Analysis

  • max time kernel
    68s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-09-2024 03:44

General

  • Target

    df6d4fb5b398bc1051f5a5914d7e41b6_JaffaCakes118.exe

  • Size

    279KB

  • MD5

    df6d4fb5b398bc1051f5a5914d7e41b6

  • SHA1

    8055da8133ae2398edafd675bac8f5315dabbeba

  • SHA256

    dee566569bb0f7ecb40d8148fe88e4643cfecd03fcf796866fe1cd582e023bc1

  • SHA512

    61d0ce8421eb620122790d3124e231954d88cb270c54369d5d77cc135c448f9d8ca3c409ed66d47e9aecd9c25af85e2526401ab1f11260f56f919426b7fac54c

  • SSDEEP

    6144:J7nr+l65RAHqjeEnozHOEKS64yoRHfmTj8UiUDTQv:J7XRGgdozHLDLRH+NXk

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Disables taskbar notifications via registry modification
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\df6d4fb5b398bc1051f5a5914d7e41b6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\df6d4fb5b398bc1051f5a5914d7e41b6_JaffaCakes118.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:4964
    • C:\Users\Admin\AppData\Local\Temp\df6d4fb5b398bc1051f5a5914d7e41b6_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\df6d4fb5b398bc1051f5a5914d7e41b6_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\A1146\03263.exe%C:\Users\Admin\AppData\Roaming\A1146
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2996
    • C:\Users\Admin\AppData\Local\Temp\df6d4fb5b398bc1051f5a5914d7e41b6_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\df6d4fb5b398bc1051f5a5914d7e41b6_JaffaCakes118.exe startC:\Program Files (x86)\4680B\lvvm.exe%C:\Program Files (x86)\4680B
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2872
    • C:\Program Files (x86)\LP\630A\858.tmp
      "C:\Program Files (x86)\LP\630A\858.tmp"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4960
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2148
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4524
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3512
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2364
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5076
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4428
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4040
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3508
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4188
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3916
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4872
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4428
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2024
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1912
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:520
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3508
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1824
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1232
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3740
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1912
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4176
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3796
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3436
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:968
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4708
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3912
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4336
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2316
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4752
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:2548
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:4700
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:3876
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:4192
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:932
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3852
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:2940
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:2604
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:648
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:5016
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:4304
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:3984
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:2276
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:1700
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:5004
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:3756
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:2548
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:2612
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:2528
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:520
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:4416
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:4336
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:4496
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:1920
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:3268
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:4004
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:2212
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:4932
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:3512
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:2856
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:1248
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:4528
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:456
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:2384
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:3648
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:960
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3692
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:3676
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:1452
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:388
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:4548
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:1028
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:4428
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:1232
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:2484
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:4784
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:2444
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:1060

                                                                                                  Network

                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                  Replay Monitor

                                                                                                  Loading Replay Monitor...

                                                                                                  Downloads

                                                                                                  • C:\Program Files (x86)\LP\630A\858.tmp

                                                                                                    Filesize

                                                                                                    99KB

                                                                                                    MD5

                                                                                                    0d57642cffb4a4de227c0021ece3ec81

                                                                                                    SHA1

                                                                                                    ce9d649dbcaf9e418064118bc26cd26c5fa50034

                                                                                                    SHA256

                                                                                                    45fd7c3592c44074a862a22e362f2afbf4e718c0fcb13afbff95f4f7bdfe9c1d

                                                                                                    SHA512

                                                                                                    340a0548cfdb6ab092b082d187262dcaf36c00c0b1ef2b03e3b3588105a139a2e2d55021f2151d2042b807da0a6bd7e4790fa3fa590e599d2a90fe9a8748a3fd

                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

                                                                                                    Filesize

                                                                                                    471B

                                                                                                    MD5

                                                                                                    ddab9ba6d995c9cccd95964b4ad4ce40

                                                                                                    SHA1

                                                                                                    5345a6d122113475b8a2b36b3273efe1ea48f4e8

                                                                                                    SHA256

                                                                                                    f492031400502c7376269631d12a43ee11b3908b03a1bb0da7882bf23b0a7e9b

                                                                                                    SHA512

                                                                                                    ed56b541c9bab8cfbbef667351774a27133d47f3269c193f77bdc0b3108c7d4c090657a9e9c1bfe446d58badb6c56b99565784f4db3e04b85cdd7993a8a0dde4

                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

                                                                                                    Filesize

                                                                                                    420B

                                                                                                    MD5

                                                                                                    e0bad1c53dc5ff3d209cf82ef3557fa9

                                                                                                    SHA1

                                                                                                    607c2a8b6adc26b6c17e25d0719c413e924922c9

                                                                                                    SHA256

                                                                                                    1a87fedf3e8985a397d915ef8f5f7afb7cc96a86497e91badbb123c894b8a429

                                                                                                    SHA512

                                                                                                    407ec4702d27febb5e8ebb34b3b9cfc1bfcef27ce860685cb8d83ef05a807f9617d9a6bf49d71f27c7e34fb256233886e754354909d169fceccefb54cae949a9

                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    259a9f839f31ca573442ac9ce6237402

                                                                                                    SHA1

                                                                                                    74dd2a00d2effc2844a388807630286adf7243ed

                                                                                                    SHA256

                                                                                                    aeabd16457199314b2354e0c5a651540ff3a9c2d6028228ed560b7f01c2131ee

                                                                                                    SHA512

                                                                                                    a165d4fd0f5e3a4cdadd8239ed68d54078337e43b34c42480b6c2b15b71d75aee28d76dfc905778376a8b27c7bbdb107b79a08e2f7d90eb60769848b1580cf71

                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15

                                                                                                    Filesize

                                                                                                    36KB

                                                                                                    MD5

                                                                                                    0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                    SHA1

                                                                                                    92495421ad887f27f53784c470884802797025ad

                                                                                                    SHA256

                                                                                                    0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                    SHA512

                                                                                                    61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer

                                                                                                    Filesize

                                                                                                    36KB

                                                                                                    MD5

                                                                                                    ab0262f72142aab53d5402e6d0cb5d24

                                                                                                    SHA1

                                                                                                    eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                    SHA256

                                                                                                    20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                    SHA512

                                                                                                    bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PNRCYTYY\microsoft.windows[1].xml

                                                                                                    Filesize

                                                                                                    97B

                                                                                                    MD5

                                                                                                    5e22ac0cbcc2cfca04d1b6983de47d88

                                                                                                    SHA1

                                                                                                    2cec1efb9cc1a5882ea7880bfcbe947c3361c37f

                                                                                                    SHA256

                                                                                                    15c78df0dc6078f22a8655187b6bc79f1142f5ca86fc151e361b748b119bdc4d

                                                                                                    SHA512

                                                                                                    fe181661eb50f5460f51015d576f688ffd9aa9a9c8e2dd1308416a15e2784d5fd1c0dfb3e2819c357c999aa9be208b372b185616e17c3691cf798e4e861bf870

                                                                                                  • C:\Users\Admin\AppData\Roaming\A1146\680B.114

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    4e19be3e458f81efbbf4fef556dcf9c7

                                                                                                    SHA1

                                                                                                    caca9b48575f5e05d23f617f2591019dc8097ef8

                                                                                                    SHA256

                                                                                                    07f237570301a68646499c24dfe236ba108caf7acc064ff7ff235c384c6e34cf

                                                                                                    SHA512

                                                                                                    fafaa58b07081873d7eee8c7987132c90e34baa5292aae61baf1013feb179d94de21b8ad059fbacef0242549ba8dc2e1e482676f7307db677182e3f708a62695

                                                                                                  • C:\Users\Admin\AppData\Roaming\A1146\680B.114

                                                                                                    Filesize

                                                                                                    600B

                                                                                                    MD5

                                                                                                    9ec70af19b73da3d6270a2aa3dfa2639

                                                                                                    SHA1

                                                                                                    34a81c028a4b19acc1750c64252627cbd5652dbe

                                                                                                    SHA256

                                                                                                    2864bf14a0e5bca2f54f2a3e3d24159559261dbdb579dac825987784b18eb328

                                                                                                    SHA512

                                                                                                    bd6623ebc7b159f05191f82972acc3c73b4baab798f6c21dea483081c96edfd4ee50c2f56771aa66af2b01f066f10be6d403c47f5e2cc9d779503a337efa2494

                                                                                                  • C:\Users\Admin\AppData\Roaming\A1146\680B.114

                                                                                                    Filesize

                                                                                                    996B

                                                                                                    MD5

                                                                                                    a15e3f5695f7bb9e1598a1551c669468

                                                                                                    SHA1

                                                                                                    671285bcda3efb16082907282990d88bc0c345b0

                                                                                                    SHA256

                                                                                                    052c7b340d035529d4ad24b9eb4dd2e5ffc02885f5c656986450f228f8c5f98e

                                                                                                    SHA512

                                                                                                    5fe78fb90b97d1504e434443c380bcc532d6c4ef30c933adb6a13c7c04eb8fc899dd9cbd1b1819f33077b173d86403918eb5437d65b091c82c4dfa6d6a0b296f

                                                                                                  • memory/520-639-0x00000000010B0000-0x00000000010B1000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                  • memory/968-1091-0x00000000046D0000-0x00000000046D1000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                  • memory/1232-793-0x0000000004790000-0x0000000004791000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                  • memory/1824-641-0x000002A8E7370000-0x000002A8E7470000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/1824-640-0x000002A8E7370000-0x000002A8E7470000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/1824-645-0x000002A8E82D0000-0x000002A8E82F0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/1824-668-0x000002A8E88A0000-0x000002A8E88C0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/1824-655-0x000002A8E8290000-0x000002A8E82B0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/1912-795-0x00000192C3600000-0x00000192C3700000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/1912-495-0x0000017F92900000-0x0000017F92A00000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/1912-797-0x00000192C3600000-0x00000192C3700000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/1912-800-0x00000192C44F0000-0x00000192C4510000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/1912-825-0x00000192C4AC0000-0x00000192C4AE0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/1912-814-0x00000192C44B0000-0x00000192C44D0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/1912-500-0x0000017F93A20000-0x0000017F93A40000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/1912-796-0x00000192C3600000-0x00000192C3700000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/1912-523-0x0000017F93DE0000-0x0000017F93E00000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/1912-512-0x0000017F937D0000-0x0000017F937F0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/2872-80-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                    Filesize

                                                                                                    428KB

                                                                                                  • memory/2996-13-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                    Filesize

                                                                                                    428KB

                                                                                                  • memory/2996-15-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                    Filesize

                                                                                                    428KB

                                                                                                  • memory/2996-16-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                    Filesize

                                                                                                    428KB

                                                                                                  • memory/3436-944-0x0000024F52900000-0x0000024F52A00000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/3436-980-0x0000024F54020000-0x0000024F54040000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/3436-958-0x0000024F53C20000-0x0000024F53C40000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/3436-945-0x0000024F52900000-0x0000024F52A00000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/3436-948-0x0000024F53C60000-0x0000024F53C80000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/3436-943-0x0000024F52900000-0x0000024F52A00000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/3508-216-0x000002302F260000-0x000002302F280000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/3508-180-0x000002302DD40000-0x000002302DE40000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/3508-193-0x000002302EC50000-0x000002302EC70000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/3508-181-0x000002302DD40000-0x000002302DE40000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/3508-185-0x000002302EC90000-0x000002302ECB0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/3912-1098-0x0000024FDC700000-0x0000024FDC720000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/3912-1093-0x0000024FDB800000-0x0000024FDB900000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/3912-1110-0x0000024FDC1B0000-0x0000024FDC1D0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/3912-1122-0x0000024FDCCC0000-0x0000024FDCCE0000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/3912-1094-0x0000024FDB800000-0x0000024FDB900000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/4176-941-0x0000000004620000-0x0000000004621000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                  • memory/4188-340-0x0000000004650000-0x0000000004651000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                  • memory/4336-1243-0x0000000004960000-0x0000000004961000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                  • memory/4428-178-0x0000000002C20000-0x0000000002C21000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                  • memory/4428-493-0x00000000023E0000-0x00000000023E1000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                  • memory/4752-1260-0x0000018C41030000-0x0000018C41050000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/4752-1250-0x0000018C41070000-0x0000018C41090000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/4752-1246-0x0000018C3FF20000-0x0000018C40020000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/4752-1245-0x0000018C3FF20000-0x0000018C40020000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/4872-377-0x000001D79C720000-0x000001D79C740000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/4872-347-0x000001D79C760000-0x000001D79C780000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/4872-343-0x000001D79B600000-0x000001D79B700000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/4872-344-0x000001D79B600000-0x000001D79B700000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/4872-379-0x000001D79CB30000-0x000001D79CB50000-memory.dmp

                                                                                                    Filesize

                                                                                                    128KB

                                                                                                  • memory/4872-342-0x000001D79B600000-0x000001D79B700000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/4960-490-0x0000000000400000-0x000000000041C000-memory.dmp

                                                                                                    Filesize

                                                                                                    112KB

                                                                                                  • memory/4964-14-0x0000000000400000-0x0000000000468000-memory.dmp

                                                                                                    Filesize

                                                                                                    416KB

                                                                                                  • memory/4964-492-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                    Filesize

                                                                                                    428KB

                                                                                                  • memory/4964-78-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                    Filesize

                                                                                                    428KB

                                                                                                  • memory/4964-1-0x0000000000400000-0x0000000000468000-memory.dmp

                                                                                                    Filesize

                                                                                                    416KB

                                                                                                  • memory/4964-11-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                    Filesize

                                                                                                    428KB

                                                                                                  • memory/4964-2-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                    Filesize

                                                                                                    428KB