d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2023, 00:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
Size

1.8MB
MD5

b67835eed01783f915cfc8fa5431d303
SHA1

8cd19c214afd581ed1aceb861feb60ae96ed7050
SHA256

d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054
SHA512

21beecb4b1f45d8fd50ecd703282fa97a5b00ecef27410af9ee4a43be518f337f23ac7612f78b3b48022061b04876f0c73fefd761dffede5c727491adea9caa8
SSDEEP

49152:XKJ0WR7AFPyyiSruXKpk3WFDL9zxnSMgDUYmvFur31yAipQCtXxc0H:XKlBAFPydSS6W6X9ln8U7dG1yfpVBlH

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 13 IoCs

pid	Process
1364	alg.exe
4272	DiagnosticsHub.StandardCollector.Service.exe
4044	fxssvc.exe
4416	elevation_service.exe
1316	elevation_service.exe
1720	maintenanceservice.exe
4020	msdtc.exe
1628	OSE.EXE
5084	PerceptionSimulationService.exe
1488	perfhost.exe
888	locator.exe
4756	SensorDataService.exe
2284	snmptrap.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\dllhost.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\system32\locator.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\system32\msiexec.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\54b68439cae432ce.bin	alg.exe
File opened for modification	C:\Windows\System32\msdtc.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF09A.tmp\goopdateres_ml.dll	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF09A.tmp\psuser.dll	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF09A.tmp\goopdateres_en.dll	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF09A.tmp\goopdateres_bg.dll	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF09A.tmp\GoogleUpdateSetup.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_125046\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_125046\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF09A.tmp\goopdate.dll	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF09A.tmp\goopdateres_ms.dll	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF09A.tmp\goopdateres_sk.dll	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4272	DiagnosticsHub.StandardCollector.Service.exe
4272	DiagnosticsHub.StandardCollector.Service.exe
4272	DiagnosticsHub.StandardCollector.Service.exe
4272	DiagnosticsHub.StandardCollector.Service.exe
4272	DiagnosticsHub.StandardCollector.Service.exe
4272	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
680	Process not Found
680	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4520	d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
Token: SeAuditPrivilege	4044	fxssvc.exe
Token: SeDebugPrivilege	1364	alg.exe
Token: SeDebugPrivilege	1364	alg.exe
Token: SeDebugPrivilege	1364	alg.exe
Token: SeDebugPrivilege	4272	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe
"C:\Users\Admin\AppData\Local\Temp\d4b92f6b8ae1bdb75c78ad56d6113c1984fde53546a6834606c755c38f537054.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4520

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1364

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4272

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2292

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4044

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1316

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1720

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4020

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1628

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:5084

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:1488

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:888

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4756

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
d0acc2eabac6edec68deb7cff1ead4d0

SHA1
86130dee0384cf77d818c70be46bf82904223535

SHA256
f991a5a47d565da3168a8e683d19ba7bbcc868be68b6c4cb3450e6d50e4e609b

SHA512
fb33dc995f8c107e6d1fca9dac20803eb369c5fb9391e9bb66fdc86c5690967f3514a65a9f4e9757e42c8cbe13c4518149707faa8940dbe56160dc04a714dc69

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.6MB

MD5
ba0ba9c08b1c94b345b743f481798ec1

SHA1
3fad879c8386efef1ec530f82d9539e30dbbbbdd

SHA256
67080666840f952881979216612307c919b712a86f0f4c621cc2f999ddaafa85

SHA512
fbf842109f03f3f491710a314552764e0d66340c66171784e0bcf149a877b31d9907cfecd8c9a408a058eec93262f992204b898fd5428652f9a4d6be696c2360

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.6MB

MD5
ba0ba9c08b1c94b345b743f481798ec1

SHA1
3fad879c8386efef1ec530f82d9539e30dbbbbdd

SHA256
67080666840f952881979216612307c919b712a86f0f4c621cc2f999ddaafa85

SHA512
fbf842109f03f3f491710a314552764e0d66340c66171784e0bcf149a877b31d9907cfecd8c9a408a058eec93262f992204b898fd5428652f9a4d6be696c2360

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.9MB

MD5
3e745b012d06941f5ee32a965ebd0fc9

SHA1
636c13f74d4227afa6abe96b1b33a51e96adb401

SHA256
2fbdd9e72836f6df2af9c4d188a17a7c7fa8cb2f2d278655cfcb717e2bb977ec

SHA512
0d264f30cbc48414986aaecd3ba45c82e880e71b55249ad27f600cbc9410dc6077bd4bb1344109bd2ac158e86cdb1a1352a89a3bef31f7f071af0ea1137a541d

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.4MB

MD5
c091fdbd10c9e4a5d810d3c0bd5d611f

SHA1
1b952932f5e4eea398cd27607529ded40d9c6f43

SHA256
62c410f49b87d247f37b5d7c9e1ca6d0ecae7129130cd7c5e4a6952a57aeef73

SHA512
8e9a4814d74cbb8c73fc400af74175f3d9f7e10e9a366bb6330153ab09006c1c32de9da4a7fda579187279038c9e76190d6c738591de7b1f29844e1cd099982c

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.1MB

MD5
60c15787eb8d31d7672119aa419763d0

SHA1
0269b557833b411f1e2fc3bcb01fd923fceba380

SHA256
ed757af0c9db2957cc8ca49988bd25a09e139c01e5be6cf1ac70d92bbe652eb1

SHA512
5176be49de207557304ef5d582da27a85157f229b6179a75f8e173501b2f1c067c8d8a24006239e6ca9bb3d8a74f1f72697a0a8ef11df2ee54aa83a8ae37e696

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.4MB

MD5
185f8b9e0b9b1cc9d9caa9d7b26d265e

SHA1
897f76d2ecdf1ee361c62aa39f9b90a97925863b

SHA256
cf9882644afe01fbc19b7bda12fd0cbb96fa0c9c305436ec2f7df2c10d59f81e

SHA512
de9f6a5039b0373a83f1e6942cf9a8333269e7c2586d4fb41d3552085c81418ef589e17bb3dc51d446a53fa7a8eaf41fd5357ffbc4dc36d67de92054a8aba49d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.7MB

MD5
13ef76d5cb0596da82fef4939d3dc40c

SHA1
a2220543d320ca5202bdc9b52bcd8ee6f99077f7

SHA256
6d4a8e5c7800ac53d62c836cb68929f9a2a8021f33783cb55c5ad0088cf40288

SHA512
eadbad2eff3bb4f259ef74df8972bfdfacb0f207739a54ce1441f73caf6e77499f3e9bc9a8e222c482aa89bf34252ab998aef4fb1355f7c4e8488d7f38df8f70

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
e913e7523f66c7cdf3ea3783ff636a53

SHA1
d55694c00d0ac4f1b4501d884411c3133363c676

SHA256
8fe10b2f4d4f707dc418155831bf817c791dac35592ed0449e701d32926d5c22

SHA512
10f4f0206579b790a7c27deb87ef58c17588b127db8c6f4951eb73dd94bdb4e81795375aeb87ea3a3652e8ea28bac1275e092b00d8687ee0cba91aeacf8d6405

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.8MB

MD5
83430f79b772800fd4b2c24a1fcde6c5

SHA1
07100c2473b406cf4d3a08eb037d4a75cb705591

SHA256
c66a2ad74daad5eaf62b40ac82f5c96b81570804f7c69baa3f08354420fa883a

SHA512
3f20ca16152ee7f2fae3d4492d79eca32416743543dabd5d2567396796bb0fa7a93ee2325b879987d5ebfc506618295b91e2ea036f0f220becb4e1f055f7f84d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
c2fcf983e94a8412cc45cd62d95f84a0

SHA1
cabd089827c9e5fad93c39a45687ba4e5566e939

SHA256
10708733e7e66d1563ed0b13d1105c14236414de7300c5e4960c919bb927d25e

SHA512
361bc6d5b11a5e01822498268dcc14fb312b1a8f694da2c7a8545c9a70ff958a8e8316572d731727169ba2f62067e07ad9225c00a3a44f2612bf01e0b98842e7

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
abd52eaa98106bee98c39fdcfa971f67

SHA1
c6c7b1a2645f8f4462139c6919becfd7bec009da

SHA256
0971f9af7d268e6f4f176e6aa6b7630d810f50d037e843a161ae5d1358e39dd8

SHA512
31d7c0ea39cf4082aec99368114c58e1250e971337fefef36c617bb52c1b7de18f08febf8b57c048fcdc1cb777adbde4feb087759ce19e2c084068df846182ab

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
2587068437e2a291430ffe975285714e

SHA1
e1ef10c2035420fddd707522899904595bad835f

SHA256
a32f9503ec379400180c610f96faf8c683808ce97b1a04f458aa60157e2b06e3

SHA512
823014b9c3bf0b81230a93250815f3977657e62b1f5a07cce0ad916edebb6caa918b9d4e30dd3d5be0f5053ddf28fea17794b84521fa63893899e68c9ec61fb5

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.7MB

MD5
aa857dd120cb71a274b8767778834ce6

SHA1
ad7bda0fdd20d2082ae598de3fe45074a020f686

SHA256
7b4d780c2791173785e01efeaf3180adf5e2741337a9e3a7d8f8dade6cd917b7

SHA512
a4e0cd6f73a14fc910cf7c8a9f9fcfbcfb6d78e265ef18bb4ba554e9a627a3d8a6222dbcf56239aafa198b74f66b4233b67557cb1e759e56fcd693f660bfbdd8

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.5MB

MD5
4ab0f51b7904990ed500588a17f4f880

SHA1
a6cff7c28026512207c737d3f951e7fa01d2cb9b

SHA256
e4313b1ad3a11440bbb62197b23e625f8efb2049cbd291893920bf89b9bffc23

SHA512
707485e039712e6cec39be2d00cd4bb8691735be790aa612e7e8f752486f2b05efe02d1a84f14b1534ab22b085b4dac77b8c5ace0e513fbdf5c83ca25b2c08a4

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
459219d099d2488fc1ae5f71c5c55632

SHA1
92af10cf6c6bcb5edd6dd2b2df5053f7f57c0e64

SHA256
064c8e6c943fac2aaba565da55f8f30ff00134915584365aeebaea1479973164

SHA512
8fd29c8190720f0092fae69607f1e65eb201ccf4132844f6f36b5608d55a42634f95c7b5b58798728aa37a039ad45f4f09af7db3d7c5d59297bf806cf2349bd1

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
627155f82298380561d8f1c497e43559

SHA1
8c60e927f8847fbf1fd73b9b6942e871e57ddb78

SHA256
9019ebb76a3f4e582075c695a357a1de601d2a1e435238ff2d496e22a4ac6625

SHA512
0ed5e4afba6b70dfd5b5181a7451c59e86deb035d98618d88c56581c11b7134e12afb6c2431bfa3c629b7e820ecc3b07f335e9afea559cc66392fe0df7e32604

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
28d0a43d9a0d30557c507ad6ea14b117

SHA1
7b738e3bf6532629134523bb045a6d3e10dc60da

SHA256
0e738c3f7334e55acb2245b7f11dec1512afd299c23b7ea42be5ab76e09281fe

SHA512
dcf1da7afc4e2de61db304e7ae3e6a67843a8d389dd2ff7902f174fb9f8c67672f05bc783f236007876195e2dd0a0dc632489fc22ae75f47dc2dd06506c27996

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
60711ebf38b22ec72c12b4df97998285

SHA1
6f6ce1842f74d193a0de01889c3011817b082ff9

SHA256
a9bcaba4a01de8001632c221841058ca9d934f712d731d5cb54310a1c4ee424a

SHA512
196fde295438a7bb1ba1a6445957c3ac0e6e2a061e4c9eff3f4265908d16abb627a6a99ca9429480fef7e944af1334de836368fc2b40d0c29859cf78ee899363

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
0a346451393c9a2fb490c1babcfbb94d

SHA1
9949386d49a3ffc507aeab87393a198e4be35cc5

SHA256
3ebdd3ce9ae8f89ebc9963c58a11a4c6584ac7fdef8255c209dd920fe1b72d7b

SHA512
cd6ce2de7a446ffe7b7e8bed415c40464935c67ff0917b8e514c33fc1b0c4e7cd9371c2c675ecabebbef9a2d70e0413e5064fe88985fe72248520e41ef43fd32

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
be08dbabb9fd39a44e2b904dc3687938

SHA1
a4ddd696d0f01151d2c135506bedb50680985114

SHA256
bd21cb4b1f6c3ee5fec9c3a88a08c86479d05d797172f502e61935b7a780f1e1

SHA512
df33b4eeaab77519d08a31347e7a95e6dbf911b2ac4418cf98bc9223987a135f1726390d704606743d8ef1cf62dbd2cf849fa998f2c653a5ba012fe9187cdeb0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.4MB

MD5
37be7d6cff46083e6182567f9d5f8c7d

SHA1
7738736d00f5dce619431419349bb91b19637807

SHA256
35024cf0d16e952ce70b18cc76238184d67651e2baa24a2c980d65cfff03df12

SHA512
82ac43803574a7349d12021769907a231992461e1c8a81387831e4f0ada91632e1d7063827fba90a79be6576f25d5e1631337a51948bf8212549b50b814eeabe

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.4MB

MD5
d1118275040369b708ef9c818b128a93

SHA1
ba3766bc488a1557ec3b4b7b7e6ab65d3ebc01f5

SHA256
e87cbcfeac57aa59765373c5c348c45853b7895898578098eb09b12d8088b073

SHA512
bdd0c282bb8b5474e988c677b6a69bd2b75a56ff862f806cbad3693d5714a3f4fb2cdadd5d27f16d713ac10fcf55930296baad29076168cf901497a7e90bcb04

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.4MB

MD5
e3a8485cc866893ccca0233d089e8ec0

SHA1
3db8fa98bd3f30e0f801124250d0ff3ff52296b7

SHA256
d04ee737c16c8915dcff4bd58739e69b019c4c5e3d2b6d5dff3af2759eebc0ef

SHA512
4b1a18be45c10c318e064210dd1b8a8711d3aeb3dbdda438246daba7df4b17b8d7b3f4e2858da451145e137645098111466deb3f3034e01768bfb67925975149

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.5MB

MD5
f6460e84904b09c19b769f44ab77fa63

SHA1
caaca864084302f72212c7618a04ebc624103bbc

SHA256
14499f5d1596b829c5677dd9e0e75bc495015a080f6e209b4fdea0a9ca4a7a1e

SHA512
2bf6eea3bca8a10d3587cd82665ac111d20f8679bba594b2bec3c89dae551aca279c08fef92eb93d64fbd5e02e29254e1c598fb2c2f0d9bec68570c96b2d0605

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.4MB

MD5
413300778c8f9a461a3c85197ef28482

SHA1
36b7bd4c0e1f66d098025100861ac6fb9be9bcb6

SHA256
c5191c312e9362cba52059abe28430bac5704ea364a6e37e0ba4abae2a722c9d

SHA512
89d713d1605b8c48ef2ac315e963c3e321a3a355eb8398e158b0019ba1a4a869d1a32b10c0270d26e22295c0d255e97bdde650bb914dc4e3595b2afdaf2e12fe

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.4MB

MD5
a346d19093f031ce492045353b364cf2

SHA1
a4eb8b8594d7f1ccb9bd5ad0dcf8ab20c53d45ea

SHA256
6b1a1a58a3ab14c7b3264936606813aedd27637d438ec8d5da66aaea5beef8d8

SHA512
3df2e87bc36c2a7c939b770062175ca0a385e3def0aadafba003dc86456906f085d96fc5d628454fe15e6ef76601c88a9f92544e0698b8aac7e9bbc6a7f253df

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.4MB

MD5
43273304864c72d35cc8ca6d7aed9a02

SHA1
5c7a7c026e968bb548eabb3c1f087e66d1812434

SHA256
16cd83025f5bb0231bd7d5e4fc9b72d0b7ecc5bc601d3bcb86a2d5ff79a884f1

SHA512
fb4770b2c100391250d777e1647ec3fde7424add32c60bf922faa582f7fb66c658d0ff855bfcc4ebd4faed1d37cd2dc91c28bc9ed638334f2d3893e932c584e4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.7MB

MD5
865f865c933534b8e2d965931b9d6622

SHA1
a7c97445bbe63db790e7a853c86dd2075e6329a9

SHA256
ff954b1378418d51e41e9fc4499b1c9b4cf194b05d622e4659e043d27a61426a

SHA512
8661c6d0a2c413148c4f24aba2a7a8e18d8024e1945bfdab33484d2b3320109cf484c727616a91834f118f56237bafd5ddbdae9a20c75df837bf50bf3fd95cd9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.4MB

MD5
7ef15a6555952bebf501fb8681cd0447

SHA1
50312e548b0a9bb1880a7287a1a66211ca7cd9a5

SHA256
e7f70f4ef223ea6809c3fd22b6bba60f679259e89ef6cb58e8e88508a09ca0a6

SHA512
422fc62dfd4d0c2445503fbd696e438e0c5130f153c02aaf77bd0a267736488396efb444a8273e0bd69337f0299c7fcb77f244d387035facaa1a91876db19a9a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.4MB

MD5
69909f00e8dde58e1409e8290ea653b3

SHA1
9a66c1e24548c7c6dead156a87d9037be58e6abc

SHA256
e0865144d797f9d30a53ccea3c45ca74d95b383b8802a49289b259dd54cf870a

SHA512
4b5a7fc7e22b1dc886542638f976a1495b3c1d338bf80982cc5b6cddaa95b5124566588c082cf58e9c87f22317bbc09678502bb9355ebe3aa35302e908275294

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.6MB

MD5
2275581deb4f973752c54ce00272b1f4

SHA1
3ac019f66af381c54028b68bf618fdbb712d3e29

SHA256
340d4b3e1ce1acb03b7007d54fc4e6cca9b0afc3120adaf26d55e70a8f1dadfe

SHA512
fd2406b8d3c023183269e1874e2c02290636db187681a79d012ad18a2004135310f270c7db7acb59a9c46eda9e6a0bd40cb67fb4b960219220ff6997c6e494d4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.4MB

MD5
829e343585ae6a76daabcd2944b91107

SHA1
8772d2b01e0e751fbf900ba40e96e6838d0a9ed2

SHA256
e9596597384f74429f78c33d5e49c121b1c2e011cf23b237fb9d8a7585e50eda

SHA512
cef5bbbe5d48acca152cdf5aeb449b6662a63cb48478d9a3ead619e481f1d4a073d7e991ab24ed77d7d9bfd96f8e934e478cfa0e7d720655aa46a9ab979df134

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.4MB

MD5
6d99e92973afbdaa1107fdfdb7333889

SHA1
ad77735bcf5e1d7ff5f3b02dd67e87aff3fa4a5a

SHA256
f555de0b93a63082133b29a4962b1633d89a90e439e3e49a01c7408eef861199

SHA512
812632a02fb651c46f2a20d6a72ac60df4b570e6e0f6f2ea5f369962b5c5bdcd40b1ab18ade0ef90196fbca78c1292038eee05f7e322e4c6c8a24198c858f53c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.6MB

MD5
af6ff34b8039f8a64cc8f57d4ec4d0fa

SHA1
55db4698e8dea35dd59bd93d5725ac69fa5b8c95

SHA256
dd405c7acece38356c10fe631d4bdccf6ba1dc1bd305cc01c420a4ee32a28e69

SHA512
b2bdafd35b51c08d72d8aba7b7c50e9d608715871c94df957190de18321aeb321ef2bb0298d6ba8102905698384c7f6cbff07fdf4a5bca93f4356786309c3bdc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.7MB

MD5
4b2a3494c3099d57146e432ffe47420a

SHA1
7a5861df09091da3386546816a758db36bd3a3e3

SHA256
eec39b97b0296cca7e1d0b835312687aef0cc7ca9679c6ff463e85a9e5f8bada

SHA512
3b3cd7b5be4374aab3fbe8e24d6ba7b30b0db8b366c3695e6495200c542daa6290260d3548487ea272e5806d5cdda32e0fbe08e0176b5776483f46f678f96c97

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.9MB

MD5
31b4b335ea74fcfea6df34bfc84bf18f

SHA1
75d83ae3b5b8bfdf30dd17d2e61f6f87dcf33d32

SHA256
ff18e00aef21e21f9fc03b0834c830dfaad9b2e455c25cc2a839a479ffb0e85f

SHA512
9d4d197352d2c8a6e3b5c254f93e132c8ae529a0aa9bbad3249ff3f4fe363bd3a331bdc95fd615b0a5d84f8ca6aeb074548673b3cec4843c8ea33ba98f2cb8c1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.4MB

MD5
122811a7a5175a14d9318d9324a956f9

SHA1
cd70f64c37950101b6ade4a947f90f1ff5f23ba5

SHA256
8cecf08d617778b2a8691e21e0423541fc9e4442e0081fe8b25b716458310d74

SHA512
cf8897721859ab8fa2b640552f7752706252261d14f9e3f5ca8e28cdd5055a6cf85cff82a10296dcd3d6ddf187ee58f6d2924e5b037ccb6364389de4f5655e37

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.4MB

MD5
2c179635e8333b5e67fe0070868b9d9c

SHA1
e9ed1e82b2018a7e92ddbc952882d7b80f1463d1

SHA256
1e8876c5ff824a5e7e88be13dcd51121018d6c8818eded3e394a7b9961dd12a1

SHA512
5d9286f03642702a64dce12afdc6469d0f1fccc7332ec8ecaa0941e7ecbda9da0e61752e5be70345cada550e4ba1e1a737b9c74937fd6cf1c4f75b87a60d283f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.4MB

MD5
726dc5bbf5b1765c308bcee6b508011e

SHA1
ae7ae882f10302cd713e74355b3db5de013bce48

SHA256
82b96e7a6d007e4efdc4f2153602514b994ff1cabaa810b9431501c47e4b118c

SHA512
e2ea3e07f16e327c68c686c68529193cdcbef1575899d2c3bbd14a3eff6d88319e8e8592b6db40fb8f0b9c2173bf74013bc2edaa6939fdb8e37982339cb8dbf0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.4MB

MD5
3f0c592bf435caa9c8701f2dc62b848a

SHA1
cb5086a52d9b56e48825137d4e56de1ec82f2c8d

SHA256
a60dc9448e01d9d8150ec8d7864ac541783bef90e7c124cee74ecabf33d0bacb

SHA512
42f92c80b6534822f228681b9301d8ef831f94ebef4dc8f05dfdab05b3349c122e54090352175dd0fee46c85306ace95a59829040bc253f7662dc930749b8273

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.4MB

MD5
e163b88cc94eb2d135acef3022d099a0

SHA1
00bb93346b5dcbbf86e14aac547f924c1817fabd

SHA256
af1b79e594b31ea460b2304367466c91e711bd820e68c0fd982f13c0cc270c90

SHA512
04a989ecbd94d96e3c6a9ffe93e28f356492033c621e1eda55b1398513cd2ab4417bd4286ac2394a907b3dd7e71ccc0ef598efa9c168e8c7cc9356b8bbb35730

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.4MB

MD5
9f7bcafec734ff562830cc3dbafd7ca5

SHA1
ead713ef8921ca9672200b9b2211e9a622014a35

SHA256
1ba40b09e628d9cc5f10c92c34652c5815898fafae1ba9206ad91141939d04e1

SHA512
af08fd079ac0693c67fcd60cd24e8538594f2435c271378e9ddc03ae4da3ccb6edad64f8e41f5f733cb85e124eedd13f5121d04b43e6875cba4a5723e91ad957

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.4MB

MD5
2f0a23405386d36588e0733d4a68894b

SHA1
1e0edf01cbf3199fc702454a2c62624bcb731cfa

SHA256
43d81625392e6b72a61e0cde83586cbf908394e3023bbd83bc72a68808617df6

SHA512
45745daf883208cf5ece9ca09b4b47aef8418944a0fb05155598b980dbdf092317746a7ccc313e4895a35a79b59791b42df5e8739ff3de9f9e95581ff6d0a057

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
1.4MB

MD5
e1a9ab2f69e05b722d7ca6daba8ec842

SHA1
144af0a959bd83cf14765703e557307d38f188df

SHA256
41ff37b539602b84574e563ba65a1ce7da3a6dce9313e959067ec6ad0a42b80c

SHA512
c81e5c167e1ec43d57dc0902245c4da0967957497154704a17501752bbda57730c38f84993a650586ddce527aafe52e1d1bf5cc179c5f20a0d8262bc6253102e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
1.4MB

MD5
b0b5a812e38e30b7db83d6020353cbe2

SHA1
f417d217732ea1da8f211899f0162ae7a2ca86d3

SHA256
689501bf198a0a8f0c48c47df710a1444fa479362da7112a46a0d22dbddb84dd

SHA512
74fbbf359bd8884ab11106b84da36c6faaa2dfc4ca8e29de30a357bc052962401124afc989a2e52c63a2a141a02341570c76d937b8cf7d6fc5351ac5ee22e995

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
1.4MB

MD5
2c7112b112e4bc5e1adabbd00443dd54

SHA1
f5aa29f9d24093728d367ca19cb42459de212876

SHA256
e835e368c1295b60619e281954f48d82e3cbf3f39743acaab7e75e2faaad034b

SHA512
7fe821b7ef4551415fec44ab7a723c4a684e23d0790311339d588d5d28b1708d99330513be3366a538937aacd0b2c975e5a5d7f448aba361bc969d553ed0b4de

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
1.4MB

MD5
16ddba5ce6d8709925e021f925160ecc

SHA1
28b3c062c9098a6210b1b540bf9266b99eeb2647

SHA256
fa97b721f539dd2881294179cdd62b8cbe84a3b5b22e0c4007976772af316392

SHA512
85b53a93d7a982fa75711c67a428532392a1bccd270511607085065ca8274b9db49ae17da6eb7c8bbdb4b92059c06cbdd7cfc38ae8b7c795611443cfb09bda33

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
1.4MB

MD5
96bbad8775c97440869090631566a3a7

SHA1
3c0c30525d9c4ccc1fc968e8261004905850d459

SHA256
d4e97067e255a26d628a58b87ced1cc00503a416c88202113c74eb43c8e412ec

SHA512
fa2d3d97d98848be51383c07431b9f2a270c868f656a69d1bb810022731c5e51e18cfa8c01c13f8531119a63a5ffee76c48ed09808b8bf7b5ce8a0599299d4cf

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.4MB

MD5
aa5335131f289e7f7735321ea2f6f535

SHA1
8bed5ee2031a6306b4ed731c635682c7e3644c2e

SHA256
dc1d9722518316daf6432f15e0953baba903a0270ea51f0e43999c68b71b027b

SHA512
348141a507ce9f7da6abd7335074008a4337e4531d50be6c1a49a270ad39c0329e1446283148763b027eb374e19f4d49c8051604b17837582cfc907c9fb2da7a

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.5MB

MD5
a1efce1d93d5779dde2da0a05b1fb7d8

SHA1
4f45d4d79aba7f53ae9156d08bf3e7f74e502d27

SHA256
fb913aa7c295c982f39c88d8b590ee9bef916d37045d00cbf03dc8ca8ee57c88

SHA512
49a3a05e5d35c547a05297b622a6d52fabc6bf93712bcd98b1bc77e10469aef584e738f635bbfce134bc32cd298364e5fe8759264a4df2c8fbd452eb40740d11

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
4522604bd8ed337e2501bea995cee77e

SHA1
114b226ee9ed6da26757b1a67e6d9c8cb02d268a

SHA256
81b76387de9da736fbc0e71246768dc7176005fb0991686ebc6172d6ca70ad47

SHA512
bd0d6308ee871fe92318bfdbcb61accb4096ee7a391154022e4ab48cb934f0d0efac01bebc76ea758e2b6c8ba04a170ffc8a7acd2fb479d00c7f901b0e4b1592

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.4MB

MD5
bb7e50f7b5005f87e15c759cc30bae04

SHA1
028e5c857be17be49688e1a9f1f2b158f6a0e7a8

SHA256
cbc90763279309c3302ab3f616eef6467bdc8348c2b6e929d7864426520895ef

SHA512
bbd61f7f125f6c4a0f090e15a878b6023b5fdcf484606dd14343ac152f63a90c74dc40c6d3017644cf6ff51af6d3e3684d9f22399da661ca88dc5dffa71128f7

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.5MB

MD5
de7042144a3e05d933b0cc384aab6b76

SHA1
07fd549e29ef6f3d2a68110ae3620afb85a37c3f

SHA256
8270c56c18e38ee1583153562330766dc496b51b87f2048e42fb48872adf76cc

SHA512
e2d62e6d87db52745cc0ba5a755d6666b573fee61e7a6bc0c6933135cb4b164b97f8fb9dd73f6cda5b01354d9d8020f17f709c4b0e9dd81535d563594a9daceb

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
6de371f0c9ad853711d592d3a20df30f

SHA1
a8660b30985eea7b3444c2eddc9aec519d4dcef2

SHA256
600a3ae1ee8e5e61d5cfce50015fcd7e1e3159a1ebb7316def5c75a758017671

SHA512
dee83edeee0590707ba253e7b7421fb95fa2454b02b78284b1271a75892b7434b042bb8f6f9e5125131d42b8f7ddbc32320f8b14874f72f2ab99f53b01c05cf6

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
6de371f0c9ad853711d592d3a20df30f

SHA1
a8660b30985eea7b3444c2eddc9aec519d4dcef2

SHA256
600a3ae1ee8e5e61d5cfce50015fcd7e1e3159a1ebb7316def5c75a758017671

SHA512
dee83edeee0590707ba253e7b7421fb95fa2454b02b78284b1271a75892b7434b042bb8f6f9e5125131d42b8f7ddbc32320f8b14874f72f2ab99f53b01c05cf6

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.5MB

MD5
25729146dc4aab63cb247a30a6c81fac

SHA1
ab367d319cb92ab4ce072c6b71ea111f039313a6

SHA256
cacf3553f2563d1352bb616afe5489bf31330bb5c02e4626b4b0f6027c5102e9

SHA512
9f681949486ce77c9400d57dac18a6ae7b3e4d48480885e5645e1b4e4489fef249acf2d58bd890e91ea8b76bc29198e7b572f8cfc1bb8d089032a7080908ab44

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.6MB

MD5
5f8a77645385a437ae86693827f142a3

SHA1
8ac56e22aaac34c0e20a7ad90b671fe3ae0c695b

SHA256
3256ed335f0fd137dfa163a3907eceb3c1ea00f01574d47451fd93903dbf8286

SHA512
97a1e734fcdc442d1df25ac5c33d243889aecb76cd5aacb30108823c79da3443f8aa5c07f596732e2d1d6672168453942d44d070612c44b22f183d7a9e56e39d

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.4MB

MD5
9e162dd9cdfc2d5b60a4893c5a79a07b

SHA1
c9a9cde4f8ee46f21e889c0b5e47f7000950424d

SHA256
87b9eeb742b36b9480ba64f623f093e0e60e0c813d066b6184905b960c32460b

SHA512
3ed31ccfe60efc776f547868490fbcbb56cc3eacac1aa6ed6fa4f72e910770a952f0cb8e10dea05bf5fded267f04e3e04a5a8754b8375b38e4f7118c7d6c08fc

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
a8de9e15401a4d5547fdcbfecd4aeb75

SHA1
a9e60f62d9a1719e30bc849d77bfd6087a410c02

SHA256
53d8f3de73e38d12a9697f149ee7225bd420f1c0eb6fb18ab47e0638bf5fe614

SHA512
ac7b033b76c4499ffb66352fd0079c4ceb43623483860c6f483dd91f1df80dd7afc20200d7bf8660a2670fb57be60561c02fe7463314970192b402afb3a48313

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.7MB

MD5
3504ceb04217393c5649328f0bad14b7

SHA1
ac0cddfcb3bff5e31afdfabb481e8b1e524101bd

SHA256
ad08242902706772eb6f372c139bb5854219fdf093e55eb7a8fb3709b48234be

SHA512
21211da5a80ab7aad0221368294bc19042be3cd9c2eba4204f3a3aa8130ab151e185ae1d449ad2863bc0a34a892d4e61ab0cc3d7c31edaa841b22517ef93659f

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
1.2MB

MD5
4522604bd8ed337e2501bea995cee77e

SHA1
114b226ee9ed6da26757b1a67e6d9c8cb02d268a

SHA256
81b76387de9da736fbc0e71246768dc7176005fb0991686ebc6172d6ca70ad47

SHA512
bd0d6308ee871fe92318bfdbcb61accb4096ee7a391154022e4ab48cb934f0d0efac01bebc76ea758e2b6c8ba04a170ffc8a7acd2fb479d00c7f901b0e4b1592

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.5MB

MD5
f5e48f7957d64ee52ff7ed73ceae09f3

SHA1
05e46e5587a424303ff1701c18a9351ff853e0cd

SHA256
8d217f637b573fab7c989831192ee6da6eaff8fc8bcb3752e98c28b07c87d994

SHA512
7497f47a02c75d5633e32feecf5ce4c2138278e8a55c9cefadd11cde3d8c7d9c5273e7571bf57638084b6de7f7ebb0662f0c993bd0880121b145d46275d5bf3e

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
b2c695421a237d05c6740d44cf45bc00

SHA1
b06f644422b6a02d2a426509a8ec4e6d1555460e

SHA256
0639fa73770ef5a34c9a6574d1ab6c954e4726bf9d74752e2d5ce68a897ddc51

SHA512
79df24ca33b79acb8246075e4a82b4a11875d6314b23db76e03ffc142895789a854388bad2e7b3c42044ad8c1a41020cf1ad43d5edb14b19cb9a09d51e625faf

Download Submit
memory/888-214-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/888-480-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/888-222-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/1316-131-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1316-133-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1316-139-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1316-202-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1364-143-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/1364-19-0x00000000005F0000-0x0000000000650000-memory.dmp

Filesize
384KB

Download
memory/1364-13-0x00000000005F0000-0x0000000000650000-memory.dmp

Filesize
384KB

Download
memory/1364-12-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/1488-452-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/1488-210-0x0000000000650000-0x00000000006B7000-memory.dmp

Filesize
412KB

Download
memory/1488-203-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/1628-241-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/1628-175-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/1628-182-0x0000000000900000-0x0000000000960000-memory.dmp

Filesize
384KB

Download
memory/1720-144-0x0000000002260000-0x00000000022C0000-memory.dmp

Filesize
384KB

Download
memory/1720-146-0x0000000140000000-0x00000001401AA000-memory.dmp

Filesize
1.7MB

Download
memory/1720-152-0x0000000002260000-0x00000000022C0000-memory.dmp

Filesize
384KB

Download
memory/1720-155-0x0000000002260000-0x00000000022C0000-memory.dmp

Filesize
384KB

Download
memory/1720-158-0x0000000140000000-0x00000001401AA000-memory.dmp

Filesize
1.7MB

Download
memory/2284-493-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/2284-319-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/2284-243-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/4020-226-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/4020-170-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/4020-161-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/4020-162-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/4044-105-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/4044-117-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4044-104-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4044-112-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/4044-114-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/4272-74-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/4272-86-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/4272-92-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/4272-160-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/4416-119-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/4416-126-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/4416-120-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4416-189-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4520-0-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4520-130-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4520-1-0x0000000002390000-0x00000000023F7000-memory.dmp

Filesize
412KB

Download
memory/4520-6-0x0000000002390000-0x00000000023F7000-memory.dmp

Filesize
412KB

Download
memory/4520-7-0x0000000002390000-0x00000000023F7000-memory.dmp

Filesize
412KB

Download
memory/4520-328-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4756-230-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4756-466-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4756-467-0x00000000004E0000-0x0000000000540000-memory.dmp

Filesize
384KB

Download
memory/4756-236-0x00000000004E0000-0x0000000000540000-memory.dmp

Filesize
384KB

Download
memory/5084-199-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/5084-191-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/5084-354-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download