Overview

overview

10

Static

static

3

ed3fcb4c6a...18.exe

windows7-x64

10

ed3fcb4c6a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    56s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-09-2024 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed3fcb4c6a79b25e7f2993b38481136f_JaffaCakes118.exe

  • Size

    274KB

  • MD5

    ed3fcb4c6a79b25e7f2993b38481136f

  • SHA1

    eee06943f300f791c2ce33df318e07a16288c448

  • SHA256

    7014485f23b9e0f68f4c36f9fc9d4cc023447e59ed996dcaa83ef3940c74f5ad

  • SHA512

    6415a74750eaa1516e8cebec83cf1ed1d8fc8af5c2ff8868203ebe779f2319e035a13be2df3ac0ab9664e96a01cb8f27045515c0cb8e030cb488182eed7b436c

  • SSDEEP

    6144:1F0Pppe+THshLJXx6SPbdjrfd4arjt6Jt93sF6RY3QumMk2plqo:1FQvd01h6OZjzOSjt6o2YAz+F

Score
10/10
ponycredential_accessdiscoveryevasionpersistenceratspywarestealerupx

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony
  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 8 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 16 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed3fcb4c6a79b25e7f2993b38481136f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3fcb4c6a79b25e7f2993b38481136f_JaffaCakes118.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2760
    • C:\Users\Admin\AppData\Local\Temp\ed3fcb4c6a79b25e7f2993b38481136f_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\ed3fcb4c6a79b25e7f2993b38481136f_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\3F2B9\F88D4.exe%C:\Users\Admin\AppData\Roaming\3F2B9
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4284
    • C:\Program Files (x86)\LP\D4A3\E1D0.tmp
      "C:\Program Files (x86)\LP\D4A3\E1D0.tmp"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:5804
    • C:\Users\Admin\AppData\Local\Temp\ed3fcb4c6a79b25e7f2993b38481136f_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\ed3fcb4c6a79b25e7f2993b38481136f_JaffaCakes118.exe startC:\Program Files (x86)\B9080\lvvm.exe%C:\Program Files (x86)\B9080
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4372
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4044
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4404,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
    1⤵
      PID:4840
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1376
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4568
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1952
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4276
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1232
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1292
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4880
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:5960
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:5180
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5388
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4424
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4136
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5600
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:5412
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:5336
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:376
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:804
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2512
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4812
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Modifies registry class
      PID:3784
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:4380
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:1156
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:6040
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:3688
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:5892
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:4500
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:5840
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:4372
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:1172
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:2116
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:5944
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:5768
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:2500
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:4520
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:5480
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:3596
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:5048
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4848
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:5248
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:1228
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:2772
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:5612
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:4380
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:4860
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:5212
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:4872
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:5176
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:2116
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:2512
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:6140
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:2408
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:4312
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:4356
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:5924
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:1116
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:2612
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:4128
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4620
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:5732
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:4764
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:2088
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:4488
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:4864
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:5928
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:2264
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:5152
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:1320
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:5200
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:4860
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:5160
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:5204

                                                                                                          Network

                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                          Reconnaissance

                                                                                                          Resource Development

                                                                                                          Initial Access

                                                                                                          Execution

                                                                                                          Persistence

                                                                                                          Boot or Logon Autostart Execution

                                                                                                          2
                                                                                                          T1547

                                                                                                          Active Setup

                                                                                                          1
                                                                                                          T1547.014

                                                                                                          Registry Run Keys / Startup Folder

                                                                                                          1
                                                                                                          T1547.001

                                                                                                          Create or Modify System Process

                                                                                                          1
                                                                                                          T1543

                                                                                                          Windows Service

                                                                                                          1
                                                                                                          T1543.003

                                                                                                          Privilege Escalation

                                                                                                          Boot or Logon Autostart Execution

                                                                                                          2
                                                                                                          T1547

                                                                                                          Active Setup

                                                                                                          1
                                                                                                          T1547.014

                                                                                                          Registry Run Keys / Startup Folder

                                                                                                          1
                                                                                                          T1547.001

                                                                                                          Create or Modify System Process

                                                                                                          1
                                                                                                          T1543

                                                                                                          Windows Service

                                                                                                          1
                                                                                                          T1543.003

                                                                                                          Defense Evasion

                                                                                                          Modify Registry

                                                                                                          5
                                                                                                          T1112

                                                                                                          Credential Access

                                                                                                          Credentials from Password Stores

                                                                                                          1
                                                                                                          T1555

                                                                                                          Credentials from Web Browsers

                                                                                                          1
                                                                                                          T1555.003

                                                                                                          Unsecured Credentials

                                                                                                          3
                                                                                                          T1552

                                                                                                          Credentials In Files

                                                                                                          3
                                                                                                          T1552.001

                                                                                                          Discovery

                                                                                                          Peripheral Device Discovery

                                                                                                          2
                                                                                                          T1120

                                                                                                          Query Registry

                                                                                                          4
                                                                                                          T1012

                                                                                                          System Information Discovery

                                                                                                          2
                                                                                                          T1082

                                                                                                          System Location Discovery

                                                                                                          1
                                                                                                          T1614

                                                                                                          System Language Discovery

                                                                                                          1
                                                                                                          T1614.001

                                                                                                          Lateral Movement

                                                                                                          Collection

                                                                                                          Data from Local System

                                                                                                          2
                                                                                                          T1005

                                                                                                          Command and Control

                                                                                                          Exfiltration

                                                                                                          Impact

                                                                                                          Replay Monitor

                                                                                                          Loading Replay Monitor...

                                                                                                          Downloads

                                                                                                          • C:\Program Files (x86)\LP\D4A3\E1D0.tmp
                                                                                                            Filesize

                                                                                                            97KB

                                                                                                            MD5

                                                                                                            7d85cc2afbee438e00b7671b185b5517

                                                                                                            SHA1

                                                                                                            f4c93254402e1072cadd01b1e0f5648a00cf705f

                                                                                                            SHA256

                                                                                                            b56ff7b2c8511a02267af00c56b544ca305b70987446d917eb90522d653d9b7f

                                                                                                            SHA512

                                                                                                            09a5ea70d2e16053af893334ac6988c64c2e8e3f0bc862efe2716e35502e2285a4467dd4d5ba3f0449a7f32eb3dd1dc86e327b7760ed69547263e40757f834dd

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                            Filesize

                                                                                                            471B

                                                                                                            MD5

                                                                                                            109b0900e7476ed981f16034b342d64b

                                                                                                            SHA1

                                                                                                            7abe77549520d523d52115a4bc97d78357af6699

                                                                                                            SHA256

                                                                                                            97a89e0b088fcaf6c8e44cbb2b05701b99c4e12619539e91dd0303a58b282257

                                                                                                            SHA512

                                                                                                            1afc2e959942ff517a35f47b5cce3fc7dbc731a61922acc5c0522854e7aac6f428e467609c88f93db3ba01efe83f18a165c5e2b5f7497fbfeb6de0b8eb3f3e63

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                            Filesize

                                                                                                            420B

                                                                                                            MD5

                                                                                                            b08e572f0e80b97e810ae08fa5cc80f7

                                                                                                            SHA1

                                                                                                            2bde99dfd3a3cc56d920d9fa593f3f49d26731f6

                                                                                                            SHA256

                                                                                                            9a77baa2a2ffc58156dde045bef3b5a9dc4e7c71721225ed4b9a944ea281561c

                                                                                                            SHA512

                                                                                                            ebabf31cb52dc7d624e19c48ab927dcab314825a653e697ed33776e095c8d33bf5291964b5bceeda7ae6e964542d39faf613642c64f7fa82f9c98d5d7e560385

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            595f2e04561c70183d2f5c1498df7239

                                                                                                            SHA1

                                                                                                            6b0421eb2ed33e03a739b1cb49cc619ca3877a23

                                                                                                            SHA256

                                                                                                            2ed084911b6739af95c80b6854c02a4d0175d7c207fbb4ad3c2ff33ba9693910

                                                                                                            SHA512

                                                                                                            9ef28115faf00ae7d2ef10b0a5567e4ee89a6e94c729976de51269f4084e85c20310017c684645db157285ae1b3497bc68a22c7865b8debebabb992eebf46c8e

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\EH25NGOT\microsoft.windows[1].xml
                                                                                                            Filesize

                                                                                                            97B

                                                                                                            MD5

                                                                                                            f729e9923d3053c3555af6436eb8568b

                                                                                                            SHA1

                                                                                                            343e60bf32531a8e8ba71536961ca1afbf7bf6ec

                                                                                                            SHA256

                                                                                                            8d2875304491260051610fedda03092631f8c4436ae2a86226cb77dc7ef95e7c

                                                                                                            SHA512

                                                                                                            031083c972e7ac59c725d7b618bbf414bd52aa472b8c5597a50fdcbab3b9aa5540f394aff1a15709ce6f8eb5cb33717d62fd5c7f31de1bf7f6f79854ead31f6c

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Roaming\3F2B9\9080.F2B
                                                                                                            Filesize

                                                                                                            600B

                                                                                                            MD5

                                                                                                            76755fa10678918b75cee6bb88b1ae81

                                                                                                            SHA1

                                                                                                            a80e62d6348bd5895eb8da50e18e18a6b42c48ce

                                                                                                            SHA256

                                                                                                            24a8a85f9c6c32f51bf4eea6a6e3e68ccca13b11543820a3dc7e0c1d2867313c

                                                                                                            SHA512

                                                                                                            ee50843bdeb654819427f59049bb6fc1f8ccea37bb92141369515d95b5e42f43da21795b09632b16d266bf18ec04083beb2f3e9855d9d58e1f1d9a398149dfdc

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Roaming\3F2B9\9080.F2B
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            f03cbef1fcfa846a86906c0c25443a17

                                                                                                            SHA1

                                                                                                            a51d18a902b99e861a702515bc12328cf6d115bd

                                                                                                            SHA256

                                                                                                            d141d6dfb41e81793eba87f22583244830b45ece5ebe18d2be14805fca9eb434

                                                                                                            SHA512

                                                                                                            202ec6ef64caa4d77b392a7293252b6bfca740df91aa1d8367cdc97384ae72fecd12473d235128ca8bdab0a872081e122b78e8bd4064f5ebc06efd7e4e96b8ec

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Roaming\3F2B9\9080.F2B
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            0120583e766977e492b335de74cadfdf

                                                                                                            SHA1

                                                                                                            026e02cf4b5058119b3a27a1775a84d916c218e2

                                                                                                            SHA256

                                                                                                            0228053a45bdc6c2aafd31cb0a5e8bff3b2130d83f6841aa5319eb9b5a857469

                                                                                                            SHA512

                                                                                                            062e2a0c2df2d5e639a727ec0b3a24000efd8eea2e7dd56b706b4a821090b6e34f5aa39e2b969ce56e0311d190e326e8ff09031a44d030ce2483105a88e429d0

                                                                                                            Download Submit

                                                                                                          • memory/376-653-0x000001EAD7B00000-0x000001EAD7C00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/376-690-0x000001EAD8FE0000-0x000001EAD9000000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/376-658-0x000001EAD8C10000-0x000001EAD8C30000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/376-654-0x000001EAD7B00000-0x000001EAD7C00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/376-689-0x000001EAD8BD0000-0x000001EAD8BF0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/804-896-0x0000000003FB0000-0x0000000003FB1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/1156-1051-0x00000224A8340000-0x00000224A8440000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/1156-1083-0x00000224A9860000-0x00000224A9880000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1156-1050-0x00000224A8340000-0x00000224A8440000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/1156-1068-0x00000224A9450000-0x00000224A9470000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1156-1055-0x00000224A9490000-0x00000224A94B0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/1232-188-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/2760-15-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                                            Filesize

                                                                                                            412KB

                                                                                                            Download

                                                                                                          • memory/2760-3-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                            Filesize

                                                                                                            424KB

                                                                                                            Download

                                                                                                          • memory/2760-0-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                            Filesize

                                                                                                            424KB

                                                                                                            Download

                                                                                                          • memory/2760-2-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                                            Filesize

                                                                                                            412KB

                                                                                                            Download

                                                                                                          • memory/2760-13-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                            Filesize

                                                                                                            424KB

                                                                                                            Download

                                                                                                          • memory/2760-499-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                            Filesize

                                                                                                            424KB

                                                                                                            Download

                                                                                                          • memory/3784-1049-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4284-19-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                            Filesize

                                                                                                            424KB

                                                                                                            Download

                                                                                                          • memory/4284-16-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                            Filesize

                                                                                                            424KB

                                                                                                            Download

                                                                                                          • memory/4284-17-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                            Filesize

                                                                                                            424KB

                                                                                                            Download

                                                                                                          • memory/4372-1345-0x0000028566A00000-0x0000028566B00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4372-1349-0x00000285678B0000-0x00000285678D0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4372-618-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                            Filesize

                                                                                                            424KB

                                                                                                            Download

                                                                                                          • memory/4372-1358-0x0000028567870000-0x0000028567890000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4372-1346-0x0000028566A00000-0x0000028566B00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4372-1344-0x0000028566A00000-0x0000028566B00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4424-501-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4500-1343-0x0000000004070000-0x0000000004071000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/4812-916-0x0000025521900000-0x0000025521920000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4812-927-0x0000025521F00000-0x0000025521F20000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4812-903-0x0000025521940000-0x0000025521960000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4812-898-0x0000025520A00000-0x0000025520B00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/4880-208-0x0000025674E30000-0x0000025674E50000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4880-226-0x0000025675240000-0x0000025675260000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/4880-195-0x0000025674E70000-0x0000025674E90000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/5388-347-0x000002711A900000-0x000002711AA00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/5388-382-0x000002711BE30000-0x000002711BE50000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/5388-350-0x000002711BA60000-0x000002711BA80000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/5388-346-0x000002711A900000-0x000002711AA00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/5388-345-0x000002711A900000-0x000002711AA00000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/5388-360-0x000002711BA20000-0x000002711BA40000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/5412-652-0x0000000004C90000-0x0000000004C91000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/5600-504-0x0000019494400000-0x0000019494500000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/5600-503-0x0000019494400000-0x0000019494500000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/5600-508-0x0000019495540000-0x0000019495560000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/5600-534-0x0000019495910000-0x0000019495930000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/5600-521-0x0000019495500000-0x0000019495520000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/5804-493-0x0000000000400000-0x000000000041C000-memory.dmp

                                                                                                            Filesize

                                                                                                            112KB

                                                                                                            Download

                                                                                                          • memory/5892-1196-0x00000190EF450000-0x00000190EF550000-memory.dmp

                                                                                                            Filesize

                                                                                                            1024KB

                                                                                                            Download

                                                                                                          • memory/5892-1211-0x00000190F0570000-0x00000190F0590000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/5892-1233-0x00000190F0980000-0x00000190F09A0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/5892-1201-0x00000190F05B0000-0x00000190F05D0000-memory.dmp

                                                                                                            Filesize

                                                                                                            128KB

                                                                                                            Download

                                                                                                          • memory/5960-343-0x0000000004AC0000-0x0000000004AC1000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/6040-1194-0x0000000004630000-0x0000000004631000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download