ffec80e33ca050c78c5af49a23b4943b68872b9bef75bbe75f4bf277fddec3f7

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe
Size

80KB
MD5

43dcf05478833250d15ba492cf1ca381
SHA1

51a7df050834c19d7814a128d1b78ee133ce3e7f
SHA256

ffec80e33ca050c78c5af49a23b4943b68872b9bef75bbe75f4bf277fddec3f7
SHA512

14c81606af972ea7187efdecc3bc8dd1e299e41245f95134c3f522c6569b7f0292e862c986e956377db157f554c8943df82870fb3435aa7eddab186f07d38cae
SSDEEP

1536:C0FBV3gTCVEmMOet6HQHYnu3PpQ3aRhdsRxO4z:CWVe8EhO24nGPS3ajL4z

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\userinit.exe"	userinit.exe

Executes dropped EXE 64 IoCs

pid	Process
4460	userinit.exe
4548	system.exe
2324	system.exe
4300	system.exe
2188	system.exe
4404	system.exe
3992	system.exe
1128	system.exe
1464	system.exe
3444	system.exe
3620	system.exe
1520	system.exe
2560	system.exe
4392	system.exe
3336	system.exe
4776	system.exe
3780	system.exe
4820	system.exe
212	system.exe
4340	system.exe
3384	system.exe
4804	system.exe
5068	system.exe
2640	system.exe
2580	system.exe
1924	system.exe
780	system.exe
3536	system.exe
968	system.exe
4656	system.exe
4248	system.exe
4064	system.exe
1128	system.exe
5088	system.exe
3576	system.exe
3296	system.exe
3520	system.exe
512	system.exe
5016	system.exe
920	system.exe
1032	system.exe
1572	system.exe
4820	system.exe
2216	system.exe
4472	system.exe
4892	system.exe
4804	system.exe
1772	system.exe
4060	system.exe
4548	system.exe
2292	system.exe
2324	system.exe
4300	system.exe
968	system.exe
2336	system.exe
3260	system.exe
5048	system.exe
1196	system.exe
976	system.exe
4644	system.exe
3064	system.exe
3672	system.exe
1520	system.exe
1964	system.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\system.exe	userinit.exe
File created	C:\Windows\SysWOW64\system.exe	userinit.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\userinit.exe	43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe
File opened for modification	C:\Windows\userinit.exe	43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe
File created	C:\Windows\kdcoms.dll	userinit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1640	43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe
1640	43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe
4460	userinit.exe
4460	userinit.exe
4460	userinit.exe
4460	userinit.exe
4548	system.exe
4548	system.exe
4460	userinit.exe
4460	userinit.exe
2324	system.exe
2324	system.exe
4460	userinit.exe
4460	userinit.exe
4300	system.exe
4300	system.exe
4460	userinit.exe
4460	userinit.exe
2188	system.exe
2188	system.exe
4460	userinit.exe
4460	userinit.exe
4404	system.exe
4404	system.exe
4460	userinit.exe
4460	userinit.exe
3992	system.exe
3992	system.exe
4460	userinit.exe
4460	userinit.exe
1128	system.exe
1128	system.exe
4460	userinit.exe
4460	userinit.exe
1464	system.exe
1464	system.exe
4460	userinit.exe
4460	userinit.exe
3444	system.exe
3444	system.exe
4460	userinit.exe
4460	userinit.exe
3620	system.exe
3620	system.exe
4460	userinit.exe
4460	userinit.exe
1520	system.exe
1520	system.exe
4460	userinit.exe
4460	userinit.exe
2560	system.exe
2560	system.exe
4460	userinit.exe
4460	userinit.exe
4392	system.exe
4392	system.exe
4460	userinit.exe
4460	userinit.exe
3336	system.exe
3336	system.exe
4460	userinit.exe
4460	userinit.exe
4776	system.exe
4776	system.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4460	userinit.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1640	43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe
1640	43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe
4460	userinit.exe
4460	userinit.exe
4548	system.exe
4548	system.exe
2324	system.exe
2324	system.exe
4300	system.exe
4300	system.exe
2188	system.exe
2188	system.exe
4404	system.exe
4404	system.exe
3992	system.exe
3992	system.exe
1128	system.exe
1128	system.exe
1464	system.exe
1464	system.exe
3444	system.exe
3444	system.exe
3620	system.exe
3620	system.exe
1520	system.exe
1520	system.exe
2560	system.exe
2560	system.exe
4392	system.exe
4392	system.exe
3336	system.exe
3336	system.exe
4776	system.exe
4776	system.exe
3780	system.exe
3780	system.exe
4820	system.exe
4820	system.exe
212	system.exe
212	system.exe
4340	system.exe
4340	system.exe
3384	system.exe
3384	system.exe
4804	system.exe
4804	system.exe
5068	system.exe
5068	system.exe
2640	system.exe
2640	system.exe
2580	system.exe
2580	system.exe
1924	system.exe
1924	system.exe
780	system.exe
780	system.exe
3536	system.exe
3536	system.exe
968	system.exe
968	system.exe
4656	system.exe
4656	system.exe
4248	system.exe
4248	system.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 4460	1640	43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe	85
PID 1640 wrote to memory of 4460	1640	43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe	85
PID 1640 wrote to memory of 4460	1640	43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe	85
PID 4460 wrote to memory of 4548	4460	userinit.exe	89
PID 4460 wrote to memory of 4548	4460	userinit.exe	89
PID 4460 wrote to memory of 4548	4460	userinit.exe	89
PID 4460 wrote to memory of 2324	4460	userinit.exe	92
PID 4460 wrote to memory of 2324	4460	userinit.exe	92
PID 4460 wrote to memory of 2324	4460	userinit.exe	92
PID 4460 wrote to memory of 4300	4460	userinit.exe	94
PID 4460 wrote to memory of 4300	4460	userinit.exe	94
PID 4460 wrote to memory of 4300	4460	userinit.exe	94
PID 4460 wrote to memory of 2188	4460	userinit.exe	96
PID 4460 wrote to memory of 2188	4460	userinit.exe	96
PID 4460 wrote to memory of 2188	4460	userinit.exe	96
PID 4460 wrote to memory of 4404	4460	userinit.exe	97
PID 4460 wrote to memory of 4404	4460	userinit.exe	97
PID 4460 wrote to memory of 4404	4460	userinit.exe	97
PID 4460 wrote to memory of 3992	4460	userinit.exe	99
PID 4460 wrote to memory of 3992	4460	userinit.exe	99
PID 4460 wrote to memory of 3992	4460	userinit.exe	99
PID 4460 wrote to memory of 1128	4460	userinit.exe	100
PID 4460 wrote to memory of 1128	4460	userinit.exe	100
PID 4460 wrote to memory of 1128	4460	userinit.exe	100
PID 4460 wrote to memory of 1464	4460	userinit.exe	101
PID 4460 wrote to memory of 1464	4460	userinit.exe	101
PID 4460 wrote to memory of 1464	4460	userinit.exe	101
PID 4460 wrote to memory of 3444	4460	userinit.exe	103
PID 4460 wrote to memory of 3444	4460	userinit.exe	103
PID 4460 wrote to memory of 3444	4460	userinit.exe	103
PID 4460 wrote to memory of 3620	4460	userinit.exe	104
PID 4460 wrote to memory of 3620	4460	userinit.exe	104
PID 4460 wrote to memory of 3620	4460	userinit.exe	104
PID 4460 wrote to memory of 1520	4460	userinit.exe	105
PID 4460 wrote to memory of 1520	4460	userinit.exe	105
PID 4460 wrote to memory of 1520	4460	userinit.exe	105
PID 4460 wrote to memory of 2560	4460	userinit.exe	107
PID 4460 wrote to memory of 2560	4460	userinit.exe	107
PID 4460 wrote to memory of 2560	4460	userinit.exe	107
PID 4460 wrote to memory of 4392	4460	userinit.exe	108
PID 4460 wrote to memory of 4392	4460	userinit.exe	108
PID 4460 wrote to memory of 4392	4460	userinit.exe	108
PID 4460 wrote to memory of 3336	4460	userinit.exe	109
PID 4460 wrote to memory of 3336	4460	userinit.exe	109
PID 4460 wrote to memory of 3336	4460	userinit.exe	109
PID 4460 wrote to memory of 4776	4460	userinit.exe	110
PID 4460 wrote to memory of 4776	4460	userinit.exe	110
PID 4460 wrote to memory of 4776	4460	userinit.exe	110
PID 4460 wrote to memory of 3780	4460	userinit.exe	111
PID 4460 wrote to memory of 3780	4460	userinit.exe	111
PID 4460 wrote to memory of 3780	4460	userinit.exe	111
PID 4460 wrote to memory of 4820	4460	userinit.exe	112
PID 4460 wrote to memory of 4820	4460	userinit.exe	112
PID 4460 wrote to memory of 4820	4460	userinit.exe	112
PID 4460 wrote to memory of 212	4460	userinit.exe	113
PID 4460 wrote to memory of 212	4460	userinit.exe	113
PID 4460 wrote to memory of 212	4460	userinit.exe	113
PID 4460 wrote to memory of 4340	4460	userinit.exe	114
PID 4460 wrote to memory of 4340	4460	userinit.exe	114
PID 4460 wrote to memory of 4340	4460	userinit.exe	114
PID 4460 wrote to memory of 3384	4460	userinit.exe	115
PID 4460 wrote to memory of 3384	4460	userinit.exe	115
PID 4460 wrote to memory of 3384	4460	userinit.exe	115
PID 4460 wrote to memory of 4804	4460	userinit.exe	116

C:\Users\Admin\AppData\Local\Temp\43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\43dcf05478833250d15ba492cf1ca381_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\userinit.exe
  C:\Windows\userinit.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4460
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4548
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2324
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4300
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2188
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4404
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3992
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1128
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1464
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3444
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3620
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1520
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2560
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4392
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3336
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4776
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3780
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4820
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:212
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4340
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3384
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4804
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5068
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2640
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2580
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1924
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:780
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3536
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:968
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4656
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4248
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4064
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:1128
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:5088
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:3576
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:3296
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:3520
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:512
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:5016
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:920
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:1032
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:1572
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4820
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:2216
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4472
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4892
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4804
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:1772
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4060
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4548
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:2292
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:2324
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4300
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:968
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:2336
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:3260
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:5048
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:1196
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:976
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:4644
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:3064
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:3672
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:1520
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    - Executes dropped EXE
    PID:1964
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4012
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3932
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4168
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3496
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4808
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2472
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:936
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3452
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4928
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4948
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1724
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1644
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5068
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4560
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4060
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:388
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2668
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2324
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3356
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:984
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4800
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1288
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:364
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3564
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3328
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3224
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1300
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4020
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1452
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4328
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2012
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4808
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2928
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2936
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3820
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1548
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1132
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4792
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4584
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2072
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2592
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4860
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4288
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4800
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1564
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2576
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3884
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3564
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:408
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3328
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3224
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4764
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4020
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2124
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4148
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4336
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1180
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4440
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2180
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3548
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3892
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4260
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3464
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2740
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3896
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5100
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4340
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4928
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2284
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3776
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:3356
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1876
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:748
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:5108
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:2656
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:1480
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:4360
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:376
- - C:\Windows\SysWOW64\system.exe
    C:\Windows\system32\system.exe
    3⤵
    PID:364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\userinit.exe

Filesize
80KB

MD5
43dcf05478833250d15ba492cf1ca381

SHA1
51a7df050834c19d7814a128d1b78ee133ce3e7f

SHA256
ffec80e33ca050c78c5af49a23b4943b68872b9bef75bbe75f4bf277fddec3f7

SHA512
14c81606af972ea7187efdecc3bc8dd1e299e41245f95134c3f522c6569b7f0292e862c986e956377db157f554c8943df82870fb3435aa7eddab186f07d38cae

Download Submit
memory/212-121-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/376-752-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/388-438-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/408-602-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/512-220-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/748-727-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/780-162-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/920-231-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/968-172-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/968-304-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/984-454-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/984-459-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1032-236-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1128-195-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1128-64-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1132-546-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1180-637-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1180-642-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1196-324-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1288-472-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1452-506-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1464-69-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1480-742-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1520-86-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1520-353-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1548-541-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1564-584-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1572-242-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1572-238-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1640-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/1640-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1640-18-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1644-418-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1724-409-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1772-273-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1876-722-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1924-157-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1964-358-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2180-652-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2188-49-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2188-45-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2188-44-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2216-252-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2284-701-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2324-294-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2324-448-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2324-31-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2324-30-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2324-35-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2336-309-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2344-712-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2472-390-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2560-91-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2580-152-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2592-564-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2640-147-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2656-737-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2668-443-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2928-526-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2936-532-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2936-527-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3064-343-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3224-612-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3224-492-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3260-314-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3296-210-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3328-607-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3328-487-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3336-101-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3356-717-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3356-453-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3384-132-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3444-75-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3452-399-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3464-673-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3496-379-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3496-374-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3520-215-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3548-657-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3564-597-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3564-482-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3576-205-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3620-81-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3776-706-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3780-111-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3892-663-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3932-368-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3992-59-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4012-363-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4020-501-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4020-623-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4060-279-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4060-433-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4064-189-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4148-632-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4168-373-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4248-184-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4260-668-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4288-575-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4300-37-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/4300-42-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4328-511-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4340-126-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4360-747-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4392-96-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4404-54-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4440-647-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4460-71-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/4460-77-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4460-128-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4460-12-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/4460-11-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4472-257-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4548-284-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4548-28-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4560-428-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4584-555-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4644-332-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4644-337-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4656-175-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4656-179-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4764-618-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4776-106-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4804-137-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4804-268-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4808-385-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4808-521-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4820-116-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4820-247-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4860-570-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4892-263-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4892-259-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4928-691-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4928-696-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4948-408-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/5016-225-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/5048-319-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/5068-142-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/5088-200-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/5100-686-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/5108-732-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download