b2f311453fb3153464a82d1cb371fef1fd155b23cf9e6c41652b7c113b57763c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe
Size

1.1MB
MD5

0df0bdd5f09012598f0d6fb4c8719820
SHA1

c1b4d4a7e76e6112ca7e5b9b7df8cdde85f7c0ca
SHA256

b2f311453fb3153464a82d1cb371fef1fd155b23cf9e6c41652b7c113b57763c
SHA512

78ac94e9bfabd32bbb96df4c963604cce0722eac41d492a70307a17b0ca20f3da4cc9040b4c48455973aa9838b65075d9bd9a391e78c66faeee41a7f003b6b41
SSDEEP

768:9SyCk0yiLw6K7njb5Vf0XghCF7RlH5sf1zBmQzTGfmgyq/4U:ikViCnoXghCF7PHWf1zwQVgv/F

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\userinit.exe"	userinit.exe

Executes dropped EXE 64 IoCs

pid	Process
2036	userinit.exe
5284	system.exe
5292	system.exe
6104	system.exe
4408	system.exe
2916	system.exe
3812	system.exe
3664	system.exe
1912	system.exe
4076	system.exe
392	system.exe
5632	system.exe
1788	system.exe
3428	system.exe
5728	system.exe
5420	system.exe
3648	system.exe
4640	system.exe
5512	system.exe
3656	system.exe
3312	system.exe
3092	system.exe
1180	system.exe
4852	system.exe
2852	system.exe
3304	system.exe
3692	system.exe
4480	system.exe
3068	system.exe
2180	system.exe
428	system.exe
2460	system.exe
3500	system.exe
2812	system.exe
6120	system.exe
1032	system.exe
1392	system.exe
3104	system.exe
3764	system.exe
732	system.exe
6048	system.exe
3076	system.exe
6124	system.exe
4360	system.exe
5616	system.exe
396	system.exe
4572	system.exe
6136	system.exe
6004	system.exe
4700	system.exe
812	system.exe
1196	system.exe
5192	system.exe
2804	system.exe
4956	system.exe
1984	system.exe
452	system.exe
5284	system.exe
2076	system.exe
5164	system.exe
5204	system.exe
4560	system.exe
5264	system.exe
4092	system.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\system.exe	userinit.exe
File created	C:\Windows\SysWOW64\system.exe	userinit.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\userinit.exe	0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe
File opened for modification	C:\Windows\userinit.exe	0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe
File created	C:\Windows\kdcoms.dll	userinit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4952	0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe
4952	0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe
2036	userinit.exe
2036	userinit.exe
2036	userinit.exe
2036	userinit.exe
5284	system.exe
5284	system.exe
2036	userinit.exe
2036	userinit.exe
5292	system.exe
5292	system.exe
2036	userinit.exe
2036	userinit.exe
6104	system.exe
6104	system.exe
2036	userinit.exe
2036	userinit.exe
4408	system.exe
4408	system.exe
2036	userinit.exe
2036	userinit.exe
2916	system.exe
2916	system.exe
2036	userinit.exe
2036	userinit.exe
3812	system.exe
3812	system.exe
2036	userinit.exe
2036	userinit.exe
3664	system.exe
3664	system.exe
2036	userinit.exe
2036	userinit.exe
1912	system.exe
1912	system.exe
2036	userinit.exe
2036	userinit.exe
4076	system.exe
4076	system.exe
2036	userinit.exe
2036	userinit.exe
392	system.exe
392	system.exe
2036	userinit.exe
2036	userinit.exe
5632	system.exe
5632	system.exe
2036	userinit.exe
2036	userinit.exe
1788	system.exe
1788	system.exe
2036	userinit.exe
2036	userinit.exe
3428	system.exe
3428	system.exe
2036	userinit.exe
2036	userinit.exe
5728	system.exe
5728	system.exe
2036	userinit.exe
2036	userinit.exe
5420	system.exe
5420	system.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2036	userinit.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4952	0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe
4952	0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe
2036	userinit.exe
2036	userinit.exe
5284	system.exe
5284	system.exe
5292	system.exe
5292	system.exe
6104	system.exe
6104	system.exe
4408	system.exe
4408	system.exe
2916	system.exe
2916	system.exe
3812	system.exe
3812	system.exe
3664	system.exe
3664	system.exe
1912	system.exe
1912	system.exe
4076	system.exe
4076	system.exe
392	system.exe
392	system.exe
5632	system.exe
5632	system.exe
1788	system.exe
1788	system.exe
3428	system.exe
3428	system.exe
5728	system.exe
5728	system.exe
5420	system.exe
5420	system.exe
3648	system.exe
3648	system.exe
4640	system.exe
4640	system.exe
5512	system.exe
5512	system.exe
3656	system.exe
3656	system.exe
3312	system.exe
3312	system.exe
3092	system.exe
3092	system.exe
1180	system.exe
1180	system.exe
4852	system.exe
4852	system.exe
2852	system.exe
2852	system.exe
3304	system.exe
3304	system.exe
3692	system.exe
3692	system.exe
4480	system.exe
4480	system.exe
3068	system.exe
3068	system.exe
2180	system.exe
2180	system.exe
428	system.exe
428	system.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 2036	4952	0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe	80
PID 4952 wrote to memory of 2036	4952	0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe	80
PID 4952 wrote to memory of 2036	4952	0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe	80
PID 2036 wrote to memory of 5284	2036	userinit.exe	81
PID 2036 wrote to memory of 5284	2036	userinit.exe	81
PID 2036 wrote to memory of 5284	2036	userinit.exe	81
PID 2036 wrote to memory of 5292	2036	userinit.exe	82
PID 2036 wrote to memory of 5292	2036	userinit.exe	82
PID 2036 wrote to memory of 5292	2036	userinit.exe	82
PID 2036 wrote to memory of 6104	2036	userinit.exe	85
PID 2036 wrote to memory of 6104	2036	userinit.exe	85
PID 2036 wrote to memory of 6104	2036	userinit.exe	85
PID 2036 wrote to memory of 4408	2036	userinit.exe	88
PID 2036 wrote to memory of 4408	2036	userinit.exe	88
PID 2036 wrote to memory of 4408	2036	userinit.exe	88
PID 2036 wrote to memory of 2916	2036	userinit.exe	89
PID 2036 wrote to memory of 2916	2036	userinit.exe	89
PID 2036 wrote to memory of 2916	2036	userinit.exe	89
PID 2036 wrote to memory of 3812	2036	userinit.exe	90
PID 2036 wrote to memory of 3812	2036	userinit.exe	90
PID 2036 wrote to memory of 3812	2036	userinit.exe	90
PID 2036 wrote to memory of 3664	2036	userinit.exe	92
PID 2036 wrote to memory of 3664	2036	userinit.exe	92
PID 2036 wrote to memory of 3664	2036	userinit.exe	92
PID 2036 wrote to memory of 1912	2036	userinit.exe	93
PID 2036 wrote to memory of 1912	2036	userinit.exe	93
PID 2036 wrote to memory of 1912	2036	userinit.exe	93
PID 2036 wrote to memory of 4076	2036	userinit.exe	96
PID 2036 wrote to memory of 4076	2036	userinit.exe	96
PID 2036 wrote to memory of 4076	2036	userinit.exe	96
PID 2036 wrote to memory of 392	2036	userinit.exe	97
PID 2036 wrote to memory of 392	2036	userinit.exe	97
PID 2036 wrote to memory of 392	2036	userinit.exe	97
PID 2036 wrote to memory of 5632	2036	userinit.exe	98
PID 2036 wrote to memory of 5632	2036	userinit.exe	98
PID 2036 wrote to memory of 5632	2036	userinit.exe	98
PID 2036 wrote to memory of 1788	2036	userinit.exe	99
PID 2036 wrote to memory of 1788	2036	userinit.exe	99
PID 2036 wrote to memory of 1788	2036	userinit.exe	99
PID 2036 wrote to memory of 3428	2036	userinit.exe	100
PID 2036 wrote to memory of 3428	2036	userinit.exe	100
PID 2036 wrote to memory of 3428	2036	userinit.exe	100
PID 2036 wrote to memory of 5728	2036	userinit.exe	101
PID 2036 wrote to memory of 5728	2036	userinit.exe	101
PID 2036 wrote to memory of 5728	2036	userinit.exe	101
PID 2036 wrote to memory of 5420	2036	userinit.exe	102
PID 2036 wrote to memory of 5420	2036	userinit.exe	102
PID 2036 wrote to memory of 5420	2036	userinit.exe	102
PID 2036 wrote to memory of 3648	2036	userinit.exe	103
PID 2036 wrote to memory of 3648	2036	userinit.exe	103
PID 2036 wrote to memory of 3648	2036	userinit.exe	103
PID 2036 wrote to memory of 4640	2036	userinit.exe	104
PID 2036 wrote to memory of 4640	2036	userinit.exe	104
PID 2036 wrote to memory of 4640	2036	userinit.exe	104
PID 2036 wrote to memory of 5512	2036	userinit.exe	105
PID 2036 wrote to memory of 5512	2036	userinit.exe	105
PID 2036 wrote to memory of 5512	2036	userinit.exe	105
PID 2036 wrote to memory of 3656	2036	userinit.exe	106
PID 2036 wrote to memory of 3656	2036	userinit.exe	106
PID 2036 wrote to memory of 3656	2036	userinit.exe	106
PID 2036 wrote to memory of 3312	2036	userinit.exe	107
PID 2036 wrote to memory of 3312	2036	userinit.exe	107
PID 2036 wrote to memory of 3312	2036	userinit.exe	107
PID 2036 wrote to memory of 3092	2036	userinit.exe	108

C:\Users\Admin\AppData\Local\Temp\0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0df0bdd5f09012598f0d6fb4c8719820_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Windows\userinit.exe
  C:\Windows\userinit.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5284
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5292
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:6104
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4408
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2916
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3812
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3664
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1912
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4076
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:392
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5632
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1788
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3428
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5728
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5420
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3648
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4640
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5512
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3656
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3312
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3092
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1180
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4852
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2852
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3304
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3692
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4480
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3068
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2180
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:428
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:2460
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:3500
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:2812
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:6120
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:1032
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:1392
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:3104
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:3764
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:732
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:6048
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:3076
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:6124
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4360
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:5616
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:396
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4572
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:6136
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:6004
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4700
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:812
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:1196
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:5192
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:2804
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4956
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:1984
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:452
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:5284
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:2076
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:5164
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:5204
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4560
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:5264
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4092
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4328
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2940
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1200
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4988
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:6096
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5560
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4492
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5648
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5744
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1184
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5656
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2772
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5692
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1660
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4736
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4928
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3576
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5396
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2248
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1252
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2052
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2792
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4548
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2348
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4836
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2984
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2800
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5812
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5356
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5380
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4400
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3036
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:316
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4588
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4708
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1116
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1680
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3764
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:732
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:6048
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:644
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:6124
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1308
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5464
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5004
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:6136
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4104
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:6076
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:976
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5588
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4436
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3424
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2996
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4632
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:448
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:460
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:6128
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2480
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4344
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:6116
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2196
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4760
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4560
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4364
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3460
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3964
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3868
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3732
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4764
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4904
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:6112
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1928
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1312
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2116
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5428
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:6060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\userinit.exe

Filesize
1.1MB

MD5
0df0bdd5f09012598f0d6fb4c8719820

SHA1
c1b4d4a7e76e6112ca7e5b9b7df8cdde85f7c0ca

SHA256
b2f311453fb3153464a82d1cb371fef1fd155b23cf9e6c41652b7c113b57763c

SHA512
78ac94e9bfabd32bbb96df4c963604cce0722eac41d492a70307a17b0ca20f3da4cc9040b4c48455973aa9838b65075d9bd9a391e78c66faeee41a7f003b6b41

Download Submit
memory/316-528-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/428-184-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/460-641-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/644-570-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/732-555-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/732-230-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/732-560-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/812-288-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/976-608-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1032-209-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1116-543-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1180-143-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1184-416-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1196-293-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1200-380-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1252-461-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1308-580-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1312-728-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1392-214-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1564-363-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1680-548-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1788-91-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1912-70-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1928-723-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2036-315-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2036-269-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2036-411-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2036-72-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2036-123-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2036-10-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2036-170-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2036-216-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2052-470-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2076-330-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2116-733-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2180-179-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2196-668-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2248-459-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2348-485-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2460-189-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2480-648-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2480-653-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2792-475-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2800-499-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2804-303-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2812-199-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2852-153-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2916-51-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/2916-55-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2940-375-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3068-174-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3076-240-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3092-134-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3092-138-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3104-220-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3304-158-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3312-132-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3424-623-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3428-96-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3460-687-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3500-194-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3576-449-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3648-111-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3656-127-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3664-65-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3692-163-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3732-704-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3732-699-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3764-553-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3764-225-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3812-60-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3868-697-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3964-692-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4076-76-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4092-358-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4328-370-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4328-365-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4344-658-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4360-251-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4360-247-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4364-682-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4400-519-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4408-45-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/4408-44-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4408-49-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4436-618-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4480-168-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4492-400-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4548-480-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4560-348-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4572-263-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4572-267-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4588-533-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4632-632-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4640-116-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4700-283-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4708-538-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4736-440-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4760-673-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4836-490-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4852-148-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4904-713-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4952-1-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download
memory/4952-0-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4952-17-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4956-308-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4988-385-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5164-336-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5192-298-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5204-342-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5264-353-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5284-324-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5284-24-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download
memory/5284-28-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5284-29-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download
memory/5292-36-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/5292-35-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5292-31-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/5380-514-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5396-454-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5420-106-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5428-738-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5464-585-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5512-121-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5560-395-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5588-613-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5616-256-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5632-86-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5648-405-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5656-423-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5656-418-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5728-101-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5744-410-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5812-504-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6004-278-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6048-565-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6048-235-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6060-743-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6076-602-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6096-390-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6104-42-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6104-38-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/6112-718-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6116-663-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6120-204-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6124-575-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6124-245-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6128-646-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/6136-273-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download