1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953

Analysis

max time kernel
48s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2023, 21:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
Size

1.7MB
MD5

9338d9137039a527d50f034c5b8b364f
SHA1

561fb03bb58f00cbd73913baabff9e418e23108e
SHA256

1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953
SHA512

9afdda480de87d0f76cde8ebfba6fd9543241ac575fbfd61db472eae7ef91f31cb8236f230cf828cd72a9d01bcd3f2ec963de958110dcba049a1aead9f87fa65
SSDEEP

49152:DqNJtiVbAb6tl3T9Y5UfkVbIU6pTK0L+kWOQ/NaP:+NJMVbAb6t8UQGjWOQ/N

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 14 IoCs

pid	Process
2300	alg.exe
4192	DiagnosticsHub.StandardCollector.Service.exe
3348	fxssvc.exe
4240	elevation_service.exe
724	elevation_service.exe
2932	maintenanceservice.exe
2208	msdtc.exe
628	OSE.EXE
4460	PerceptionSimulationService.exe
3932	perfhost.exe
1228	locator.exe
2060	Process not Found
2620	snmptrap.exe
3780	spectrum.exe

Drops file in System32 directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWow64\perfhost.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\system32\spectrum.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\System32\alg.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\system32\dllhost.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\58c69d8aeac8ca73.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\system32\msiexec.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Windows\system32\locator.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	Process not Found

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4892	jp2launcher.exe
4892	jp2launcher.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2504	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
Token: SeAuditPrivilege	3348	fxssvc.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2504	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
2504	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2504	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
2504	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2504	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
2504	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
4892	jp2launcher.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2232	2504	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe	87
PID 2504 wrote to memory of 2232	2504	1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe	87
PID 2232 wrote to memory of 4892	2232	javaws.exe	88
PID 2232 wrote to memory of 4892	2232	javaws.exe	88

C:\Users\Admin\AppData\Local\Temp\1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe
"C:\Users\Admin\AppData\Local\Temp\1f0a6f5ae387c94bd08fe5e217cf6ef248998f996036a2520497eae3ec901953.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe" -J-Djdk.disableLastUsageTracking=true -SSVBaselineUpdate
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2232
- - C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe
    "C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_66" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNjZcbGliXGRlcGxveS5qYXIALURqYXZhLnNlY3VyaXR5LnBvbGljeT1maWxlOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxsaWJcc2VjdXJpdHlcamF2YXdzLnBvbGljeQAtRHRydXN0UHJveHk9dHJ1ZQAtWHZlcmlmeTpyZW1vdGUALURqbmxweC5ob21lPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxsaWJcamF2YXdzLmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfNjZcbGliXGRlcGxveS5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzY2XGxpYlxwbHVnaW4uamFyAC1EamRrLmRpc2FibGVMYXN0VXNhZ2VUcmFja2luZz10cnVlAC1Eam5scHguanZtPUM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF82NlxiaW5camF2YXcuZXhlAC1Eam5scHgudm1hcmdzPUxVUnFaR3N1WkdsellXSnNaVXhoYzNSVmMyRm5aVlJ5WVdOcmFXNW5QWFJ5ZFdVQQ== -ma LVNTVkJhc2VsaW5lVXBkYXRlAC1ub3RXZWJKYXZh
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4892

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:2300

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:4192

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1768

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3348

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:724

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2932

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2208

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:628

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4460

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3932

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1228

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
PID:2060

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2620

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
PID:3780

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
PID:2836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4144

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
PID:3796

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
PID:4532

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
PID:4676

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5064

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
PID:3636

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2736

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:2552
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:3252
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
  2⤵
  PID:1064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
71e9166d135216ea57e7bb38dc320322

SHA1
6b62c1cfea40a7b8edddbfa32ec7c227b10e3b98

SHA256
5fd43cedd4de3b0081b358d13fdaf8604c152127dad6d42b04c868061f6cacc1

SHA512
10457bb955b89d7596a7ae882a4688dabfb86a40daf2207199e47b5f002f2bebd04591a6728741bf1526f3677bfeb24f1ae37ff997c65ca820b52ee30d5bc432

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.6MB

MD5
80a8adc89805bef8f3e29a936f08501d

SHA1
ad05066b42977f4649c09807c71324a79193a099

SHA256
4cfbd008b47d3732ee0d58ee1445aab49628782b63bbe14f6b9f1dcee2e47a22

SHA512
66521277031de838902e35b2ff934d860dcb3fcdcbd0547aa5545fc07d341f0ffd54071ca0bbb8ed9d8d732e0cf8fc3f25a14403d73c5ad5ff883f79c83c4e61

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.7MB

MD5
7970823d35fedabf6d0c9fc81b9fc382

SHA1
8851ec064faade78bb3bc900fc531829df44096f

SHA256
570e39220a1ced62dd7c156ac6f1e5913f140b3b5f93a36bb704d09e539cfcaf

SHA512
448f84290e7223a094bfb2f4eebb9744eb1927deda012c12c0a3d73934a3fd8bb12bc369e18afe09a3c184c2569090eaeb9ebfef9e6b499c2cf8257a0dd72a26

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
d930e2fec5f102d47a3470b3149c521f

SHA1
aae378210940db9ce642be59523bb73033f6f22f

SHA256
08914a5c86a7bcf90dbc44683ff91cf67933000126feaf914da06f46175024c4

SHA512
a864eb8d09fbfa20aae1cb724c2fc7e395f4c2dae95a31c25a707e9f9a941057baa33f288e5355372df9070637e172d1575193b26d088974af5fc9045819bd28

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
698B

MD5
98d0551ecdbd471d2b232495fbca9dea

SHA1
708cd5c1f98c35c21b68e850936a06c847e6187a

SHA256
665ee894e194d56ffb1e958f32ffed14d75b0fb6e812826e9b7f49703fe154e4

SHA512
b66a8e55455b9af381e162482f20a8c77d350a8dba62c97d4c567db6072baef2760b91e9115ab109c5913c3c36d52cfb3637f8488215f4db8fa004375ed9990d

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
267KB

MD5
ee29e8cc7df153b92922599ae3f95ec5

SHA1
fbe69d7b307532581edadf498b4e7adafe98b860

SHA256
47ad597b2457846d436c66439809a0e28648334321274979f9af38b023baee7a

SHA512
bb08f0c29db07100af97fa44bdec07544f2dc2cca1dc348f658057d1005911ee0a4074e7db1b8462153b85fa8c8fb6cdd6a6ff5083a62647903ced5cccaf4fa1

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.4MB

MD5
4c38eb07c72c08b9897677d981c6f37a

SHA1
59e9d28417bef7a7cfc145a265ac52fe21b9cb38

SHA256
1c181cf24d542f40937ed6315f23a8acedbb35708ce043c79bffd8853110aea2

SHA512
17eb07f17187eaf03bda80233b84a2894ef2fbc6c74f1f055b10114c22d44e735c019803fe4ed4d85b479f9a8c0b9c961a623e68f38a9fb3d40da5112dc0f819

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
0763043db03f4325f19435259ed89d62

SHA1
ebd55d4b6ba0721877df6cc52b84c69b4e6f9041

SHA256
1506743500e2d95e4d0c921a32a82f0a8850ba1c881d9f3258870b37e0e5277e

SHA512
6f8c75254106d8927715735fe914aa4c90770e0bae20786ebb921e5c56fc952997c7564967092df26b9acba79d41895be468c555c0071dccfc30460e06557625

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.5MB

MD5
54d1b7532ebe876943343538f6101c46

SHA1
17bda23a88f3a587cf3409db0e55f85c7cac78e9

SHA256
2ebb3331d23bf97b51f513240de78c73d38ed58784838cca7bedff74315ca59d

SHA512
e2d9b27ccac39bd7e0dac43ba9bdbc3324e034b8554da45047af4d6b38c4f7a0aa68653d5f58e81302dcb87fcaf606a93b7914726dacefb6e6838c100614b0d1

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
2131f39de9c81944f9b6616c277e941d

SHA1
b82e50fa2ab3e700ce3127bf41fcd8e98e9887ac

SHA256
58172d270680603e479836821b7e7b3945b395388e619c1860068f3011679ea7

SHA512
1759e32920b01fb0d40979fb8e7e41f9f61e31658f89d57030a63c8a0b2d754644afe172ba04a6b40bbc4c9cab927cb0d34f8b7fa34fb773fe0e479e62b7aa41

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.4MB

MD5
a72f9daa0bbfd0fa10a869ebe97e2e50

SHA1
43d69b1609f9b21944e3ef8c36bd402ad7c46432

SHA256
5327e3a859865b439af0c9d81aa165d93a83bf0fcbf0a07d386b449830f1e0f9

SHA512
a28eac36dcde6a1e42063d0d28187939b7b157b1b09e2b3513da0d8e9dada24d4e984e5697bb486df5c1baa1783c21fa92229e0e83d6e05cf3eeea506faae3f7

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.8MB

MD5
1ac09e0c84f7537e65a8e5896d8acd66

SHA1
cc3cc78221efbf7557d85201e7f062ea976b792f

SHA256
80a035cbf2999fde92f581ae014c1f7841f8cf4ea60e8efebd1ef6bc605a6dab

SHA512
355c6eb58200674c69907a8f625003fd3f8798c65e85701d13e4e1107dfcf93743efced49ab48e67002ae0cecafee12c4e9c91129f18b5d5a3d472f1395fd2a9

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.8MB

MD5
1ac09e0c84f7537e65a8e5896d8acd66

SHA1
cc3cc78221efbf7557d85201e7f062ea976b792f

SHA256
80a035cbf2999fde92f581ae014c1f7841f8cf4ea60e8efebd1ef6bc605a6dab

SHA512
355c6eb58200674c69907a8f625003fd3f8798c65e85701d13e4e1107dfcf93743efced49ab48e67002ae0cecafee12c4e9c91129f18b5d5a3d472f1395fd2a9

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.5MB

MD5
d22accb1a507373f111ed9d2104962d1

SHA1
21e19766a6880d6dc7702e14a6a84d35e188cdc8

SHA256
1c0cde7c88d4dffe81d8109c18484b837f3a58aa3a998eadb45bbf5c413421cd

SHA512
d64ad58efb1891c4a28a75b7219efd8429309b91a65b40dcb0897d774133984ffc3458ce1e2ef4c5bafc235266e18966bb8bc3ea4387bcc52f11d6820c65eabe

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
ae1d4dfcfdcbc07e7fa6b2883960ce2d

SHA1
094690e62f54f47025047a94027bbd472b34cb22

SHA256
bd489f84fda34218d4285a5869b7f011aaf12bdc54a172220a6f494bc729fc65

SHA512
7b669e987ef841a3939978ff66de1b15973bc7390fefcd22e5c79f5f9042ccdb7a209d131925dca139359637fb86ba877060dabfa9fd732b297f50106d362152

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
85ccbddef7ff180ef62c2bdffeb14b02

SHA1
1ee72e7409e1dd4254e1d071504e22f8e373d8f5

SHA256
f0c026108e0e9a036e1638a16629f6fec345e3a19b1216e1741e9d3a4a8e633e

SHA512
2fcbcd70cbcc7b517129230a2a78eed3489c4f564805a135b09d63ae1dcb2741af28a9e024257b3b961e503477fdaed6d98e32a3c8fc1de039711e0400dbb829

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
6e0dcdb0ef5cb48f3545dd1bc7978023

SHA1
4eebd02830f97c9576bc0b500e539502ded292aa

SHA256
39b043338f2ff4e273fe085274dde1abbc9065d40485ada98377652324e9e844

SHA512
a4e1c28c251569caa1367136f4f60d634e78ec42821a63f8e4be7d14caa741c76673fb4938c5b9d06250f1ba95fb600699c26c6ad3f8f66172a968d8ed97dc35

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.7MB

MD5
b60e55477b837a4bd634883b71dec0e7

SHA1
0a906e0b5d09fb29f934f3d67a4ab114eb8274bf

SHA256
085c8a90e1f40b5a43e1b25158f3b4ae39480e4955db145b6d455dfbaad037df

SHA512
17115aa0a35366e6d2e1a4562a8a2c8fd97b9caea5c2bb4cd357854bede2853f21bce7b71667923bf64fcf9857a11a37fb54d024a95dc72950885677c1e80d4a

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
8fa2b359803eaf66f96888a75b0dc4ed

SHA1
827056f3ff934ce532af693a9cf77b2e363d2732

SHA256
f8018d757d8721897598ecf464d0d2701e3e16ad67ffcb45ab3825b09c375bf4

SHA512
ce07de4ce2ac550bf08d08bb5c64aeab4d31198a942fdf74629cc45c6b427b539f71088b4ec826680c2f40b25024e0918ae7e9514d25f9e8e42161d92e4d8669

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.5MB

MD5
c77ec422163426cb6cfcfa9fdd33c9ee

SHA1
606454f3d34a50df5cbcb1be8e64bcd05c52a608

SHA256
ded9c89cd5066a71f9708c0712a7482561a75ab5d2939b973f8e5b1989e24f61

SHA512
27ce2045838384a652e7f588f1a5d972b5db4f5e33521b8d42598a47796e7fb78b1c79a284427b29c7d3249877e9802cb545396b7ad0097ca56872ce3cbcb09b

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.6MB

MD5
7ec42d825faaf06895bfa5932bf9c0f8

SHA1
b7341ad559ab658cd4dd71ad2262822ebdc351ae

SHA256
189a7511452e83e5fef42e8605f1c24dd74a2d67d3f7f48b7e706db484a68b8d

SHA512
b4ac615b713377a15d276f9402836ac90ff14435f1f376d7d77cc6b13a171dd4173b81bfcd87ad7c44310e860d4c2e43959eac50508c35e5bf9ad77a0b1daef0

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.4MB

MD5
c31984aca1a7a8d26e15579d2a03eef7

SHA1
472dd27b43c1317a2b42f5838bc00fd8ede6c7b7

SHA256
b8ab7d9d69ce001ea2372ab2e9dfc4ef866291fc958c317c7e41dcab6664a6d6

SHA512
1ecb05a8a09c607634a18b6c087f44be1f3e8db08432aea41d2aa4bcf31ebe40afe166149a24c6f63952747252f3449ce41fdf23ac347ca90a325b6ab38e536e

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
678b2a52f0f29c6b43bc2745dbc55cc8

SHA1
fe8466f855078266099a12c1382adeb0cd066b21

SHA256
dfdf8304e0c70722be4d8c9920624624f9d68c57cfce4c259888e5de131eb57d

SHA512
165aa72ba83aa7bf20fc411e9250f0704cdbba36a09755503251dda3810b0df37d46d55dd00fa6e23665ecfb7627801ea5fc95862062145b5b39bccf93b0266c

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.6MB

MD5
f629664df39c02af472f01bcfb77d9ab

SHA1
6115c6e9d3baf53b9ddf3f5c6aa7f33c2e2a39ce

SHA256
b977f3b51a57796507e226761574827882a36f5f3834e6072e20d22ba8888421

SHA512
3895e3a4b4c8ffd77311f4dee02f6a1d52054222e6331a0e4ba025a3ff65bbb3e6079fb9230c7b39d4b0f3fb835b37a0a578652e8c4cf5c851671f43dd2a8a0d

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
f13d003d42bb0529580e8e014c90c19e

SHA1
0ee2ec64c365ca38982e1f93cb85483f1f05c4a1

SHA256
f8e33863cfa68365c778d87d4a2cca832d27bbdff32e3087aa0ba5348fa57017

SHA512
acf756e58610f9002b923838b25bcbda64410ca94d09a5102c2aa8d595013c5dce86e161fbb63eb5ed2d8c4fa3ed8705cfc02ba183e49ffb817d4c3a8f886afe

Download Submit
memory/628-513-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/628-345-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/628-364-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/628-354-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/724-101-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/724-91-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/724-84-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/724-409-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1228-430-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/1228-655-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/2060-481-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2060-451-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2208-458-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2208-333-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2300-335-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/2300-20-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/2504-6-0x0000000002420000-0x0000000002487000-memory.dmp

Filesize
412KB

Download
memory/2504-1-0x0000000002420000-0x0000000002487000-memory.dmp

Filesize
412KB

Download
memory/2504-7-0x0000000002420000-0x0000000002487000-memory.dmp

Filesize
412KB

Download
memory/2504-320-0x0000000000400000-0x00000000005AC000-memory.dmp

Filesize
1.7MB

Download
memory/2504-0-0x0000000000400000-0x00000000005AC000-memory.dmp

Filesize
1.7MB

Download
memory/2552-524-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/2620-445-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/2736-521-0x0000000140000000-0x00000001401A6000-memory.dmp

Filesize
1.6MB

Download
memory/2836-509-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2836-519-0x0000000140000000-0x00000001401E2000-memory.dmp

Filesize
1.9MB

Download
memory/2932-294-0x0000000140000000-0x00000001401AA000-memory.dmp

Filesize
1.7MB

Download
memory/2932-325-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2932-319-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2932-328-0x0000000140000000-0x00000001401AA000-memory.dmp

Filesize
1.7MB

Download
memory/2932-290-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3348-76-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3636-517-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/3780-643-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3780-452-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/3780-447-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3796-515-0x0000000140000000-0x00000001401C2000-memory.dmp

Filesize
1.8MB

Download
memory/3932-413-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/3932-423-0x00000000006E0000-0x0000000000747000-memory.dmp

Filesize
412KB

Download
memory/3932-630-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/4192-349-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/4192-39-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/4192-40-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/4192-33-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/4192-32-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/4240-68-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/4240-387-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4240-74-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/4240-77-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4460-398-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/4460-582-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/4460-378-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/4460-390-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/4532-494-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4676-510-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4892-506-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/4892-382-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/4892-501-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

Filesize
64KB

Download
memory/4892-505-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/4892-348-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/4892-469-0x0000000004CE0000-0x0000000005CE0000-memory.dmp

Filesize
16.0MB

Download
memory/4892-499-0x0000000004F90000-0x0000000004FA0000-memory.dmp

Filesize
64KB

Download
memory/4892-503-0x0000000004CE0000-0x0000000005CE0000-memory.dmp

Filesize
16.0MB

Download
memory/4892-497-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/4892-352-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/4892-63-0x0000000004CE0000-0x0000000005CE0000-memory.dmp

Filesize
16.0MB

Download
memory/4892-676-0x0000000004CE0000-0x0000000005CE0000-memory.dmp

Filesize
16.0MB

Download
memory/4892-438-0x0000000004CE0000-0x0000000005CE0000-memory.dmp

Filesize
16.0MB

Download
memory/4892-355-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/4892-372-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/4892-316-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/4892-502-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/4892-343-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/4892-384-0x0000000004CE0000-0x0000000005CE0000-memory.dmp

Filesize
16.0MB

Download
memory/4892-332-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/4892-330-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/5064-512-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download