3682d45e66d97b661653d54d41e7ff159382e92c08d1b2cbec49c43cecf233662eb5db3b46cc63d7fc56852ac89cfddbc11817394cd1f96e4c7d50af

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K4KS10IH\suggestions[1].en-US

                                                                                                      Filesize

                                                                                                      17KB

                                                                                                      MD5

                                                                                                      5a34cb996293fde2cb7a4ac89587393a

                                                                                                      SHA1

                                                                                                      3c96c993500690d1a77873cd62bc639b3a10653f

                                                                                                      SHA256

                                                                                                      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                                                                                      SHA512

                                                                                                      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1SA07OI6\microsoft.windows[1].xml

                                                                                                      Filesize

                                                                                                      97B

                                                                                                      MD5

                                                                                                      fb9854a5b056cc3d006b38bf0eab1b7c

                                                                                                      SHA1

                                                                                                      0a2b0432e2e9938be1f652c2247827e47b265f44

                                                                                                      SHA256

                                                                                                      3d454d15255bb82fb8a4cfa40ea848af32395be899aaaf83b6d626a814aa21c2

                                                                                                      SHA512

                                                                                                      20366182bf5a658b19e3df4eef2fa4e484bdcecc85a893834fbcb2b0ab64100a7694c3dbbdf1597bf3e3a747ede6fe7b81aab5f07653ef40a515edbef90ed00d

                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc

                                                                                                      Filesize

                                                                                                      255B

                                                                                                      MD5

                                                                                                      a0c4d2f989198272c1e2593e65c9c6cb

                                                                                                      SHA1

                                                                                                      0fa5cf2c05483bb89b611e0de9db674e9d53389c

                                                                                                      SHA256

                                                                                                      f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23

                                                                                                      SHA512

                                                                                                      209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.mmc

                                                                                                      Filesize

                                                                                                      149B

                                                                                                      MD5

                                                                                                      b0ad7e59754e8d953129437b08846b5f

                                                                                                      SHA1

                                                                                                      9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

                                                                                                      SHA256

                                                                                                      cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

                                                                                                      SHA512

                                                                                                      53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

                                                                                                    • C:\Users\Public\Desktop\ACROBAT READER DC.mmc

                                                                                                      Filesize

                                                                                                      268B

                                                                                                      MD5

                                                                                                      57b00ccb3a351d6e45df0c5865020169

                                                                                                      SHA1

                                                                                                      c932af20d06642b4f2f0cb839cded241a90ace3d

                                                                                                      SHA256

                                                                                                      44771198c83ab0ed544795e6d1141330bc8f62129296e13218ef8422a9eab0d5

                                                                                                      SHA512

                                                                                                      334bf991e5d942a9e7f428948a93863fcacf1280518e5d1992ce36de0e2b3805195e6eadb1fbb70b6c45b371be9a7245c844231eff7c93a8f9b06b0e30d0f529

                                                                                                    • C:\Users\Public\Desktop\FIREFOX.mmc

                                                                                                      Filesize

                                                                                                      212B

                                                                                                      MD5

                                                                                                      e738deb26be0ae6ee9ea74b117af48dc

                                                                                                      SHA1

                                                                                                      44905d91300e06cc6b293dcc5bd6688d9243495b

                                                                                                      SHA256

                                                                                                      363989f254555ef8fb96df9010ca31c6e2035b10af004aeec341fc2ec26d117d

                                                                                                      SHA512

                                                                                                      12ee06669dddb6bf1f2da6f4be7beb93e17bd9e8480c119cab1ff4c011ee97680d4de7bd8bef68a0426948b2ffb421c32445387c5ed60f1d140e9ff66f96e867

                                                                                                    • C:\Users\Public\Desktop\GOOGLE CHROME.mmc

                                                                                                      Filesize

                                                                                                      250B

                                                                                                      MD5

                                                                                                      7dde836318d7cdbeef35f3d06a6d7b6d

                                                                                                      SHA1

                                                                                                      b26b884a2bd94a432a6e1da3acc5a99dc06c1d42

                                                                                                      SHA256

                                                                                                      951ba6b01bca3f14eabf9a657497bd172a073984e5a07a6bb39fe4ec8622aaa8

                                                                                                      SHA512

                                                                                                      74e3154552e693338f587e77a1f01762762406f8a782438ca9041888fb529dec7682692636f1dbd5255cd0922149a3b47c1cad0b3cd782f7f38497526fd945e6

                                                                                                    • C:\Users\Public\Desktop\Internet Explorer.mmc

                                                                                                      Filesize

                                                                                                      218B

                                                                                                      MD5

                                                                                                      4b9f175d36f729bc91274a478a80f85c

                                                                                                      SHA1

                                                                                                      7bd79be7dc7fcbe207f16c2aa3fab022a70e7809

                                                                                                      SHA256

                                                                                                      6533906583c1f768d716d7e9b101d35d1198d9c32a06d882aa626b2e4a51ee02

                                                                                                      SHA512

                                                                                                      e6ae4ff1cf1ab92cd649ceeda9c59794d8bfd1ca4500f672425d4a74aa48a0e938120d2444a2250513437da04767ff5883e81c7fa5dfa7e71b97bb967c0d5874

                                                                                                    • C:\Users\Public\Desktop\MICROSOFT EDGE.mmc

                                                                                                      Filesize

                                                                                                      252B

                                                                                                      MD5

                                                                                                      0b7d6914496973c48637995715d6f0d4

                                                                                                      SHA1

                                                                                                      9ac88bd5741ea9825e77511ddd35ad454f05bb99

                                                                                                      SHA256

                                                                                                      9d008d6bf529b562faba50a822eba33df5162e98265362cd23fdf5edfa65a5c8

                                                                                                      SHA512

                                                                                                      ed15ee3776c0eccc4020e006413ecdcdb13ee796376775e2a7fe9d0d7238b6e7633c665f4a78fa3427d9d6bf4309b35876297db2872c26ba0a945dcfc3faf85a

                                                                                                    • C:\Users\Public\Desktop\VLC MEDIA PLAYER.mmc

                                                                                                      Filesize

                                                                                                      198B

                                                                                                      MD5

                                                                                                      05a9ce26830a5d720143fff0263529be

                                                                                                      SHA1

                                                                                                      1b726387ca0cd48235aa0c72b95a56ba9d43c85e

                                                                                                      SHA256

                                                                                                      d15d32a3cc4c32b19be8951fd62ccf2fd9e8d40691dee12899a715f0aff298f2

                                                                                                      SHA512

                                                                                                      89c4fea31b80b5b3e413136c20d3edf81c9c6ecb3725c6025fa3bf7ce505aeec9bb3d269179942db5574dd152808e1d36c58604b093ed74a25049f1b4d98f58f

                                                                                                    • memory/212-248-0x0000000004D90000-0x0000000004D91000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/448-301-0x0000021C70C80000-0x0000021C70CA0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/448-306-0x0000021C71050000-0x0000021C71070000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/448-303-0x0000021C70C40000-0x0000021C70C60000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/804-278-0x000001A1CE900000-0x000001A1CE920000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/804-282-0x000001A1CEEE0000-0x000001A1CEF00000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/804-280-0x000001A1CE8C0000-0x000001A1CE8E0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/1596-93-0x000002629A9F0000-0x000002629AA10000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/1596-97-0x000002629ADC0000-0x000002629ADE0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/1596-95-0x000002629A9B0000-0x000002629A9D0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/1872-224-0x0000000004C30000-0x0000000004C31000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/1968-37-0x0000000000400000-0x00000000004B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      708KB

                                                                                                    • memory/1968-0-0x0000000000400000-0x00000000004B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      708KB

                                                                                                    • memory/2008-257-0x000002DFAF200000-0x000002DFAF220000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2008-255-0x000002DFAF240000-0x000002DFAF260000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2008-260-0x000002DFAF610000-0x000002DFAF630000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2144-234-0x000001A3B84B0000-0x000001A3B84D0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2144-236-0x000001A3B8AC0000-0x000001A3B8AE0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2144-232-0x000001A3B84F0000-0x000001A3B8510000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2312-115-0x000001BFF62C0000-0x000001BFF62E0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2312-117-0x000001BFF68E0000-0x000001BFF6900000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2312-113-0x000001BFF6300000-0x000001BFF6320000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2328-397-0x000001AF3DE20000-0x000001AF3DE40000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2328-399-0x000001AF3DBE0000-0x000001AF3DC00000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2328-401-0x000001AF3E1F0000-0x000001AF3E210000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2332-156-0x0000018B20BA0000-0x0000018B20BC0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2332-158-0x0000018B20B60000-0x0000018B20B80000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2332-160-0x0000018B20F70000-0x0000018B20F90000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2824-87-0x00000000043E0000-0x00000000043E1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/3044-209-0x000001BA87A40000-0x000001BA87A60000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3044-211-0x000001BA87A00000-0x000001BA87A20000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3044-213-0x000001BA87E10000-0x000001BA87E30000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3208-328-0x000002A2EB3E0000-0x000002A2EB400000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3208-326-0x000002A2EADD0000-0x000002A2EADF0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3208-324-0x000002A2EB020000-0x000002A2EB040000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3224-317-0x0000000002310000-0x0000000002311000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/3336-105-0x0000000004340000-0x0000000004341000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/3432-293-0x0000000002B70000-0x0000000002B71000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/3464-137-0x00000269B6FB0000-0x00000269B6FD0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3464-133-0x00000269B69E0000-0x00000269B6A00000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3464-135-0x00000269B69A0000-0x00000269B69C0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3548-169-0x0000000004250000-0x0000000004251000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/3760-367-0x0000000004120000-0x0000000004121000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/3824-337-0x0000000004B70000-0x0000000004B71000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/3956-390-0x0000000004700000-0x0000000004701000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4108-378-0x0000022DD9C50000-0x0000022DD9C70000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4108-374-0x0000022DD9680000-0x0000022DD96A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4108-376-0x0000022DD9640000-0x0000022DD9660000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4212-270-0x0000000004300000-0x0000000004301000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4232-420-0x000001646E840000-0x000001646E860000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4232-425-0x000001646EC10000-0x000001646EC30000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4232-422-0x000001646E800000-0x000001646E820000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4344-125-0x0000000004850000-0x0000000004851000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4352-148-0x0000000004850000-0x0000000004851000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4424-443-0x000001EF77CB0000-0x000001EF77CD0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4424-445-0x000001EF77C70000-0x000001EF77C90000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4448-344-0x000002A180FC0000-0x000002A180FE0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4448-348-0x000002A181390000-0x000002A1813B0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4448-346-0x000002A180F80000-0x000002A180FA0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4536-412-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4560-201-0x00000000042E0000-0x00000000042E1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4576-177-0x00000259A4BC0000-0x00000259A4BE0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4576-179-0x00000259A4B80000-0x00000259A4BA0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4576-181-0x00000259A4F90000-0x00000259A4FB0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4728-436-0x0000000004B80000-0x0000000004B81000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB