Overview

overview

10

Static

static

3

bdacad4358...18.exe

windows7-x64

10

bdacad4358...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    74s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2024 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bdacad4358d8b0564424bbf9192c5e9c_JaffaCakes118.exe

  • Size

    283KB

  • MD5

    bdacad4358d8b0564424bbf9192c5e9c

  • SHA1

    4c711c89be94335a9e20ffaa5b5357f22c3b228f

  • SHA256

    481a56795b86a777070f36254275d71f72a47847136a689bdea04f5e94a942cc

  • SHA512

    e3b89f4afdc167b6661defe5a6681d301e66e16cb7fcef5e717474049fae959ac1767de3dafaa5225feed4ec92f06db64f6eae5fb0143e54da3938c74fb2c3ee

  • SSDEEP

    6144:PgchfR1of7O4orm2gVBQCLpp9uvJt5q29qa8L566+IDGAqDqWPojOA:4kfgzgfinj9uvJe159/LWQL

Score
10/10
cycbotponybackdoorcredential_accessdiscoveryevasionpersistenceratspywarestealerupx

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

    backdoorratcycbot
  • Cycbot family
    cycbot
  • Detects Cycbot payload 7 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Pony family
    pony
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 12 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\bdacad4358d8b0564424bbf9192c5e9c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bdacad4358d8b0564424bbf9192c5e9c_JaffaCakes118.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1580
    • C:\Users\Admin\AppData\Local\Temp\bdacad4358d8b0564424bbf9192c5e9c_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\bdacad4358d8b0564424bbf9192c5e9c_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\A6938\6D852.exe%C:\Users\Admin\AppData\Roaming\A6938
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2960
    • C:\Users\Admin\AppData\Local\Temp\bdacad4358d8b0564424bbf9192c5e9c_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\bdacad4358d8b0564424bbf9192c5e9c_JaffaCakes118.exe startC:\Program Files (x86)\38303\lvvm.exe%C:\Program Files (x86)\38303
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3280
    • C:\Program Files (x86)\LP\528A\149C.tmp
      "C:\Program Files (x86)\LP\528A\149C.tmp"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3424
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4112
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2336
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:448
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4568
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4692
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2192
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    PID:1796
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2952
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4212
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3472
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3184
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5024
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4472
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4152
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1636
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4676
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4432
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:4028
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4316
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4108
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1632
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3824
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3084
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4164
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3620
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3524
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4036
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2992
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3300
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:888
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4992
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4072
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3292
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2600
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
      PID:5104
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:1744
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:2836
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:4308
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:1048
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:3612
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:1228
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:3760
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:4028
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:228
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:2860
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:4416
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:2656
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:4932
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:1716
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:1468
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:4808
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:3788
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:392
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:3680
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:388
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:3620
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:4552
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:3672
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:1752
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4184
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:4700
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:4212
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:3688
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:1424
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:3676
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:4980
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:2660
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:1640
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:2956
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:1988
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:3512
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:1400
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:4040
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:1624
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:1584
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:3280
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:4196
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:4656
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:4816
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:4784

                                                                                              Network

                                                                                              MITRE ATT&CK Enterprise v15

                                                                                              Reconnaissance

                                                                                              Resource Development

                                                                                              Initial Access

                                                                                              Execution

                                                                                              Persistence

                                                                                              Boot or Logon Autostart Execution

                                                                                              2
                                                                                              T1547

                                                                                              Active Setup

                                                                                              1
                                                                                              T1547.014

                                                                                              Registry Run Keys / Startup Folder

                                                                                              1
                                                                                              T1547.001

                                                                                              Create or Modify System Process

                                                                                              1
                                                                                              T1543

                                                                                              Windows Service

                                                                                              1
                                                                                              T1543.003

                                                                                              Privilege Escalation

                                                                                              Boot or Logon Autostart Execution

                                                                                              2
                                                                                              T1547

                                                                                              Active Setup

                                                                                              1
                                                                                              T1547.014

                                                                                              Registry Run Keys / Startup Folder

                                                                                              1
                                                                                              T1547.001

                                                                                              Create or Modify System Process

                                                                                              1
                                                                                              T1543

                                                                                              Windows Service

                                                                                              1
                                                                                              T1543.003

                                                                                              Defense Evasion

                                                                                              Modify Registry

                                                                                              5
                                                                                              T1112

                                                                                              Credential Access

                                                                                              Credentials from Password Stores

                                                                                              1
                                                                                              T1555

                                                                                              Credentials from Web Browsers

                                                                                              1
                                                                                              T1555.003

                                                                                              Unsecured Credentials

                                                                                              3
                                                                                              T1552

                                                                                              Credentials In Files

                                                                                              3
                                                                                              T1552.001

                                                                                              Discovery

                                                                                              Peripheral Device Discovery

                                                                                              2
                                                                                              T1120

                                                                                              Query Registry

                                                                                              4
                                                                                              T1012

                                                                                              System Information Discovery

                                                                                              2
                                                                                              T1082

                                                                                              System Location Discovery

                                                                                              1
                                                                                              T1614

                                                                                              System Language Discovery

                                                                                              1
                                                                                              T1614.001

                                                                                              Lateral Movement

                                                                                              Collection

                                                                                              Data from Local System

                                                                                              2
                                                                                              T1005

                                                                                              Command and Control

                                                                                              Exfiltration

                                                                                              Impact

                                                                                              Replay Monitor

                                                                                              Loading Replay Monitor...

                                                                                              Downloads

                                                                                              • C:\Program Files (x86)\LP\528A\149C.tmp
                                                                                                Filesize

                                                                                                100KB

                                                                                                MD5

                                                                                                a7ed9038e4cd6d1fb462df4c0750f8f4

                                                                                                SHA1

                                                                                                1e9ed1991330322f48a624cffe11d5c89619587f

                                                                                                SHA256

                                                                                                6cbf51577edb732c2c90fa18e2384b97c97332da36cc815ae7a7e85bb6c11e13

                                                                                                SHA512

                                                                                                3724af484d94733c715102862c03d6b834f9bf0801f0c00ffae7be64d5db6c4212c33732c3048a5b367d3dcf1fc98c9b905a2f1b780a84a35a6e84b26cd548c5

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                Filesize

                                                                                                471B

                                                                                                MD5

                                                                                                45936605b5725fe4de4526a632dfd431

                                                                                                SHA1

                                                                                                9384724fb3d04b294ce91eb1b7e243e3d911a892

                                                                                                SHA256

                                                                                                24911a1abff6305b2e61d98f5baa9c73b7c1ca3abbd5a3ef0ffcab967e62a2a6

                                                                                                SHA512

                                                                                                31ef10076be74eafdf3c4d7aa28d1432af7d877ced89a879507b03b14a039f2bebe445380aca75c3fb7290c6e3137831939973b8231bb38de3c268b97640991b

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                Filesize

                                                                                                412B

                                                                                                MD5

                                                                                                cc10f05dd306b918739a0b0d9318f08e

                                                                                                SHA1

                                                                                                2639514754be79e974c59ea0114059c48bf7b433

                                                                                                SHA256

                                                                                                3e7ea969ca68bb94a2333db99c7eb792d6ff530f5aaadfc6e14e0688b05315c8

                                                                                                SHA512

                                                                                                ee801d931ea0ecb62a86cb0cb58a91cb3ade4cc004c20e3b178c46bca5f65d952b91d1b99fe9a0723dde1aad75439bef4677248804e47ad5aaeca60a49191c4c

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                Filesize

                                                                                                2KB

                                                                                                MD5

                                                                                                4a8653dbc287850e86eaf55f09808765

                                                                                                SHA1

                                                                                                a9f845064e464fd909082ddb96442c79bd8fca00

                                                                                                SHA256

                                                                                                904dd166dcdcf5c792dd05cbee2e4f4bf38ede15841b7b098c910257ac28db7c

                                                                                                SHA512

                                                                                                741287153ee6a94ce9e51b1a14e5f01d2b3203e15d37e69b85b372222b9199c026629fdd5612d70185958f50e6084b97a52db70715afae7cc74d7095a6559fd7

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BXW86519\microsoft.windows[1].xml
                                                                                                Filesize

                                                                                                97B

                                                                                                MD5

                                                                                                63cd961e204170b14592b1fc849122a0

                                                                                                SHA1

                                                                                                91a669822ca57111634c8d8095df45b3d2c7ba9e

                                                                                                SHA256

                                                                                                093381f300311d2fd72cc5f9cbd234db87f8a9fcc4a488f9a45e7bbb36cfdd63

                                                                                                SHA512

                                                                                                e07cd619279175456a6f0e1ec3bad2a95ead488536c489e11400de118b2dc3a59a1355f78b44507c5067ffef8ecb213569627ccb9e94ad2e2eb136a4ac7f9820

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Roaming\A6938\8303.693
                                                                                                Filesize

                                                                                                996B

                                                                                                MD5

                                                                                                26a5f618912a2a208bce24facb093067

                                                                                                SHA1

                                                                                                34e980966708bc94aa4d9698947a927b48e37529

                                                                                                SHA256

                                                                                                c243b270332419c9dfc97fc82751c8eb019a80d23d5956a4bc03a914de6db6ab

                                                                                                SHA512

                                                                                                e7ee50afd519517d26c75a3209ba7e4d6404c3685e8ed7c33f89e2894bc63c4395a5a58bc9f309c13b32809c6a8f7b0f65a0022c61a0fed6fd24ed07f2e0d5cc

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Roaming\A6938\8303.693
                                                                                                Filesize

                                                                                                600B

                                                                                                MD5

                                                                                                9ef093c76f7e8a9e2edc6e29afca2948

                                                                                                SHA1

                                                                                                867b4fe68959811bdd2d40d1f0a500bbcaf5d1d5

                                                                                                SHA256

                                                                                                594c0992e42ed73de749829b8e7f7f1abae816221ad04c0c211476302f2b6549

                                                                                                SHA512

                                                                                                a58b097e665bcd2777be04a72e7b895b05687d545299ad75ac58a69bd00320f508d0e7ff497ac1583df6e3ffab14f730076045fd36802dbc5b61917572aecfee

                                                                                                Download Submit

                                                                                              • C:\Users\Admin\AppData\Roaming\A6938\8303.693
                                                                                                Filesize

                                                                                                1KB

                                                                                                MD5

                                                                                                167b565bc92640dda375e4c67dfa50a7

                                                                                                SHA1

                                                                                                7f95fc3485891593e12f268fa2f58c0038d80985

                                                                                                SHA256

                                                                                                9e6b85f536538c5d59c5e62768cd17cc7d3eca765efb1d82abc4f73cdca9f8ee

                                                                                                SHA512

                                                                                                c12c8ad03b4f27d5177d7e74d68cd2ba383d10df94aca5768fa4cb4ce5d13d8a79093aa88101b92a221d8981f22e4d8e2fb6cdd56cb432031c9bc82ec66cee4a

                                                                                                Download Submit

                                                                                              • memory/888-1519-0x0000000004DA0000-0x0000000004DA1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/1580-123-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                Filesize

                                                                                                428KB

                                                                                                Download

                                                                                              • memory/1580-1631-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                Filesize

                                                                                                428KB

                                                                                                Download

                                                                                              • memory/1580-13-0x0000000000400000-0x0000000000468000-memory.dmp

                                                                                                Filesize

                                                                                                416KB

                                                                                                Download

                                                                                              • memory/1580-2-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                Filesize

                                                                                                428KB

                                                                                                Download

                                                                                              • memory/1580-775-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                Filesize

                                                                                                428KB

                                                                                                Download

                                                                                              • memory/1580-11-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                Filesize

                                                                                                428KB

                                                                                                Download

                                                                                              • memory/1580-1-0x0000000000400000-0x0000000000468000-memory.dmp

                                                                                                Filesize

                                                                                                416KB

                                                                                                Download

                                                                                              • memory/1632-1074-0x0000024F36F20000-0x0000024F37020000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/1632-1078-0x0000024F38070000-0x0000024F38090000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1632-1100-0x0000024F38440000-0x0000024F38460000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1632-1088-0x0000024F38030000-0x0000024F38050000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1636-798-0x0000022BCD940000-0x0000022BCD960000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1636-811-0x0000022BCDD50000-0x0000022BCDD70000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1636-785-0x0000022BCD980000-0x0000022BCD9A0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/1744-1810-0x0000000004AB0000-0x0000000004AB1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/1796-463-0x0000000004900000-0x0000000004901000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/2192-349-0x000001D513030000-0x000001D513050000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2192-333-0x000001D512C20000-0x000001D512C40000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2192-313-0x000001D511D00000-0x000001D511E00000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/2192-314-0x000001D511D00000-0x000001D511E00000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/2192-318-0x000001D512C60000-0x000001D512C80000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/2960-15-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                Filesize

                                                                                                428KB

                                                                                                Download

                                                                                              • memory/2960-14-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                Filesize

                                                                                                428KB

                                                                                                Download

                                                                                              • memory/3280-125-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                Filesize

                                                                                                428KB

                                                                                                Download

                                                                                              • memory/3292-1664-0x00000000044D0000-0x00000000044D1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/3300-1381-0x000001BD3FD60000-0x000001BD3FD80000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/3300-1403-0x000001BD40120000-0x000001BD40140000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/3300-1392-0x000001BD3FD20000-0x000001BD3FD40000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/3424-743-0x0000000000400000-0x000000000041C000-memory.dmp

                                                                                                Filesize

                                                                                                112KB

                                                                                                Download

                                                                                              • memory/3472-622-0x00000000029B0000-0x00000000029B1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/3824-1219-0x0000000004280000-0x0000000004281000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4028-961-0x0000021CB1980000-0x0000021CB19A0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4028-960-0x0000021CB1570000-0x0000021CB1590000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4028-930-0x0000021CB15B0000-0x0000021CB15D0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4036-1373-0x00000000041C0000-0x00000000041C1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4072-1521-0x0000018F5F460000-0x0000018F5F560000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4072-1522-0x0000018F5F460000-0x0000018F5F560000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4072-1537-0x0000019761490000-0x00000197614B0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4072-1556-0x00000197618A0000-0x00000197618C0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4072-1520-0x0000018F5F460000-0x0000018F5F560000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4072-1525-0x00000197614D0000-0x00000197614F0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4164-1226-0x000001F7832E0000-0x000001F783300000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4164-1250-0x000001F7838C0000-0x000001F7838E0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4164-1238-0x000001F7832A0000-0x000001F7832C0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4164-1221-0x000001F782300000-0x000001F782400000-memory.dmp

                                                                                                Filesize

                                                                                                1024KB

                                                                                                Download

                                                                                              • memory/4212-482-0x000001D367B30000-0x000001D367B50000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4212-471-0x000001D367B70000-0x000001D367B90000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4212-494-0x000001D367F40000-0x000001D367F60000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4308-1818-0x00000173CE4D0000-0x00000173CE4F0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/4316-1071-0x00000000029F0000-0x00000000029F1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4472-777-0x0000000004DB0000-0x0000000004DB1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4568-311-0x0000000004910000-0x0000000004911000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/4676-922-0x00000000046E0000-0x00000000046E1000-memory.dmp

                                                                                                Filesize

                                                                                                4KB

                                                                                                Download

                                                                                              • memory/5024-655-0x00000189755D0000-0x00000189755F0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5024-641-0x0000018974FC0000-0x0000018974FE0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5024-629-0x0000018975200000-0x0000018975220000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5104-1672-0x0000029EF42A0000-0x0000029EF42C0000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5104-1684-0x0000029EF4260000-0x0000029EF4280000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download

                                                                                              • memory/5104-1703-0x0000029EF4670000-0x0000029EF4690000-memory.dmp

                                                                                                Filesize

                                                                                                128KB

                                                                                                Download