Overview

overview

10

Static

static

3

JaffaCakes...fa.exe

windows7-x64

10

JaffaCakes...fa.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    64s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-01-2025 20:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_b3e230b5f5df4053a471bdf1b87acefa.exe

  • Size

    280KB

  • MD5

    b3e230b5f5df4053a471bdf1b87acefa

  • SHA1

    e669ef7d4eb7f0f232f7a75e6898698c75e2a037

  • SHA256

    6b143fa3e7bfd6eebd6e5fb1b68437d362f17086c47e9f764319d27eb7f962b4

  • SHA512

    235f484546454fb9c982c6c41f89202d27f264dbc17d0da0c37a83aeebe12a202318ad7bbf1a6181ef896e13cb7f70391cb3b0daa20600755eed04497c6969b3

  • SSDEEP

    6144:hbesPGOHP4+MnCqHgqX/xRLteU5N29l1JAueHzLv:xeaG6PqCqAqX/hdIXkHn

Score
10/10
cycbotbackdoorcredential_accessdiscoveryevasionpersistenceratspywarestealerupx

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

    backdoorratcycbot
  • Cycbot family
    cycbot
  • Detects Cycbot payload 7 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 8 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 16 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b3e230b5f5df4053a471bdf1b87acefa.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b3e230b5f5df4053a471bdf1b87acefa.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1888
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b3e230b5f5df4053a471bdf1b87acefa.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b3e230b5f5df4053a471bdf1b87acefa.exe startC:\Users\Admin\AppData\Roaming\992AF\DC43D.exe%C:\Users\Admin\AppData\Roaming\992AF
      2⤵
        PID:4840
      • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b3e230b5f5df4053a471bdf1b87acefa.exe
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b3e230b5f5df4053a471bdf1b87acefa.exe startC:\Program Files (x86)\AF79A\lvvm.exe%C:\Program Files (x86)\AF79A
        2⤵
          PID:2384
        • C:\Program Files (x86)\LP\3D79\297C.tmp
          "C:\Program Files (x86)\LP\3D79\297C.tmp"
          2⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4072
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1860
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4444
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1136
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4392
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3752
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4580
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SendNotifyMessage
        PID:4644
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5052
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2744
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:5040
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3524
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:5060
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:4868
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4716
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3856
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        PID:3792
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4444
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4836
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        PID:3712
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5060
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2596
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:4744
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2636
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4248
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4616
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4796
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4100
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:4928
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:5100
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:5112
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:232
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:960
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:4664
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4612
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:3156
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2480
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:4420
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4584
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:4652
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:2836
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4196
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:3920
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2280
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:3280
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:4040
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:2540
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:364
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:4852
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:3156
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:2636
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:1412
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:436
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:2652
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:1732
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:2680
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4712
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4524
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:1760
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:1536
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:4844
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:1944
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3036
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:5096
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:1552
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:2188
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4944
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4472
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:2324
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3540
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:4536
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:4288
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:2272
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:4964
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:3976
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:3064
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:1296

                                                                                                              Network

                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                              Reconnaissance

                                                                                                              Resource Development

                                                                                                              Initial Access

                                                                                                              Execution

                                                                                                              Persistence

                                                                                                              Boot or Logon Autostart Execution

                                                                                                              2
                                                                                                              T1547

                                                                                                              Active Setup

                                                                                                              1
                                                                                                              T1547.014

                                                                                                              Registry Run Keys / Startup Folder

                                                                                                              1
                                                                                                              T1547.001

                                                                                                              Create or Modify System Process

                                                                                                              1
                                                                                                              T1543

                                                                                                              Windows Service

                                                                                                              1
                                                                                                              T1543.003

                                                                                                              Privilege Escalation

                                                                                                              Boot or Logon Autostart Execution

                                                                                                              2
                                                                                                              T1547

                                                                                                              Active Setup

                                                                                                              1
                                                                                                              T1547.014

                                                                                                              Registry Run Keys / Startup Folder

                                                                                                              1
                                                                                                              T1547.001

                                                                                                              Create or Modify System Process

                                                                                                              1
                                                                                                              T1543

                                                                                                              Windows Service

                                                                                                              1
                                                                                                              T1543.003

                                                                                                              Defense Evasion

                                                                                                              Modify Registry

                                                                                                              5
                                                                                                              T1112

                                                                                                              Credential Access

                                                                                                              Credentials from Password Stores

                                                                                                              1
                                                                                                              T1555

                                                                                                              Credentials from Web Browsers

                                                                                                              1
                                                                                                              T1555.003

                                                                                                              Unsecured Credentials

                                                                                                              3
                                                                                                              T1552

                                                                                                              Credentials In Files

                                                                                                              3
                                                                                                              T1552.001

                                                                                                              Discovery

                                                                                                              Peripheral Device Discovery

                                                                                                              2
                                                                                                              T1120

                                                                                                              Query Registry

                                                                                                              4
                                                                                                              T1012

                                                                                                              System Information Discovery

                                                                                                              2
                                                                                                              T1082

                                                                                                              System Location Discovery

                                                                                                              1
                                                                                                              T1614

                                                                                                              System Language Discovery

                                                                                                              1
                                                                                                              T1614.001

                                                                                                              Lateral Movement

                                                                                                              Collection

                                                                                                              Data from Local System

                                                                                                              2
                                                                                                              T1005

                                                                                                              Command and Control

                                                                                                              Exfiltration

                                                                                                              Impact

                                                                                                              Replay Monitor

                                                                                                              Loading Replay Monitor...

                                                                                                              Downloads

                                                                                                              • C:\Program Files (x86)\LP\3D79\297C.tmp
                                                                                                                Filesize

                                                                                                                98KB

                                                                                                                MD5

                                                                                                                5ad4e0d1099336a19a34ebf0658dfb76

                                                                                                                SHA1

                                                                                                                c567c7243f7f16806eb38af8674793105e67f3e9

                                                                                                                SHA256

                                                                                                                30d2a521700257c622212a873c0fac952f8608ba1872035a9b161aa3dd0d75dc

                                                                                                                SHA512

                                                                                                                3ea70f7cc12c15db893967e0569a31309a9cb0c0887b9af97b141268f9bdb610ffb94b342a5abd0750ef129da50ba67e21094eb550ca91a9cdb79936299d2183

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                Filesize

                                                                                                                471B

                                                                                                                MD5

                                                                                                                c01e07f7e6f2bc5c88a8299eeaced5d6

                                                                                                                SHA1

                                                                                                                6ca90ef25608d2047ad49bdd0cf64a4d31540580

                                                                                                                SHA256

                                                                                                                ded826dcf94f462bd7407f3db45687dcbb3e413fab40fb583ea036c2e4f985a8

                                                                                                                SHA512

                                                                                                                01f5dd7ad2bbc61104794360d8b319eea515a6bde4e531b59a5e9ad7a158f781d469a3d540379f3f122a3f2658b5ce4e2d153d32e23be64a3ce899d94f4fe0f0

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                Filesize

                                                                                                                412B

                                                                                                                MD5

                                                                                                                e5d40346a2806542161f6912fd6a7716

                                                                                                                SHA1

                                                                                                                0ffa7120cf9b202b949d593d4b0c0c25c8671e2a

                                                                                                                SHA256

                                                                                                                63537a39b8b680f02751663ce70bfa8e5a29fc579955258d3366fdc36ccc65d4

                                                                                                                SHA512

                                                                                                                39b7f6d3484c8fce8c0d125f3ff37f0c98919a665cd27387888e802d5c0090cb85865482ea938f4779e659fb8bb28d1064f26bc00dfbcf20ccf865f564813285

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                ca401c23166fa717828b927b56d560f8

                                                                                                                SHA1

                                                                                                                b442c33e8575eac21dd44a548a7338b8f7f5decd

                                                                                                                SHA256

                                                                                                                29d7fea97e60ed04bb7c9ac2481f3e3db9df76831baa36d8672c695e96e4b69d

                                                                                                                SHA512

                                                                                                                c2a23cbc2aacaf304a3485c67b29996e7e401801aa8ba4800619834139aa6fca138ee07f48ea895069a628a58fef0ec2f3e4ed9e66a61c1388bdd6a85ad5738a

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1QK7O5FT\microsoft.windows[1].xml
                                                                                                                Filesize

                                                                                                                97B

                                                                                                                MD5

                                                                                                                d999f65105ba511b9a85c92595366aa5

                                                                                                                SHA1

                                                                                                                acd1800ccb77d1ed5bf43fd29c05fbcdd9d14adb

                                                                                                                SHA256

                                                                                                                626774fae7cf7de253841c4d2244fa2a50cc4a5abf5cb2d2006afd836412ba5a

                                                                                                                SHA512

                                                                                                                c793a44c17918e30348fe2b836bfbcf0edacb4f76b99f6dc6a67d8047cfbd2079645a853500e9520b202883f8cce2433690406edf47b08cf334272df6c4c60f9

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Roaming\992AF\F79A.92A
                                                                                                                Filesize

                                                                                                                1KB

                                                                                                                MD5

                                                                                                                0dd4de7ebb0889caba2b9a2148930fbe

                                                                                                                SHA1

                                                                                                                4bc2ae07975ced994269436486ac4aeb733d2ea9

                                                                                                                SHA256

                                                                                                                7de3bf61c9dbb4c1884d9138170c70bc353762b1da511a4ed4311e3574d86bf5

                                                                                                                SHA512

                                                                                                                9f58e2d4dc16fc5fa9110e611bc7f0921592d6cf0119479ea75a4fd0762c6ad76223038aa68d2df9bfddb545e7aea96e0495276a1c5ab172cfef0c7948d46a2f

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Roaming\992AF\F79A.92A
                                                                                                                Filesize

                                                                                                                600B

                                                                                                                MD5

                                                                                                                558201e336cc39c484ab82d1ab46d675

                                                                                                                SHA1

                                                                                                                b8c6bdc03e4273eea01143652d505a132af06bc6

                                                                                                                SHA256

                                                                                                                4f6dad78bd261a69f3a3afc94eb17b75cb2f5a5b3555f6d145ca14831afb5b0c

                                                                                                                SHA512

                                                                                                                896c99169aa531957f2e271e379cd519b5571b85b77a89fa3f0f0b0feecafc5b7dae340f2d847ced95eebdfb3c025db00f4d5b133090d69a834462f86b6a6cf9

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Roaming\992AF\F79A.92A
                                                                                                                Filesize

                                                                                                                996B

                                                                                                                MD5

                                                                                                                3cf47ae6cc158613cc12c6b8a137569a

                                                                                                                SHA1

                                                                                                                67c2a29bfe2e74f4b1c6d163c8d9f6e8f0676ba7

                                                                                                                SHA256

                                                                                                                17b89e01ae8b50560dc09a0a8b8a52ce9605ee52b4c6e9bfbfd17b4c601a7a55

                                                                                                                SHA512

                                                                                                                52d2e839569d1e987754eb7a35307cedfc24b207c0c4cddc90d962b2d8921482c31e5d8b877ff712185b0b7ad7233cc38d462fa186cd5cc6ceeadde7415e3d63

                                                                                                                Download Submit

                                                                                                              • memory/1888-82-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                Filesize

                                                                                                                424KB

                                                                                                                Download

                                                                                                              • memory/1888-16-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                Filesize

                                                                                                                424KB

                                                                                                                Download

                                                                                                              • memory/1888-15-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                                                Filesize

                                                                                                                412KB

                                                                                                                Download

                                                                                                              • memory/1888-1-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                                                Filesize

                                                                                                                412KB

                                                                                                                Download

                                                                                                              • memory/1888-2-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                Filesize

                                                                                                                424KB

                                                                                                                Download

                                                                                                              • memory/1888-464-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                Filesize

                                                                                                                424KB

                                                                                                                Download

                                                                                                              • memory/1888-1386-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                Filesize

                                                                                                                424KB

                                                                                                                Download

                                                                                                              • memory/2384-81-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                Filesize

                                                                                                                424KB

                                                                                                                Download

                                                                                                              • memory/2596-950-0x000001BD26500000-0x000001BD26600000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/2596-955-0x000001BD27640000-0x000001BD27660000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/2596-978-0x000001BD27A10000-0x000001BD27A30000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/2596-967-0x000001BD27600000-0x000001BD27620000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/2744-364-0x00000168B2A20000-0x00000168B2A40000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/2744-388-0x00000168B2DF0000-0x00000168B2E10000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/2744-360-0x00000168B1900000-0x00000168B1A00000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/2744-377-0x00000168B27E0000-0x00000168B2800000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/2744-359-0x00000168B1900000-0x00000168B1A00000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3712-948-0x0000000004DB0000-0x0000000004DB1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3792-804-0x0000000004B30000-0x0000000004B31000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3856-652-0x000001B082500000-0x000001B082600000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3856-666-0x000001B0831A0000-0x000001B0831C0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/3856-689-0x000001B0839C0000-0x000001B0839E0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/3856-658-0x000001B0831E0000-0x000001B083200000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4072-170-0x0000000000400000-0x000000000041B000-memory.dmp

                                                                                                                Filesize

                                                                                                                108KB

                                                                                                                Download

                                                                                                              • memory/4100-1249-0x000002165DC00000-0x000002165DD00000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/4100-1254-0x000002165ED40000-0x000002165ED60000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4100-1251-0x000002165DC00000-0x000002165DD00000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/4100-1266-0x000002165ED00000-0x000002165ED20000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4100-1277-0x000002165F110000-0x000002165F130000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4248-1105-0x000001CF5D8E0000-0x000001CF5D900000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4248-1100-0x000001CF5CA00000-0x000001CF5CB00000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/4248-1115-0x000001CF5D8A0000-0x000001CF5D8C0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4248-1126-0x000001CF5DEC0000-0x000001CF5DEE0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4248-1101-0x000001CF5CA00000-0x000001CF5CB00000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/4392-206-0x0000000004260000-0x0000000004261000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/4580-220-0x000001E6031E0000-0x000001E603200000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4580-207-0x000001E602620000-0x000001E602720000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/4580-208-0x000001E602620000-0x000001E602720000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/4580-212-0x000001E603520000-0x000001E603540000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4580-235-0x000001E6038F0000-0x000001E603910000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4616-1247-0x00000000042A0000-0x00000000042A1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/4644-357-0x0000000004660000-0x0000000004661000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/4744-1099-0x0000000004F60000-0x0000000004F61000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/4836-822-0x000001D244820000-0x000001D244840000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4836-834-0x000001D244E40000-0x000001D244E60000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4836-805-0x000001D243900000-0x000001D243A00000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/4836-810-0x000001D244860000-0x000001D244880000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/4840-14-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                Filesize

                                                                                                                424KB

                                                                                                                Download

                                                                                                              • memory/4840-13-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                Filesize

                                                                                                                424KB

                                                                                                                Download

                                                                                                              • memory/4840-12-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                Filesize

                                                                                                                424KB

                                                                                                                Download

                                                                                                              • memory/4868-650-0x0000000002190000-0x0000000002191000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/4928-1393-0x0000000004900000-0x0000000004901000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/5040-501-0x0000000004B60000-0x0000000004B61000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/5060-519-0x0000029883490000-0x00000298834B0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/5060-540-0x00000298838A0000-0x00000298838C0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/5060-509-0x00000298834D0000-0x00000298834F0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download