Analysis

  • max time kernel
    64s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2024, 16:25

General

  • Target

    4316cee298df3ba612576e2b3acc9509_JaffaCakes118.exe

  • Size

    287KB

  • MD5

    4316cee298df3ba612576e2b3acc9509

  • SHA1

    d8ac2b6986e3aa9c2cb1dcadfee5579b7596e63d

  • SHA256

    63212deb9302b8727655c1378356473f6a2cc5d38b6aa3a581ea0825fabada7b

  • SHA512

    6efcb86039989086c579af4a97f7da2bff387e6859ff9f1aafc1ee92c3947f856bb5346707f6fb92a7e3f9044ecbf96d4beee42141dc3f1e82680bfb93d58fe8

  • SSDEEP

    6144:tppSggop+07WpVULMpaBD4o+9Dw2z+uuzKu4/eJlCHiddw0:17GVUtuo+9Dw2duz8wcHi

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Disables taskbar notifications via registry modification
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4316cee298df3ba612576e2b3acc9509_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4316cee298df3ba612576e2b3acc9509_JaffaCakes118.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2408
    • C:\Users\Admin\AppData\Local\Temp\4316cee298df3ba612576e2b3acc9509_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\4316cee298df3ba612576e2b3acc9509_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\BD033\AEBE9.exe%C:\Users\Admin\AppData\Roaming\BD033
      2⤵
        PID:4716
      • C:\Users\Admin\AppData\Local\Temp\4316cee298df3ba612576e2b3acc9509_JaffaCakes118.exe
        C:\Users\Admin\AppData\Local\Temp\4316cee298df3ba612576e2b3acc9509_JaffaCakes118.exe startC:\Program Files (x86)\33B0E\lvvm.exe%C:\Program Files (x86)\33B0E
        2⤵
          PID:4916
        • C:\Program Files (x86)\LP\E93B\15C5.tmp
          "C:\Program Files (x86)\LP\E93B\15C5.tmp"
          2⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4156
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:5108
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2284
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:2136
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1044
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1708
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3860
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1644
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3880
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:3944
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3968
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1092
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:5556
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5908
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:6084
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        PID:3668
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4864
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1588
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:5760
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:2704
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3980
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:2748
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:6132
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:5940
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:796
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5336
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:5868
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:3684
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4012
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:4980
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:5500
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:4336
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3596
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:5684
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:5464
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:5360
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:6104
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:5912
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:3944
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:3468
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:5784
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:1376
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:536
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:5912
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:6004
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4116
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:2940
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4696
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:5692
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:5236
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4372
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4296
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:3920
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:5576
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:6040
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:2884
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:6084
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:2788
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:5268
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4016
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:5296
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:5904
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:380
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3784
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:2788
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:1032
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:1996
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:3524
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4152
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:1316
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4100
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4928
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:2932
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3564
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:3372
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:5420
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:628
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:5512
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:4016
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:1856
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:2760
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:3468
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:4912
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:2532

                                                                                                                    Network

                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                          Replay Monitor

                                                                                                                          Loading Replay Monitor...

                                                                                                                          Downloads

                                                                                                                          • C:\Program Files (x86)\LP\E93B\15C5.tmp

                                                                                                                            Filesize

                                                                                                                            101KB

                                                                                                                            MD5

                                                                                                                            9830a063d6a451099715cfd584204e5a

                                                                                                                            SHA1

                                                                                                                            175d36b11f755dd1a10b317f473c4c0de261b9ca

                                                                                                                            SHA256

                                                                                                                            2f55100d9b31d4e69495fad29d831e7f1310f53089081da251ff52bf8b83ab28

                                                                                                                            SHA512

                                                                                                                            c4aadec9e09277a4819e70eedeb9fb80ef4e6e982c3abca0479ba96f54c5748970a7c431de21996cee66dda86835db998fe22c822b1e9ff81d3a9256cd1f4f17

                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

                                                                                                                            Filesize

                                                                                                                            471B

                                                                                                                            MD5

                                                                                                                            5a1c8b6db994749bf1db816c60d39b52

                                                                                                                            SHA1

                                                                                                                            ff5f09d7697a71d9deec8457145149e6e96028ce

                                                                                                                            SHA256

                                                                                                                            31a07dba8984e282ba45c0cbd8d9d83311dd1555337badedf25e3be5f544844d

                                                                                                                            SHA512

                                                                                                                            8591ac1a94ded79af2cca7d0b0e4a0e86ccde4ed9677e651af450821cb3f0bbea9fe07a941f64e7e0c9f9130c6f3fc3d63912b9bc157c632f1f2d3947f19b193

                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

                                                                                                                            Filesize

                                                                                                                            420B

                                                                                                                            MD5

                                                                                                                            dd8a0067e3d882a6d0fe6526075b2a56

                                                                                                                            SHA1

                                                                                                                            de71db29ba7aa3dd4393f65b01036ae380679da0

                                                                                                                            SHA256

                                                                                                                            e1d9f533244929c0dbda5bd67db4e7bc13a574507d31d0d68193eb93e4701546

                                                                                                                            SHA512

                                                                                                                            2c3ece0994197bd04e9f0cd34c31d4d8b454a985bf5c34ef9c8abb2b2f35f79900d80a748b648051c409ab24e817b8862c58db22b613062c5edd43ad33731b39

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            9b739de9344123fbe3b9a7335dfcfa0a

                                                                                                                            SHA1

                                                                                                                            ff93031270cb1d6dc588d574dd4536ff84db0d13

                                                                                                                            SHA256

                                                                                                                            99422b796bc6e7a1c7eb0e3e42fdcdd0b7ec3a96562c9652d71377cf9b429d30

                                                                                                                            SHA512

                                                                                                                            2db6abfa45133db5478e6ac08d33ffc33a0a835eb303c739b823e6aa3c31b5ac0b11d3f98238fb704a64424e500f8b9300e02c87200806b7af702e290b8807cf

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15

                                                                                                                            Filesize

                                                                                                                            36KB

                                                                                                                            MD5

                                                                                                                            0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                            SHA1

                                                                                                                            92495421ad887f27f53784c470884802797025ad

                                                                                                                            SHA256

                                                                                                                            0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                            SHA512

                                                                                                                            61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer

                                                                                                                            Filesize

                                                                                                                            36KB

                                                                                                                            MD5

                                                                                                                            ab0262f72142aab53d5402e6d0cb5d24

                                                                                                                            SHA1

                                                                                                                            eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                                            SHA256

                                                                                                                            20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                                            SHA512

                                                                                                                            bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133733967477946484.txt

                                                                                                                            Filesize

                                                                                                                            74KB

                                                                                                                            MD5

                                                                                                                            7d4cedc98a2ae6ca99a9df4b9cecec13

                                                                                                                            SHA1

                                                                                                                            2717b3371155c15ec0dce54ea59d855e7d2f37c9

                                                                                                                            SHA256

                                                                                                                            072c63fa37baa7ca4fc04c6d3e44de31647b7fade4985c3f4aff06d9102379db

                                                                                                                            SHA512

                                                                                                                            232d6ff7af974a711884ef52e2b021307612f9c10d6f4eea03d9d6de4ad7b41d3ea2867ba10a6dfb1a96eb02ac23f038a0c5c485c27024a8c266866331c9f6ba

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2C1DWAXK\microsoft.windows[1].xml

                                                                                                                            Filesize

                                                                                                                            96B

                                                                                                                            MD5

                                                                                                                            e348d00fe7b19d8e8f6efc5cd8f3be59

                                                                                                                            SHA1

                                                                                                                            de85b87da07da2e4b4215ef312d318f1b329ca6e

                                                                                                                            SHA256

                                                                                                                            4ee26da36e3b7d5c9f14f2ed8d6c75c10434acec949dc6e550f176b9acb84dd7

                                                                                                                            SHA512

                                                                                                                            a0a9a671e08cb35904098426cf1b50a11d6a0c7be57f684f9808f5c953ac2732dd1f090c3d12260870056a1ee5f9097ad9872715c798fba196d7212a536afcbe

                                                                                                                          • C:\Users\Admin\AppData\Roaming\BD033\3B0E.D03

                                                                                                                            Filesize

                                                                                                                            996B

                                                                                                                            MD5

                                                                                                                            076b3e7abb01ad7f86e2226b1751d18a

                                                                                                                            SHA1

                                                                                                                            f17b47141c6b637c1473c69ad1d667c1b13a646d

                                                                                                                            SHA256

                                                                                                                            bb5d4af873c60ebccec0678c1adaef2402619eb2a6f85136ae3889ca2088b00c

                                                                                                                            SHA512

                                                                                                                            d484b16aa6ca0a79705f9c32f730f1dfda35cdfc6ab6f5ebb975099e19d96d3a546c280f617c0b9be8d0c94ebe33e8c553c1dae94fd8076cbefee27f003d3405

                                                                                                                          • C:\Users\Admin\AppData\Roaming\BD033\3B0E.D03

                                                                                                                            Filesize

                                                                                                                            600B

                                                                                                                            MD5

                                                                                                                            afad9d42cf27852837bd4b0fcb1885bf

                                                                                                                            SHA1

                                                                                                                            fc637cea9ee11911f9b88c0abf9aa0bd320a9933

                                                                                                                            SHA256

                                                                                                                            352408c6d058142d52a4f1c6a1c904337edf0040030248b96ad912edb16c4b05

                                                                                                                            SHA512

                                                                                                                            a14a58b3885b5f6dbff8d2df1e96253504bb95187c7bb683604615a38158ab9d1f39e79f6d826e9cbb1fb291274bebd1fdb97b5c5388f5a677b1e7185003246b

                                                                                                                          • C:\Users\Admin\AppData\Roaming\BD033\3B0E.D03

                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            49d367f347f1f32c14aeeeac883fc8c1

                                                                                                                            SHA1

                                                                                                                            e6b92ed1880374d62942e2144b39d3937517f0b2

                                                                                                                            SHA256

                                                                                                                            298fa10184c3560f9d62c1f1feccd910b405dbc250066d537d67045d2eb0616c

                                                                                                                            SHA512

                                                                                                                            8f7d57f890c7a817c68f322f4214abfc6f7658a0024f604c6aeefa32ab5215e4f669c8a0da3411d9df2994ff2b1b7e618e06937d24388a80dafde869f5a6dbd7

                                                                                                                          • C:\Users\Admin\AppData\Roaming\BD033\3B0E.D03

                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            d49c1d4aa3dd588d30d89bd3ee115aa1

                                                                                                                            SHA1

                                                                                                                            0dc67cccea622ee45be3161bcb44c6c2e8fd497c

                                                                                                                            SHA256

                                                                                                                            ec398014082a36d14c72962bd0803d10db9d449e62d4f2c31c19c08a78914342

                                                                                                                            SHA512

                                                                                                                            dfcba62e151fbc09e0280ed587a975f1c724489fd3aea40ff558ecb1eb8b2a2f883c3ec899337b0574c9cf46ee02b1a3665019c8580e36c35b649e1375db4152

                                                                                                                          • memory/796-1222-0x00000000044F0000-0x00000000044F1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                          • memory/1092-492-0x00000160D6660000-0x00000160D6680000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/1092-489-0x00000160D5300000-0x00000160D5400000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/1092-501-0x00000160D6620000-0x00000160D6640000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/1092-511-0x00000160D6A20000-0x00000160D6A40000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/1588-790-0x00000160110B0000-0x00000160110D0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/1588-820-0x0000016011480000-0x00000160114A0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/1588-802-0x0000016011070000-0x0000016011090000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/2408-644-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            428KB

                                                                                                                          • memory/2408-119-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            428KB

                                                                                                                          • memory/2408-13-0x0000000000400000-0x0000000000468000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            416KB

                                                                                                                          • memory/2408-1-0x0000000000400000-0x0000000000468000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            416KB

                                                                                                                          • memory/2408-11-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            428KB

                                                                                                                          • memory/2408-2-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            428KB

                                                                                                                          • memory/2748-1080-0x0000000004D20000-0x0000000004D21000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                          • memory/3596-1515-0x000001FD0E120000-0x000001FD0E220000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/3596-1514-0x000001FD0E120000-0x000001FD0E220000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/3596-1513-0x000001FD0E120000-0x000001FD0E220000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/3668-782-0x0000000002B90000-0x0000000002B91000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                          • memory/3684-1372-0x0000000004540000-0x0000000004541000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                          • memory/3860-310-0x00000000040A0000-0x00000000040A1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                          • memory/3880-313-0x0000021327A00000-0x0000021327B00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/3880-312-0x0000021327A00000-0x0000021327B00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/3880-326-0x00000213289E0000-0x0000021328A00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/3880-348-0x0000021328DF0000-0x0000021328E10000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/3880-317-0x0000021328A20000-0x0000021328A40000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/3944-485-0x0000000004130000-0x0000000004131000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                          • memory/3980-933-0x0000015366120000-0x0000015366220000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/3980-956-0x0000015367230000-0x0000015367250000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/3980-938-0x0000015367270000-0x0000015367290000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/3980-934-0x0000015366120000-0x0000015366220000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/3980-970-0x0000015367640000-0x0000015367660000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/4156-634-0x0000000000400000-0x000000000041C000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            112KB

                                                                                                                          • memory/4716-14-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            428KB

                                                                                                                          • memory/4716-15-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            428KB

                                                                                                                          • memory/4916-121-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            428KB

                                                                                                                          • memory/4916-122-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            428KB

                                                                                                                          • memory/4980-1379-0x000002F1ADB40000-0x000002F1ADB60000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/4980-1389-0x000002F1ADB00000-0x000002F1ADB20000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/4980-1402-0x000002F1ADF10000-0x000002F1ADF30000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/4980-1375-0x000002F1ACA00000-0x000002F1ACB00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/4980-1374-0x000002F1ACA00000-0x000002F1ACB00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/5500-1511-0x0000000002E80000-0x0000000002E81000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                          • memory/5556-636-0x0000000004B90000-0x0000000004B91000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                          • memory/5760-932-0x0000000004270000-0x0000000004271000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                          • memory/5868-1225-0x00000139B8320000-0x00000139B8420000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/5868-1260-0x00000139B9440000-0x00000139B9460000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/5868-1261-0x00000139B9850000-0x00000139B9870000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/5868-1224-0x00000139B8320000-0x00000139B8420000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/5868-1229-0x00000139B9480000-0x00000139B94A0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/5940-1095-0x000002845B130000-0x000002845B150000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/5940-1106-0x000002845B540000-0x000002845B560000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/5940-1087-0x000002845B170000-0x000002845B190000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/5940-1083-0x000002845A020000-0x000002845A120000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/5940-1082-0x000002845A020000-0x000002845A120000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/6084-643-0x0000021D86AF0000-0x0000021D86B10000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/6084-655-0x0000021D86AB0000-0x0000021D86AD0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/6084-666-0x0000021D870C0000-0x0000021D870E0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                          • memory/6084-639-0x0000021D85D00000-0x0000021D85E00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                          • memory/6084-638-0x0000021D85D00000-0x0000021D85E00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB