Overview

overview

10

Static

static

3

9cc561de18...18.exe

windows7-x64

10

9cc561de18...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    63s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2024 17:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9cc561de18a275896bcf6b945c41160e_JaffaCakes118.exe

  • Size

    287KB

  • MD5

    9cc561de18a275896bcf6b945c41160e

  • SHA1

    8e5f5fdadcbd837169919f5f959e460053629702

  • SHA256

    334f963f2ad5644b97f07224dcf166aa3b944a921837e745c64e872824dc85c2

  • SHA512

    38e986684d9b0d9c2f8c754398031f5ae1a068f97b2267be4f0dafe0c9483aa8f5385240cffeffce179ce81afa4366ad5fdf3680ba39d95097411ccc052285a2

  • SSDEEP

    6144:qZUm+gSdhIMs8G9IlFINk1JuZvwLMLRFfM+BIGk:q8dNswlSNkDwwLwMG

Score
10/10
cycbotponybackdoorcredential_accessdiscoveryevasionpersistenceratspywarestealerupx

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

    backdoorratcycbot
  • Cycbot family
    cycbot
  • Detects Cycbot payload 6 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Pony family
    pony
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\9cc561de18a275896bcf6b945c41160e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc561de18a275896bcf6b945c41160e_JaffaCakes118.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:4528
    • C:\Users\Admin\AppData\Local\Temp\9cc561de18a275896bcf6b945c41160e_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\9cc561de18a275896bcf6b945c41160e_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\B0C14\B5429.exe%C:\Users\Admin\AppData\Roaming\B0C14
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1292
    • C:\Users\Admin\AppData\Local\Temp\9cc561de18a275896bcf6b945c41160e_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\9cc561de18a275896bcf6b945c41160e_JaffaCakes118.exe startC:\Program Files (x86)\14800\lvvm.exe%C:\Program Files (x86)\14800
      2⤵
      • System Location Discovery: System Language Discovery
      PID:216
    • C:\Program Files (x86)\LP\298B\4ED.tmp
      "C:\Program Files (x86)\LP\298B\4ED.tmp"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4580
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2604
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1488
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4940
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:216
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1500
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2164
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    PID:3368
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1696
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3144
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3784
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4564
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2348
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3832
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1856
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4740
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4088
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5004
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4244
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3336
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3316
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4588
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2460
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4240
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1660
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4220
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:1140
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:2036
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:2848
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:3372
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:2236
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:2836
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:1700
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4796
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:2912
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3640
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:1624
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3632
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:640
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2092
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:1580
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3684
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:3144
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4992
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4164
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:5016
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:1668
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4252
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:1624
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:2380
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:5004
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:3496
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:4452
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:4168
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:2272
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:864
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:3272
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:4152
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4948
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:3892
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:1732
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4516
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3296
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:3144
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:3356
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:5016
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:1532
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4564
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:4024
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:2884
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:1864
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4752
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:1664
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:3244
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:4552
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:1700
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:1236
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:4308
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:2936

                                                                                                            Network

                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                            Reconnaissance

                                                                                                            Resource Development

                                                                                                            Initial Access

                                                                                                            Execution

                                                                                                            Persistence

                                                                                                            Boot or Logon Autostart Execution

                                                                                                            2
                                                                                                            T1547

                                                                                                            Active Setup

                                                                                                            1
                                                                                                            T1547.014

                                                                                                            Registry Run Keys / Startup Folder

                                                                                                            1
                                                                                                            T1547.001

                                                                                                            Create or Modify System Process

                                                                                                            1
                                                                                                            T1543

                                                                                                            Windows Service

                                                                                                            1
                                                                                                            T1543.003

                                                                                                            Privilege Escalation

                                                                                                            Boot or Logon Autostart Execution

                                                                                                            2
                                                                                                            T1547

                                                                                                            Active Setup

                                                                                                            1
                                                                                                            T1547.014

                                                                                                            Registry Run Keys / Startup Folder

                                                                                                            1
                                                                                                            T1547.001

                                                                                                            Create or Modify System Process

                                                                                                            1
                                                                                                            T1543

                                                                                                            Windows Service

                                                                                                            1
                                                                                                            T1543.003

                                                                                                            Defense Evasion

                                                                                                            Modify Registry

                                                                                                            5
                                                                                                            T1112

                                                                                                            Credential Access

                                                                                                            Credentials from Password Stores

                                                                                                            1
                                                                                                            T1555

                                                                                                            Credentials from Web Browsers

                                                                                                            1
                                                                                                            T1555.003

                                                                                                            Unsecured Credentials

                                                                                                            3
                                                                                                            T1552

                                                                                                            Credentials In Files

                                                                                                            3
                                                                                                            T1552.001

                                                                                                            Discovery

                                                                                                            Peripheral Device Discovery

                                                                                                            2
                                                                                                            T1120

                                                                                                            Query Registry

                                                                                                            4
                                                                                                            T1012

                                                                                                            System Information Discovery

                                                                                                            2
                                                                                                            T1082

                                                                                                            System Location Discovery

                                                                                                            1
                                                                                                            T1614

                                                                                                            System Language Discovery

                                                                                                            1
                                                                                                            T1614.001

                                                                                                            Lateral Movement

                                                                                                            Collection

                                                                                                            Data from Local System

                                                                                                            2
                                                                                                            T1005

                                                                                                            Command and Control

                                                                                                            Exfiltration

                                                                                                            Impact

                                                                                                            Replay Monitor

                                                                                                            Loading Replay Monitor...

                                                                                                            Downloads

                                                                                                            • C:\Program Files (x86)\LP\298B\4ED.tmp
                                                                                                              Filesize

                                                                                                              100KB

                                                                                                              MD5

                                                                                                              04c5f23edb2dce847afa3f16cf348e24

                                                                                                              SHA1

                                                                                                              fbdfcac8c2b868ffd26c64bc9832a3c8e75badb9

                                                                                                              SHA256

                                                                                                              600fd91072a0a0bb94c6f49a6fd8bab953113d2170ea59d456d25d23ec829e70

                                                                                                              SHA512

                                                                                                              18264658e8e3731d20fc653b4b4504d49218177b8beef6435401b3fd82ba43cc3a6b8b329a63653bc13906ede754391127abce5657f204919b625d1af4134c60

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                              Filesize

                                                                                                              471B

                                                                                                              MD5

                                                                                                              99ba6b7f0f3ec8d66a8b6a80669c7b3d

                                                                                                              SHA1

                                                                                                              33ad0940219903cb4f9cf461b4f4bb711b9919f3

                                                                                                              SHA256

                                                                                                              d3b813690dfc256c53b3af9fc4015f5aa3344abb4416ce0d79bc2ce6603d299b

                                                                                                              SHA512

                                                                                                              eb9f31ef0c68f76f91ab1b0fe9d6c04237fa5dc1889d9ee31ae4186588d5da3903ccee6f8c25a9fd5c870364594798d3d5bcf462bef46cb301ae3acf29d4044c

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                              Filesize

                                                                                                              412B

                                                                                                              MD5

                                                                                                              30f10fcb965eee25cc1ecd117f94337a

                                                                                                              SHA1

                                                                                                              aa2d19dd7d226d7b89d33e186717ffb00f28608c

                                                                                                              SHA256

                                                                                                              4040bcc98425ae7e428f64bead1dc8ee541e5973b60bf34069605b0811fe69f6

                                                                                                              SHA512

                                                                                                              a278b2735b65ecbf750a3d7b459fa4cf1a8670a041278fa223e789763e1d5fe1c35fc4bff9f0463f470569a07a39bb3f58a94706e629d204dc48447c589f19d2

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                              Filesize

                                                                                                              2KB

                                                                                                              MD5

                                                                                                              7eb898bbe81db6af19c67f685251dfe9

                                                                                                              SHA1

                                                                                                              f2b65da9dac081d3bd9f5a844e7d23e7a0c4f846

                                                                                                              SHA256

                                                                                                              e06d67e2450c4ccd29b8736e9b672b55301b97c648c5df360a97e4a0c76a4cfb

                                                                                                              SHA512

                                                                                                              d1e0f0d3d0f448435df1c5da90383b439ebd9ddd951affb6008a0e3dbef110c244d527eba829f896d4f340bccba6699cd4b1cb6dbe139273f9c60987b6d3019e

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1QK7O5FT\microsoft.windows[1].xml
                                                                                                              Filesize

                                                                                                              97B

                                                                                                              MD5

                                                                                                              d999f65105ba511b9a85c92595366aa5

                                                                                                              SHA1

                                                                                                              acd1800ccb77d1ed5bf43fd29c05fbcdd9d14adb

                                                                                                              SHA256

                                                                                                              626774fae7cf7de253841c4d2244fa2a50cc4a5abf5cb2d2006afd836412ba5a

                                                                                                              SHA512

                                                                                                              c793a44c17918e30348fe2b836bfbcf0edacb4f76b99f6dc6a67d8047cfbd2079645a853500e9520b202883f8cce2433690406edf47b08cf334272df6c4c60f9

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Roaming\B0C14\4800.0C1
                                                                                                              Filesize

                                                                                                              996B

                                                                                                              MD5

                                                                                                              cacc2d95609c5bfcbc95e8ed0311af2b

                                                                                                              SHA1

                                                                                                              e743188d2ea26e4a45e88c721281aab299096972

                                                                                                              SHA256

                                                                                                              1253dba29cfcfeeb0167b70f877988cb63939c0431a87852df8d2a6c58f8bb9c

                                                                                                              SHA512

                                                                                                              7ed97236d232efe90dd6aeae87c59e43c4ed43d4d10c697245e3a8a9657ac2f00b49aba2b61c8551b133ad57e7a413cd14909ee5f796ad7a7333bf01333faee0

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Roaming\B0C14\4800.0C1
                                                                                                              Filesize

                                                                                                              600B

                                                                                                              MD5

                                                                                                              37bddc375ffd47773e3531e0f0221b49

                                                                                                              SHA1

                                                                                                              e09141b7547e3ac6440f4bddb5c8018f6d167c9e

                                                                                                              SHA256

                                                                                                              0c84a670c2d89bf3d24ce26913145fbae2fa427f27140e83bf0502c1250b6ec7

                                                                                                              SHA512

                                                                                                              0d20a9f22d0b84d9c63a56b6e677194856221bcc9521d34b773672dda9ce51ba2d5705674d1c6ba9a4a2a76d54bd83a4bd374ddc4773f0c4040ba3aef4d87a5d

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Roaming\B0C14\4800.0C1
                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              fd30805a34bb910e6bc04d33dc5f7c19

                                                                                                              SHA1

                                                                                                              7a07b4b59966a9819bec150927a903093c2508b4

                                                                                                              SHA256

                                                                                                              c33bcacf6e3b9222b137377b5bfe2a6441e59ce3ff47656e626d62f0758791cb

                                                                                                              SHA512

                                                                                                              05e24de1dfa225289c32e39fa3dc6591b8e37b9539f6585648422402749c0ba6f57cfc6c1ef3cdc1e14a0c7ade274a2cc47c89b5902b6f239f1599875020ab6b

                                                                                                              Download Submit

                                                                                                            • C:\Users\Admin\AppData\Roaming\B0C14\4800.0C1
                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              d268a1750c05a309c385f8fb2352c0de

                                                                                                              SHA1

                                                                                                              265570d79ab4bba08f29812e00b4d2f47931140d

                                                                                                              SHA256

                                                                                                              43cab1b73d99acf6c2162166cb38b0dc78f5cb0d0c9a6682dc1814c68de3af2a

                                                                                                              SHA512

                                                                                                              8d10d9fc484ab23b839cdab7be6099da77a353791b9b6661561054a73f664956ac9fc1b4cb159bb4acb415b56b943bd5ad79fe1f911864e4821c9457753a7492

                                                                                                              Download Submit

                                                                                                            • memory/216-145-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                              Filesize

                                                                                                              432KB

                                                                                                              Download

                                                                                                            • memory/216-311-0x0000000004300000-0x0000000004301000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/1292-15-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                              Filesize

                                                                                                              432KB

                                                                                                              Download

                                                                                                            • memory/1292-14-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                              Filesize

                                                                                                              432KB

                                                                                                              Download

                                                                                                            • memory/1660-1225-0x000001A697C20000-0x000001A697D20000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/1660-1230-0x000001A698D70000-0x000001A698D90000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/1660-1226-0x000001A697C20000-0x000001A697D20000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/1660-1253-0x000001A699140000-0x000001A699160000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/1660-1242-0x000001A698D30000-0x000001A698D50000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/2036-1389-0x0000020FD5FE0000-0x0000020FD6000000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/2036-1376-0x0000020FD5100000-0x0000020FD5200000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/2036-1380-0x0000020FD6220000-0x0000020FD6240000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/2164-349-0x000001A3E6BA0000-0x000001A3E6BC0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/2164-350-0x000001A3E6FB0000-0x000001A3E6FD0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/2164-319-0x000001A3E6BE0000-0x000001A3E6C00000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/2164-314-0x000001A3E5BB0000-0x000001A3E5CB0000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/2348-632-0x000001FE30770000-0x000001FE30870000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/2348-637-0x000001FE316D0000-0x000001FE316F0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/2348-649-0x000001FE31690000-0x000001FE316B0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/2348-661-0x000001FE31CA0000-0x000001FE31CC0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/2460-1223-0x0000000004A30000-0x0000000004A31000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/3144-481-0x00000256852D0000-0x00000256852F0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/3144-477-0x0000025684500000-0x0000025684600000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/3144-476-0x0000025684500000-0x0000025684600000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/3144-478-0x0000025684500000-0x0000025684600000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/3144-513-0x00000256858A0000-0x00000256858C0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/3144-494-0x0000025685290000-0x00000256852B0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/3336-1076-0x0000000002810000-0x0000000002811000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/3368-474-0x0000000004060000-0x0000000004061000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/3784-629-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/3832-773-0x0000000004880000-0x0000000004881000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/4088-922-0x0000000004510000-0x0000000004511000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/4220-1374-0x00000000045B0000-0x00000000045B1000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              Download

                                                                                                            • memory/4244-926-0x0000025D5EE40000-0x0000025D5EF40000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4244-925-0x0000025D5EE40000-0x0000025D5EF40000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4244-930-0x0000026560F90000-0x0000026560FB0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4244-952-0x0000026561360000-0x0000026561380000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4244-942-0x0000026560F50000-0x0000026560F70000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4528-1-0x0000000000400000-0x0000000000469000-memory.dmp

                                                                                                              Filesize

                                                                                                              420KB

                                                                                                              Download

                                                                                                            • memory/4528-2-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                              Filesize

                                                                                                              432KB

                                                                                                              Download

                                                                                                            • memory/4528-11-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                              Filesize

                                                                                                              432KB

                                                                                                              Download

                                                                                                            • memory/4528-13-0x0000000000400000-0x0000000000469000-memory.dmp

                                                                                                              Filesize

                                                                                                              420KB

                                                                                                              Download

                                                                                                            • memory/4528-628-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                              Filesize

                                                                                                              432KB

                                                                                                              Download

                                                                                                            • memory/4528-143-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                              Filesize

                                                                                                              432KB

                                                                                                              Download

                                                                                                            • memory/4580-631-0x0000000000400000-0x000000000041C000-memory.dmp

                                                                                                              Filesize

                                                                                                              112KB

                                                                                                              Download

                                                                                                            • memory/4588-1094-0x0000018B3F200000-0x0000018B3F220000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4588-1111-0x0000018B3F820000-0x0000018B3F840000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4588-1082-0x0000018B3F240000-0x0000018B3F260000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4588-1077-0x0000018B3E300000-0x0000018B3E400000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4740-775-0x00000122B5E00000-0x00000122B5F00000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4740-776-0x00000122B5E00000-0x00000122B5F00000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4740-777-0x00000122B5E00000-0x00000122B5F00000-memory.dmp

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              Download

                                                                                                            • memory/4740-812-0x00000122B7280000-0x00000122B72A0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4740-780-0x00000122B6CA0000-0x00000122B6CC0000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download

                                                                                                            • memory/4740-803-0x00000122B6C60000-0x00000122B6C80000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              Download