Analysis

  • max time kernel
    146s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/04/2024, 11:26

General

  • Target

    00a98eba7929526544687a2b62bd254b_JaffaCakes118.exe

  • Size

    2.2MB

  • MD5

    00a98eba7929526544687a2b62bd254b

  • SHA1

    7f2ae1a38d935364c2da043b522adc8f13d8bbf7

  • SHA256

    3e7fca3a9d05f4ca79ee276f4b844820a7e5b7f7c2b3237a870de8e82220cb99

  • SHA512

    5daa500e75e3af9d0919a68c4c9d912d8eda15653f9bd896a420d8c638c250f81130bef0586ee6b4708d20ab55b4ee31706a13fb870ecf76d8dd3ffad7b8f012

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZa:0UzeyQMS4DqodCnoe+iitjWww2

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
  • Drops startup file 2 IoCs
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00a98eba7929526544687a2b62bd254b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\00a98eba7929526544687a2b62bd254b_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2248
      • C:\Users\Admin\AppData\Local\Temp\00a98eba7929526544687a2b62bd254b_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\00a98eba7929526544687a2b62bd254b_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2812
        • \??\c:\windows\system\explorer.exe
          c:\windows\system\explorer.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:2476
          • \??\c:\windows\system\explorer.exe
            "c:\windows\system\explorer.exe"
            4⤵
            • Modifies WinLogon for persistence
            • Modifies visiblity of hidden/system files in Explorer
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Loads dropped DLL
            • Adds Run key to start application
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1636
            • \??\c:\windows\system\spoolsv.exe
              c:\windows\system\spoolsv.exe SE
              5⤵
              • Executes dropped EXE
              PID:2004
              • \??\c:\windows\system\spoolsv.exe
                "c:\windows\system\spoolsv.exe"
                6⤵
                  PID:4928
              • \??\c:\windows\system\spoolsv.exe
                c:\windows\system\spoolsv.exe SE
                5⤵
                • Executes dropped EXE
                PID:2828
                • \??\c:\windows\system\spoolsv.exe
                  "c:\windows\system\spoolsv.exe"
                  6⤵
                    PID:4964
                • \??\c:\windows\system\spoolsv.exe
                  c:\windows\system\spoolsv.exe SE
                  5⤵
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  PID:268
                  • \??\c:\windows\system\spoolsv.exe
                    "c:\windows\system\spoolsv.exe"
                    6⤵
                      PID:5556
                  • \??\c:\windows\system\spoolsv.exe
                    c:\windows\system\spoolsv.exe SE
                    5⤵
                    • Executes dropped EXE
                    PID:2440
                    • \??\c:\windows\system\spoolsv.exe
                      "c:\windows\system\spoolsv.exe"
                      6⤵
                        PID:5936
                    • \??\c:\windows\system\spoolsv.exe
                      c:\windows\system\spoolsv.exe SE
                      5⤵
                      • Executes dropped EXE
                      PID:1088
                      • \??\c:\windows\system\spoolsv.exe
                        "c:\windows\system\spoolsv.exe"
                        6⤵
                          PID:6780
                      • \??\c:\windows\system\spoolsv.exe
                        c:\windows\system\spoolsv.exe SE
                        5⤵
                        • Executes dropped EXE
                        PID:2948
                        • \??\c:\windows\system\spoolsv.exe
                          "c:\windows\system\spoolsv.exe"
                          6⤵
                            PID:6768
                        • \??\c:\windows\system\spoolsv.exe
                          c:\windows\system\spoolsv.exe SE
                          5⤵
                          • Executes dropped EXE
                          PID:1816
                          • \??\c:\windows\system\spoolsv.exe
                            "c:\windows\system\spoolsv.exe"
                            6⤵
                              PID:6936
                          • \??\c:\windows\system\spoolsv.exe
                            c:\windows\system\spoolsv.exe SE
                            5⤵
                            • Executes dropped EXE
                            PID:2768
                            • \??\c:\windows\system\spoolsv.exe
                              "c:\windows\system\spoolsv.exe"
                              6⤵
                                PID:6968
                            • \??\c:\windows\system\spoolsv.exe
                              c:\windows\system\spoolsv.exe SE
                              5⤵
                              • Executes dropped EXE
                              • Drops file in Windows directory
                              PID:1912
                            • \??\c:\windows\system\spoolsv.exe
                              c:\windows\system\spoolsv.exe SE
                              5⤵
                              • Executes dropped EXE
                              • Drops file in Windows directory
                              PID:2836
                              • \??\c:\windows\system\spoolsv.exe
                                "c:\windows\system\spoolsv.exe"
                                6⤵
                                  PID:7052
                              • \??\c:\windows\system\spoolsv.exe
                                c:\windows\system\spoolsv.exe SE
                                5⤵
                                • Executes dropped EXE
                                • Drops file in Windows directory
                                PID:1660
                                • \??\c:\windows\system\spoolsv.exe
                                  "c:\windows\system\spoolsv.exe"
                                  6⤵
                                    PID:6960
                                • \??\c:\windows\system\spoolsv.exe
                                  c:\windows\system\spoolsv.exe SE
                                  5⤵
                                  • Executes dropped EXE
                                  • Drops file in Windows directory
                                  PID:2104
                                • \??\c:\windows\system\spoolsv.exe
                                  c:\windows\system\spoolsv.exe SE
                                  5⤵
                                  • Executes dropped EXE
                                  PID:2552
                                • \??\c:\windows\system\spoolsv.exe
                                  c:\windows\system\spoolsv.exe SE
                                  5⤵
                                  • Executes dropped EXE
                                  PID:1612
                                • \??\c:\windows\system\spoolsv.exe
                                  c:\windows\system\spoolsv.exe SE
                                  5⤵
                                  • Executes dropped EXE
                                  PID:2944
                                • \??\c:\windows\system\spoolsv.exe
                                  c:\windows\system\spoolsv.exe SE
                                  5⤵
                                  • Executes dropped EXE
                                  PID:2996
                                • \??\c:\windows\system\spoolsv.exe
                                  c:\windows\system\spoolsv.exe SE
                                  5⤵
                                  • Executes dropped EXE
                                  • Drops file in Windows directory
                                  PID:2816
                                • \??\c:\windows\system\spoolsv.exe
                                  c:\windows\system\spoolsv.exe SE
                                  5⤵
                                  • Executes dropped EXE
                                  • Drops file in Windows directory
                                  PID:2072
                                  • \??\c:\windows\system\spoolsv.exe
                                    "c:\windows\system\spoolsv.exe"
                                    6⤵
                                      PID:5212
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:664
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:764
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:2932
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1760
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:2980
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1604
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1504
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1256
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:2316
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1620
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:2588
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:856
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:2040
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:2112
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:1896
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:2576
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1916
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:2016
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1044
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1180
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:2936
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:2080
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:1224
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:840
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:1720
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:2584
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:2860
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:2184
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1624
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:892
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:684
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:2120
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:2516
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:2076
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1800
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:2508
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:556
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:2008
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:2840
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:1140
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:2528
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1824
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:2488
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                    • Executes dropped EXE
                                    PID:1212
                                  • \??\c:\windows\system\spoolsv.exe
                                    c:\windows\system\spoolsv.exe SE
                                    5⤵
                                      PID:1120
                                    • \??\c:\windows\system\spoolsv.exe
                                      c:\windows\system\spoolsv.exe SE
                                      5⤵
                                        PID:2740
                                      • \??\c:\windows\system\spoolsv.exe
                                        c:\windows\system\spoolsv.exe SE
                                        5⤵
                                          PID:1736
                                        • \??\c:\windows\system\spoolsv.exe
                                          c:\windows\system\spoolsv.exe SE
                                          5⤵
                                            PID:784
                                          • \??\c:\windows\system\spoolsv.exe
                                            c:\windows\system\spoolsv.exe SE
                                            5⤵
                                            • Drops file in Windows directory
                                            PID:2052
                                          • \??\c:\windows\system\spoolsv.exe
                                            c:\windows\system\spoolsv.exe SE
                                            5⤵
                                            • Drops file in Windows directory
                                            PID:448
                                          • \??\c:\windows\system\spoolsv.exe
                                            c:\windows\system\spoolsv.exe SE
                                            5⤵
                                              PID:1596
                                            • \??\c:\windows\system\spoolsv.exe
                                              c:\windows\system\spoolsv.exe SE
                                              5⤵
                                              • Drops file in Windows directory
                                              PID:2668
                                            • \??\c:\windows\system\spoolsv.exe
                                              c:\windows\system\spoolsv.exe SE
                                              5⤵
                                              • Drops file in Windows directory
                                              PID:1632
                                            • \??\c:\windows\system\spoolsv.exe
                                              c:\windows\system\spoolsv.exe SE
                                              5⤵
                                              • Drops file in Windows directory
                                              PID:848
                                            • \??\c:\windows\system\spoolsv.exe
                                              c:\windows\system\spoolsv.exe SE
                                              5⤵
                                                PID:3060
                                              • \??\c:\windows\system\spoolsv.exe
                                                c:\windows\system\spoolsv.exe SE
                                                5⤵
                                                  PID:3112
                                                • \??\c:\windows\system\spoolsv.exe
                                                  c:\windows\system\spoolsv.exe SE
                                                  5⤵
                                                    PID:3276
                                                  • \??\c:\windows\system\spoolsv.exe
                                                    c:\windows\system\spoolsv.exe SE
                                                    5⤵
                                                      PID:3448
                                                    • \??\c:\windows\system\spoolsv.exe
                                                      c:\windows\system\spoolsv.exe SE
                                                      5⤵
                                                        PID:3632
                                                      • \??\c:\windows\system\spoolsv.exe
                                                        c:\windows\system\spoolsv.exe SE
                                                        5⤵
                                                          PID:3788
                                                        • \??\c:\windows\system\spoolsv.exe
                                                          c:\windows\system\spoolsv.exe SE
                                                          5⤵
                                                          • Drops file in Windows directory
                                                          PID:3944
                                                        • \??\c:\windows\system\spoolsv.exe
                                                          c:\windows\system\spoolsv.exe SE
                                                          5⤵
                                                            PID:480
                                                          • \??\c:\windows\system\spoolsv.exe
                                                            c:\windows\system\spoolsv.exe SE
                                                            5⤵
                                                            • Drops file in Windows directory
                                                            PID:3260
                                                          • \??\c:\windows\system\spoolsv.exe
                                                            c:\windows\system\spoolsv.exe SE
                                                            5⤵
                                                              PID:3428
                                                            • \??\c:\windows\system\spoolsv.exe
                                                              c:\windows\system\spoolsv.exe SE
                                                              5⤵
                                                                PID:3628
                                                              • \??\c:\windows\system\spoolsv.exe
                                                                c:\windows\system\spoolsv.exe SE
                                                                5⤵
                                                                • Drops file in Windows directory
                                                                PID:3868
                                                              • \??\c:\windows\system\spoolsv.exe
                                                                c:\windows\system\spoolsv.exe SE
                                                                5⤵
                                                                  PID:4044
                                                                • \??\c:\windows\system\spoolsv.exe
                                                                  c:\windows\system\spoolsv.exe SE
                                                                  5⤵
                                                                  • Drops file in Windows directory
                                                                  PID:3196
                                                                • \??\c:\windows\system\spoolsv.exe
                                                                  c:\windows\system\spoolsv.exe SE
                                                                  5⤵
                                                                    PID:3400
                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                    c:\windows\system\spoolsv.exe SE
                                                                    5⤵
                                                                      PID:596
                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                      c:\windows\system\spoolsv.exe SE
                                                                      5⤵
                                                                      • Drops file in Windows directory
                                                                      PID:3804
                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                      c:\windows\system\spoolsv.exe SE
                                                                      5⤵
                                                                      • Drops file in Windows directory
                                                                      PID:4052
                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                      c:\windows\system\spoolsv.exe SE
                                                                      5⤵
                                                                        PID:3220
                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                        c:\windows\system\spoolsv.exe SE
                                                                        5⤵
                                                                          PID:3468
                                                                        • \??\c:\windows\system\spoolsv.exe
                                                                          c:\windows\system\spoolsv.exe SE
                                                                          5⤵
                                                                            PID:3648
                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                            c:\windows\system\spoolsv.exe SE
                                                                            5⤵
                                                                            • Drops file in Windows directory
                                                                            PID:3860
                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                            c:\windows\system\spoolsv.exe SE
                                                                            5⤵
                                                                              PID:3080
                                                                            • \??\c:\windows\system\spoolsv.exe
                                                                              c:\windows\system\spoolsv.exe SE
                                                                              5⤵
                                                                                PID:3328
                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                c:\windows\system\spoolsv.exe SE
                                                                                5⤵
                                                                                • Drops file in Windows directory
                                                                                PID:3572
                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                c:\windows\system\spoolsv.exe SE
                                                                                5⤵
                                                                                  PID:3800
                                                                                • \??\c:\windows\system\spoolsv.exe
                                                                                  c:\windows\system\spoolsv.exe SE
                                                                                  5⤵
                                                                                  • Drops file in Windows directory
                                                                                  PID:4084
                                                                                • \??\c:\windows\system\spoolsv.exe
                                                                                  c:\windows\system\spoolsv.exe SE
                                                                                  5⤵
                                                                                  • Drops file in Windows directory
                                                                                  PID:3324
                                                                                • \??\c:\windows\system\spoolsv.exe
                                                                                  c:\windows\system\spoolsv.exe SE
                                                                                  5⤵
                                                                                    PID:3612
                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                    c:\windows\system\spoolsv.exe SE
                                                                                    5⤵
                                                                                    • Drops file in Windows directory
                                                                                    PID:3836
                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                    c:\windows\system\spoolsv.exe SE
                                                                                    5⤵
                                                                                      PID:3200
                                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                                      c:\windows\system\spoolsv.exe SE
                                                                                      5⤵
                                                                                      • Drops file in Windows directory
                                                                                      PID:3516
                                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                                      c:\windows\system\spoolsv.exe SE
                                                                                      5⤵
                                                                                        PID:3856
                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                        c:\windows\system\spoolsv.exe SE
                                                                                        5⤵
                                                                                          PID:3184
                                                                                        • \??\c:\windows\system\spoolsv.exe
                                                                                          c:\windows\system\spoolsv.exe SE
                                                                                          5⤵
                                                                                          • Drops file in Windows directory
                                                                                          PID:3560
                                                                                        • \??\c:\windows\system\spoolsv.exe
                                                                                          c:\windows\system\spoolsv.exe SE
                                                                                          5⤵
                                                                                            PID:3936
                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                            5⤵
                                                                                              PID:3308
                                                                                            • \??\c:\windows\system\spoolsv.exe
                                                                                              c:\windows\system\spoolsv.exe SE
                                                                                              5⤵
                                                                                                PID:3712
                                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                                c:\windows\system\spoolsv.exe SE
                                                                                                5⤵
                                                                                                  PID:3108
                                                                                                • \??\c:\windows\system\spoolsv.exe
                                                                                                  c:\windows\system\spoolsv.exe SE
                                                                                                  5⤵
                                                                                                  • Drops file in Windows directory
                                                                                                  PID:3600
                                                                                                • \??\c:\windows\system\spoolsv.exe
                                                                                                  c:\windows\system\spoolsv.exe SE
                                                                                                  5⤵
                                                                                                  • Drops file in Windows directory
                                                                                                  PID:4024
                                                                                                • \??\c:\windows\system\spoolsv.exe
                                                                                                  c:\windows\system\spoolsv.exe SE
                                                                                                  5⤵
                                                                                                    PID:2196
                                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                                    c:\windows\system\spoolsv.exe SE
                                                                                                    5⤵
                                                                                                      PID:3216
                                                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                                                      c:\windows\system\spoolsv.exe SE
                                                                                                      5⤵
                                                                                                      • Drops file in Windows directory
                                                                                                      PID:3852
                                                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                                                      c:\windows\system\spoolsv.exe SE
                                                                                                      5⤵
                                                                                                        PID:3688
                                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                                        c:\windows\system\spoolsv.exe SE
                                                                                                        5⤵
                                                                                                          PID:3288
                                                                                                        • \??\c:\windows\system\spoolsv.exe
                                                                                                          c:\windows\system\spoolsv.exe SE
                                                                                                          5⤵
                                                                                                            PID:4064
                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                                            5⤵
                                                                                                              PID:3940
                                                                                                            • \??\c:\windows\system\spoolsv.exe
                                                                                                              c:\windows\system\spoolsv.exe SE
                                                                                                              5⤵
                                                                                                              • Drops file in Windows directory
                                                                                                              PID:4036
                                                                                                            • \??\c:\windows\system\spoolsv.exe
                                                                                                              c:\windows\system\spoolsv.exe SE
                                                                                                              5⤵
                                                                                                                PID:3456
                                                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                                                c:\windows\system\spoolsv.exe SE
                                                                                                                5⤵
                                                                                                                  PID:2968
                                                                                                                • \??\c:\windows\system\spoolsv.exe
                                                                                                                  c:\windows\system\spoolsv.exe SE
                                                                                                                  5⤵
                                                                                                                    PID:3824
                                                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                                                    c:\windows\system\spoolsv.exe SE
                                                                                                                    5⤵
                                                                                                                      PID:4000
                                                                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                                                                      c:\windows\system\spoolsv.exe SE
                                                                                                                      5⤵
                                                                                                                        PID:3912
                                                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                                                        c:\windows\system\spoolsv.exe SE
                                                                                                                        5⤵
                                                                                                                          PID:4144
                                                                                                                        • \??\c:\windows\system\spoolsv.exe
                                                                                                                          c:\windows\system\spoolsv.exe SE
                                                                                                                          5⤵
                                                                                                                          • Drops file in Windows directory
                                                                                                                          PID:4308
                                                                                                                        • \??\c:\windows\system\spoolsv.exe
                                                                                                                          c:\windows\system\spoolsv.exe SE
                                                                                                                          5⤵
                                                                                                                            PID:4460
                                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                                                            5⤵
                                                                                                                            • Drops file in Windows directory
                                                                                                                            PID:4632
                                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                                                            5⤵
                                                                                                                            • Drops file in Windows directory
                                                                                                                            PID:4792
                                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                                                            5⤵
                                                                                                                            • Drops file in Windows directory
                                                                                                                            PID:4956
                                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                                                            5⤵
                                                                                                                            • Drops file in Windows directory
                                                                                                                            PID:3984
                                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                                                            5⤵
                                                                                                                            • Drops file in Windows directory
                                                                                                                            PID:4260
                                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                                                            5⤵
                                                                                                                              PID:4436
                                                                                                                            • \??\c:\windows\system\spoolsv.exe
                                                                                                                              c:\windows\system\spoolsv.exe SE
                                                                                                                              5⤵
                                                                                                                              • Drops file in Windows directory
                                                                                                                              PID:4624
                                                                                                                            • \??\c:\windows\system\spoolsv.exe
                                                                                                                              c:\windows\system\spoolsv.exe SE
                                                                                                                              5⤵
                                                                                                                                PID:4804
                                                                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                                                                c:\windows\system\spoolsv.exe SE
                                                                                                                                5⤵
                                                                                                                                • Drops file in Windows directory
                                                                                                                                PID:5008
                                                                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                                                                c:\windows\system\spoolsv.exe SE
                                                                                                                                5⤵
                                                                                                                                  PID:4164
                                                                                                                                • \??\c:\windows\system\spoolsv.exe
                                                                                                                                  c:\windows\system\spoolsv.exe SE
                                                                                                                                  5⤵
                                                                                                                                    PID:4384
                                                                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                                                                    c:\windows\system\spoolsv.exe SE
                                                                                                                                    5⤵
                                                                                                                                      PID:4588
                                                                                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                                                                                      c:\windows\system\spoolsv.exe SE
                                                                                                                                      5⤵
                                                                                                                                      • Drops file in Windows directory
                                                                                                                                      PID:4800
                                                                                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                                                                                      c:\windows\system\spoolsv.exe SE
                                                                                                                                      5⤵
                                                                                                                                      • Drops file in Windows directory
                                                                                                                                      PID:5028
                                                                                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                                                                                      c:\windows\system\spoolsv.exe SE
                                                                                                                                      5⤵
                                                                                                                                      • Drops file in Windows directory
                                                                                                                                      PID:4208
                                                                                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                                                                                      c:\windows\system\spoolsv.exe SE
                                                                                                                                      5⤵
                                                                                                                                        PID:4472
                                                                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                                                                        c:\windows\system\spoolsv.exe SE
                                                                                                                                        5⤵
                                                                                                                                          PID:4720
                                                                                                                                        • \??\c:\windows\system\spoolsv.exe
                                                                                                                                          c:\windows\system\spoolsv.exe SE
                                                                                                                                          5⤵
                                                                                                                                          • Drops file in Windows directory
                                                                                                                                          PID:4968
                                                                                                                                        • \??\c:\windows\system\spoolsv.exe
                                                                                                                                          c:\windows\system\spoolsv.exe SE
                                                                                                                                          5⤵
                                                                                                                                            PID:4128
                                                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                                                                            5⤵
                                                                                                                                              PID:4448
                                                                                                                                            • \??\c:\windows\system\spoolsv.exe
                                                                                                                                              c:\windows\system\spoolsv.exe SE
                                                                                                                                              5⤵
                                                                                                                                                PID:4732
                                                                                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                                                                                c:\windows\system\spoolsv.exe SE
                                                                                                                                                5⤵
                                                                                                                                                  PID:5004
                                                                                                                                                • \??\c:\windows\system\spoolsv.exe
                                                                                                                                                  c:\windows\system\spoolsv.exe SE
                                                                                                                                                  5⤵
                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                  PID:4276
                                                                                                                                                • \??\c:\windows\system\spoolsv.exe
                                                                                                                                                  c:\windows\system\spoolsv.exe SE
                                                                                                                                                  5⤵
                                                                                                                                                    PID:4564
                                                                                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                                                                                    c:\windows\system\spoolsv.exe SE
                                                                                                                                                    5⤵
                                                                                                                                                    • Drops file in Windows directory
                                                                                                                                                    PID:4892
                                                                                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                                                                                    c:\windows\system\spoolsv.exe SE
                                                                                                                                                    5⤵
                                                                                                                                                      PID:4152
                                                                                                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                                                                                                      c:\windows\system\spoolsv.exe SE
                                                                                                                                                      5⤵
                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                      PID:4536
                                                                                                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                                                                                                      c:\windows\system\spoolsv.exe SE
                                                                                                                                                      5⤵
                                                                                                                                                        PID:4864
                                                                                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                                                                                        c:\windows\system\spoolsv.exe SE
                                                                                                                                                        5⤵
                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                        PID:4184
                                                                                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                                                                                        c:\windows\system\spoolsv.exe SE
                                                                                                                                                        5⤵
                                                                                                                                                          PID:4592
                                                                                                                                                        • \??\c:\windows\system\spoolsv.exe
                                                                                                                                                          c:\windows\system\spoolsv.exe SE
                                                                                                                                                          5⤵
                                                                                                                                                            PID:5408
                                                                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                                                                                            5⤵
                                                                                                                                                              PID:6612

                                                                                                                                                    Network

                                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                                          Replay Monitor

                                                                                                                                                          Loading Replay Monitor...

                                                                                                                                                          Downloads

                                                                                                                                                          • C:\Windows\Parameters.ini

                                                                                                                                                            Filesize

                                                                                                                                                            74B

                                                                                                                                                            MD5

                                                                                                                                                            6687785d6a31cdf9a5f80acb3abc459b

                                                                                                                                                            SHA1

                                                                                                                                                            1ddda26cc18189770eaaa4a9e78cc4abe4fe39c9

                                                                                                                                                            SHA256

                                                                                                                                                            3b5ebe1c6d4d33c14e5f2ca735fc085759f47895ea90192999a22a035c7edc9b

                                                                                                                                                            SHA512

                                                                                                                                                            5fe9429d64ee6fe0d3698cabb39757729b48d525500afa5f073d69f14f791c8aa2bc7ce0467d48d66fc58d894983391022c59035fa67703fefd309ec4a5d9962

                                                                                                                                                          • \Windows\system\explorer.exe

                                                                                                                                                            Filesize

                                                                                                                                                            2.2MB

                                                                                                                                                            MD5

                                                                                                                                                            0f0f5f4b7028ea477a2d4ffa457111ff

                                                                                                                                                            SHA1

                                                                                                                                                            0e612b36172bb1cff15fcc7c9153c33cf79c2146

                                                                                                                                                            SHA256

                                                                                                                                                            cd8ce5a7a6caad666c42bb995d9442c6233480131f208d36a49624964594cd8d

                                                                                                                                                            SHA512

                                                                                                                                                            b23f4e95652c21c88eef17f29ddbfd009465af3238e6d68a53998068d54b84317f4f54915238250982496c363a09750ab5b2893cf686982a91fc7ffbc928ac94

                                                                                                                                                          • \Windows\system\spoolsv.exe

                                                                                                                                                            Filesize

                                                                                                                                                            2.2MB

                                                                                                                                                            MD5

                                                                                                                                                            76db7d45d7df93171b7d7f58b14996e2

                                                                                                                                                            SHA1

                                                                                                                                                            70805b34338d8781a9968da371542140d349a4d4

                                                                                                                                                            SHA256

                                                                                                                                                            e107dbe490e56aabe6554d168c6ac1b0cf278334a107efca8b6f4f93ddb60812

                                                                                                                                                            SHA512

                                                                                                                                                            ad0c5b31258b28783bf30f3a689a904a9906bfaf8f8a3b267088074e494d1effa3fb069f70c0949b2cb2e212c6ff9ca864fe70954b11ae7ee5823483ba1a21c6

                                                                                                                                                          • memory/268-543-0x0000000000330000-0x0000000000331000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/268-150-0x0000000000330000-0x0000000000331000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/268-2482-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/664-3062-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/664-1115-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/664-753-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/764-3073-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/764-791-0x00000000003A0000-0x00000000003A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/764-1150-0x00000000003A0000-0x00000000003A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/856-3318-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/1044-1403-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1088-240-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1088-612-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1088-2584-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/1180-1450-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1256-1013-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1256-3205-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/1256-1369-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1504-3204-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/1604-3171-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/1604-945-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1604-1294-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1612-2910-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/1612-586-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1612-936-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1620-1449-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1620-1081-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1620-3277-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/1636-76-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            248KB

                                                                                                                                                          • memory/1636-437-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            248KB

                                                                                                                                                          • memory/1660-2817-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/1660-825-0x0000000000230000-0x0000000000231000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1660-465-0x0000000000230000-0x0000000000231000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1760-1226-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1760-3111-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/1760-863-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1816-688-0x00000000002A0000-0x00000000002A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1816-327-0x00000000002A0000-0x00000000002A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1816-2690-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/1896-1258-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1912-2764-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/1912-397-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1912-752-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/1916-1331-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2004-2367-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2004-86-0x00000000002A0000-0x00000000002A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2004-464-0x00000000002A0000-0x00000000002A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2016-1377-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2040-1195-0x0000000000230000-0x0000000000231000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2072-3021-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2072-721-0x0000000000230000-0x0000000000231000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2104-507-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2104-2843-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2104-862-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2112-1232-0x0000000000230000-0x0000000000231000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2244-17-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2244-19-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2244-0-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2244-27-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2316-3247-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2440-2549-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2440-580-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2440-195-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2476-60-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2476-71-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2476-62-0x00000000002A0000-0x00000000002A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2476-41-0x00000000002A0000-0x00000000002A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2552-545-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2552-2876-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2552-899-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2576-1305-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2588-3291-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2768-715-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2768-352-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2768-2733-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2812-49-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            248KB

                                                                                                                                                          • memory/2812-28-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            248KB

                                                                                                                                                          • memory/2812-24-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            248KB

                                                                                                                                                          • memory/2812-22-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2812-20-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            248KB

                                                                                                                                                          • memory/2816-2986-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2816-689-0x0000000000320000-0x0000000000321000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2816-1049-0x0000000000320000-0x0000000000321000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2828-2449-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2828-108-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2828-501-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2836-789-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2836-2802-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2836-438-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2932-1190-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2932-831-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2932-3102-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2936-1481-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2944-971-0x00000000003A0000-0x00000000003A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2944-2923-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2944-613-0x00000000003A0000-0x00000000003A1000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2948-2654-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2948-649-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2948-284-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2980-3137-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB

                                                                                                                                                          • memory/2996-658-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2996-1007-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            4KB

                                                                                                                                                          • memory/2996-2959-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                                            Filesize

                                                                                                                                                            1.8MB