Overview

overview

8

Static

static

7

dfcb9e0fc1...18.exe

windows7-x64

8

dfcb9e0fc1...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    64s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/09/2024, 08:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dfcb9e0fc1f969697fd80cf34f5591e5_JaffaCakes118.exe

  • Size

    52KB

  • MD5

    dfcb9e0fc1f969697fd80cf34f5591e5

  • SHA1

    70ecf32f351c72bea754c6998f54e9758907fb70

  • SHA256

    9255b906667b466ae7cb5b54ee5ce57281730f77318845470d5ff226c696bc38

  • SHA512

    c1c673e84ed53e9057c20f035c71bd3234546ecb33da8a6c8dbc0dfb5585106b9fbf4013ce86aafa1e5aa7def3a432fe5ffacba0961dfc65d99f3e105fcad080

  • SSDEEP

    1536:a/BaV7B17CJ/I7vOhK2KNS8BifhDTLKkEzx:Nv7s/IzUKctfhDf8x

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 14 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 28 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 23 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\dfcb9e0fc1f969697fd80cf34f5591e5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dfcb9e0fc1f969697fd80cf34f5591e5_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2748
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:860
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2552
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4296
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1756
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4120
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3132
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5008
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2440
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2768
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:752
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4404
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:760
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4092
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3916
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1188
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:2840
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4648
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4124
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:1908
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1436
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4976
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4884
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5028
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:752
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4020
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3936
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3164
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3808
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4300
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4340
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4252
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4992
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:908
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3740
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:964
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2828
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3824
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:2084
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:3464
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:1016
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4584
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:1036
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:2792
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:436
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:1760
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:1164
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3108
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:2316
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:1104
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:2260
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:1964
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3968
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3676
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:2792
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4516
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3740
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:1800
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:1164
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:3880
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:2160
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:1404
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:2204
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:964
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2156
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:932
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:1452
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4028
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:1664
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:2492
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4444
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:2648
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:1268
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4420
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:2440
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:4464
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:4784
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:1832
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:4104
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3184
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:5048
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:1860
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:2172
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:2156
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:5092
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:4796
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:4568
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:3092
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:4976
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:4784

                                                                                                          Network

                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                Replay Monitor

                                                                                                                Loading Replay Monitor...

                                                                                                                Downloads

                                                                                                                • C:\Program Files\Internet Explorer\IEXPLORER.EXE
                                                                                                                  Filesize

                                                                                                                  18KB

                                                                                                                  MD5

                                                                                                                  75841f234d770b70f4bfdf69c6e545c8

                                                                                                                  SHA1

                                                                                                                  2f1c96faa3ecf8288c36ffbc4e3605806c6bef74

                                                                                                                  SHA256

                                                                                                                  2a38c06f76019cc1a411c2c84e06864942e3c2ff04e2daed50cbe509edabe36f

                                                                                                                  SHA512

                                                                                                                  1314544ace13fe728ca9a2b247eb0bf157edbd624efe2de534d5ae0783535720e186364c805882fa5d0a2720b9aee06652f65dd1b4bb6bb846951346b1b3fa62

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                  Filesize

                                                                                                                  471B

                                                                                                                  MD5

                                                                                                                  5f305219ce5b073ab4e863fbccf5975d

                                                                                                                  SHA1

                                                                                                                  90c125a1d9b82e37991ad5c0d02c99aaef32e3a6

                                                                                                                  SHA256

                                                                                                                  13b31cc60ce234615c39ada1fe661a7acf65106bff3788fb6c7bbbba304741ec

                                                                                                                  SHA512

                                                                                                                  82ffd9ac2d9e735b9004a976464b74030e97d7281ae2ffaaf6afe38e6788f73e1167f8daa432f73c2971ee32e611a2a80765fa2ddb48bf94cbb1abc0a6397020

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                  Filesize

                                                                                                                  420B

                                                                                                                  MD5

                                                                                                                  1892319523e8aafefeabbcf17a9ac152

                                                                                                                  SHA1

                                                                                                                  ecf82911467964f2158b2a4aa2ab6b18ad888131

                                                                                                                  SHA256

                                                                                                                  ae13f8d0980a5460a543e22e5e7809d90297d8816a069a869a23bdbe6fc869f2

                                                                                                                  SHA512

                                                                                                                  89828c0911548654064ff3aee2f9ee0490a0b15ec7d25ea4fd4360dbed9c8764d0fe90eff6e617d993a4eda5bba5bc360015fab0cc82dfde5f1b1693644b09f1

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                  Filesize

                                                                                                                  2KB

                                                                                                                  MD5

                                                                                                                  1f1a2c26f915d5aad70db125f982de96

                                                                                                                  SHA1

                                                                                                                  6c66d3b6927e74f21bd018d8eea0b4ff9dfc9d67

                                                                                                                  SHA256

                                                                                                                  4721f503cb5b4facc2fafe764a3e30296c945ab4c0383da54cc493ac53ef6288

                                                                                                                  SHA512

                                                                                                                  c0d52accb88229ab7a08031cb7843c729e37fa123364da1842274ae64611fe4313ffc88ec1185e42229ee9a88accac8382c5c675494146767a0b362139e149cc

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\IHOCIHIW\microsoft.windows[1].xml
                                                                                                                  Filesize

                                                                                                                  96B

                                                                                                                  MD5

                                                                                                                  10447c28373b986c3dce4e7f2156814c

                                                                                                                  SHA1

                                                                                                                  03a482fa42dea8871c350394101b11f341ef6762

                                                                                                                  SHA256

                                                                                                                  376615a0b4dac87295162c3d924e67e4bf0dd77e02af1264c1520f22ec5378d8

                                                                                                                  SHA512

                                                                                                                  4fab536505b12b462254a2cfad102fabf29161a25f824de2b0201265c406f6a14b13049767bb2a6afff5ffe5e7703be0b7906a1740fea3d0dc2d6d8c13459abd

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Public\Desktop\Internet Explore.lnk
                                                                                                                  Filesize

                                                                                                                  1KB

                                                                                                                  MD5

                                                                                                                  cd93f3ede8005384881ff219a348b85e

                                                                                                                  SHA1

                                                                                                                  aad0415682f685b73b59e4af536e306d31e22846

                                                                                                                  SHA256

                                                                                                                  d351c395abfb3efe8b7142ecc8c8f36020a1dde181db17ae5732d040f51d1096

                                                                                                                  SHA512

                                                                                                                  2cca4dfb4ad45befc7b280dcc8cc39c8a04033fae5a9b1af314aa324fd38838294d5eb44a92cb8e394170156f9e088204747cbfe3ba2f69cbf477f5119451766

                                                                                                                  Download Submit

                                                                                                                • memory/752-185-0x0000000004640000-0x0000000004641000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/752-813-0x0000015C2FD20000-0x0000015C2FD40000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/752-809-0x0000015C2F920000-0x0000015C2F940000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/752-781-0x0000015C2F960000-0x0000015C2F980000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/760-188-0x0000027F94720000-0x0000027F94820000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/760-186-0x0000027F94720000-0x0000027F94820000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/760-191-0x0000028796870000-0x0000028796890000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/760-187-0x0000027F94720000-0x0000027F94820000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/760-211-0x0000028796C40000-0x0000028796C60000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/760-198-0x0000028796830000-0x0000028796850000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/908-1244-0x000002326CBB0000-0x000002326CBD0000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/908-1219-0x000002326C5E0000-0x000002326C600000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/908-1232-0x000002326C5A0000-0x000002326C5C0000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/908-1215-0x0000022A6A700000-0x0000022A6A800000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/908-1214-0x0000022A6A700000-0x0000022A6A800000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/1188-333-0x000001FA37340000-0x000001FA37440000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/1188-334-0x000001FA37340000-0x000001FA37440000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/1188-370-0x000001FA388C0000-0x000001FA388E0000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/1188-369-0x000001FA38260000-0x000001FA38280000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/1188-338-0x000001FA382A0000-0x000001FA382C0000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/1908-626-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/2748-0-0x0000000000400000-0x0000000000420000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/2748-20-0x0000000000400000-0x0000000000420000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/2828-1364-0x000002896AE00000-0x000002896AF00000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/2828-1363-0x000002896AE00000-0x000002896AF00000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/2828-1368-0x000002896BD60000-0x000002896BD80000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/2828-1377-0x000002896BD20000-0x000002896BD40000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/2840-474-0x0000000004590000-0x0000000004591000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3164-958-0x000001D5FC480000-0x000001D5FC4A0000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/3164-922-0x000001D5FAF50000-0x000001D5FB050000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/3164-938-0x000001D5FBE70000-0x000001D5FBE90000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/3164-926-0x000001D5FBEB0000-0x000001D5FBED0000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/3164-921-0x000001D5FAF50000-0x000001D5FB050000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/3740-1361-0x00000000045B0000-0x00000000045B1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3808-1064-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/4020-919-0x0000000004480000-0x0000000004481000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/4092-331-0x00000000040C0000-0x00000000040C1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/4120-31-0x0000000004D60000-0x0000000004D61000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/4124-513-0x0000027477630000-0x0000027477650000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/4124-491-0x0000027477220000-0x0000027477240000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/4124-482-0x0000027477260000-0x0000027477280000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/4252-1212-0x00000000046E0000-0x00000000046E1000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/4340-1067-0x000001ACFCB00000-0x000001ACFCC00000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/4340-1085-0x000001B4FEC20000-0x000001B4FEC40000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/4340-1066-0x000001ACFCB00000-0x000001ACFCC00000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/4340-1071-0x000001B4FEC60000-0x000001B4FEC80000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/4340-1098-0x000001B4FF020000-0x000001B4FF040000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/4884-775-0x0000000004D20000-0x0000000004D21000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/4976-628-0x000001C360000000-0x000001C360100000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/4976-665-0x000001C3614D0000-0x000001C3614F0000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/4976-630-0x000001C360000000-0x000001C360100000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/4976-633-0x000001C361100000-0x000001C361120000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/4976-629-0x000001C360000000-0x000001C360100000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/4976-653-0x000001C360DC0000-0x000001C360DE0000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/5008-69-0x000002F1EEA40000-0x000002F1EEA60000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/5008-47-0x000002F1EE630000-0x000002F1EE650000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/5008-38-0x000002F1EE670000-0x000002F1EE690000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  128KB

                                                                                                                  Download

                                                                                                                • memory/5008-33-0x000002F1ED520000-0x000002F1ED620000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/5008-34-0x000002F1ED520000-0x000002F1ED620000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download

                                                                                                                • memory/5008-35-0x000002F1ED520000-0x000002F1ED620000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1024KB

                                                                                                                  Download