5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
Size

1.8MB
MD5

ddaab7ef76d8a152179aa1d5e82423e8
SHA1

9444f716992864d2cd4671b3205d233cdb7393b9
SHA256

5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd
SHA512

f0524c5abf6e8d2191be3773dbf2eb8ff2a0e79b82bfc0296153370a9a9edc14b24f9d57df415a2a85180ff2916382d2f3951b7455bcc6a154e7ed6ccd5bded2
SSDEEP

49152:5x5SUW/cxUitIGLsF0nb+tJVYleAMz77+WADtMVFuIWq9LRbCbCCP:5vbjVkjjCAzJjVaP

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
3872	alg.exe
3524	DiagnosticsHub.StandardCollector.Service.exe
4668	fxssvc.exe
1652	elevation_service.exe
1044	elevation_service.exe
2564	maintenanceservice.exe
4908	msdtc.exe
636	OSE.EXE
604	PerceptionSimulationService.exe
3736	perfhost.exe
2728	locator.exe
2760	SensorDataService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\system32\msiexec.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\System32\alg.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\236c2239b759df4d.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\System32\msdtc.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\system32\locator.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\GUM7DAC.tmp\goopdateres_hi.dll	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7DAC.tmp\goopdateres_hr.dll	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7DAC.tmp\goopdateres_fil.dll	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{622B5345-A3DF-4616-B086-BDE38350F13B}\chrome_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7DAC.tmp\goopdateres_ml.dll	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7DAC.tmp\goopdateres_lv.dll	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7DAC.tmp\goopdateres_ta.dll	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7DAC.tmp\goopdateres_iw.dll	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7DAC.tmp\goopdateres_te.dll	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3524	DiagnosticsHub.StandardCollector.Service.exe
3524	DiagnosticsHub.StandardCollector.Service.exe
3524	DiagnosticsHub.StandardCollector.Service.exe
3524	DiagnosticsHub.StandardCollector.Service.exe
3524	DiagnosticsHub.StandardCollector.Service.exe
3524	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
672	Process not Found
672	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3512	5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
Token: SeAuditPrivilege	4668	fxssvc.exe
Token: SeDebugPrivilege	3872	alg.exe
Token: SeDebugPrivilege	3872	alg.exe
Token: SeDebugPrivilege	3872	alg.exe
Token: SeDebugPrivilege	3524	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe
"C:\Users\Admin\AppData\Local\Temp\5b0af55fffa67036b46f44e17e74487e070353d1baaf5e902781bac80a6766fd.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3512

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3872

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3524

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3876

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1044

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2564

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4908

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:636

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:604

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3736

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2728

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
a95dd2ea764554a1cbeb335ffebed0f0

SHA1
9fb3124668fc123a76c2869e19de94aa2ab94f74

SHA256
351f2b5b12c0793281a8d08670d3b20b47f70e2fb3aa700abe365a07bf6842df

SHA512
daa9aa3c5fb5730e13a9afda89e5a8b29c025be12f4aaf8f739ba44e535ea817a310130682cf45d55bdbd1d212659900be3ff498b91d191cf5b88b9f255d9a41

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
84878a362fac4380b72d4ac2038c5405

SHA1
79ef9e1a16bd6e9dcd4ce9b958bb7d4200b3e2c0

SHA256
6014f8782b92dc6130d5ec7b827466abd42c4b35005867cf1c3cbc333c11fd76

SHA512
8fba76199976b9c7c1bf18e0b31b9b06b05fdba5c6fc60d67640100b880901f43fe6087a02f6b58cfa9e8b4d9ccfca96ba5e1748b1c4e2382e82732652c90049

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
84878a362fac4380b72d4ac2038c5405

SHA1
79ef9e1a16bd6e9dcd4ce9b958bb7d4200b3e2c0

SHA256
6014f8782b92dc6130d5ec7b827466abd42c4b35005867cf1c3cbc333c11fd76

SHA512
8fba76199976b9c7c1bf18e0b31b9b06b05fdba5c6fc60d67640100b880901f43fe6087a02f6b58cfa9e8b4d9ccfca96ba5e1748b1c4e2382e82732652c90049

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.6MB

MD5
56631481e0df7fb3ebfc3ff6df962414

SHA1
0203d3fd161e925bf6c3f9bd9620edccdee48915

SHA256
df76bc7371e1c5a3b805520a351775cf0ae43ad7a53037ad5c070ffe77590ca4

SHA512
e79914499657561ff6fcac320bfa2ba03a9e459ea1127eb8de1d1b73029c2ef72b8b89215916a655a29a754a41057683891edee755a6ca97111077f67648134d

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.4MB

MD5
c3faaa0d83f31397095e08c5bf15a7a5

SHA1
ac0e0633d26243474a86b5b6421df724f2f2ec78

SHA256
79694443d4330cd55405777a37d89494bde86788826ec3abe4489f188979f1fb

SHA512
888169f3d83bc45891fb3f58298785f36e15c8506d87658f33fa20e0b7eadcdd27afcc59d77d437b24f7e14258dbd9c320dbcaeae252f39c13737c210db40254

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.1MB

MD5
0d240f2392f1cf1607dd4ea144b7320d

SHA1
033e696fa1c81b776a4fdc2930f00e5d43c6e106

SHA256
96ea7ddc9bdd168b6b9568734f1fa84d9e4c830192c65ddacd885d491030caac

SHA512
777cf12f23fddee8b44b0c76c2456420b838c8c6d940cd229df8bbaa73f4b61fc3fa73eb528f7fc3c78486db5a04c7a03e0238f10c33b37e8e2b8f3139c39469

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
37c3e311468ce55552573dc4647c9daa

SHA1
dac71465de6e80fd29cef36fa1567eb1df511d85

SHA256
c2d6cd5801d6aca9e3aa26af5e99b828be7d5ef442f0b545c3fbe69864fd64e2

SHA512
8b3a0ca66006b3d421176c9059ffb8eb47593ae10a0361216d078e00c2e7c26856fe55141355640d6841da52a1be3fc25b3e7f593d21afe5d4cec701cd3c168a

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
07b5f95a99fc8ce3c62939845fc430c3

SHA1
a6b474176f8a7c42d64e14d70eb9a8720c4f7568

SHA256
a2f5c5d44f4752df4b50f612cc99dcc16b860abf1003e04956d2960116ea6546

SHA512
8e22aa62ce20352bb6ee7b000105b6f70f8f219f3ee643560997a15dc43bfdaac79ff2a77c1e65ba6667e0a282ad731b23a4f5f412980a09dbfc4cdec2efecb6

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
e5d80d0d793ddcdf981fbeadfffb9413

SHA1
d5b9decac7e3aa973c8a8e2abf34db7686b6b492

SHA256
95ba3237327abbfa4de11dc3816f5cf0fe74c8ef8295498a9daf15568cf35dcd

SHA512
f209e8f4592d4e1e5f196ea699fb755bfa751da9f48144ad07e81d03f38f7652a91162dd9f7401db914c0149757559b810e2534f76db544f1c7642b0a9f8d5da

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
5d1e7017ad15d1bf45381d433ee94608

SHA1
9e61f58f94c693c23536bf21df213d400894eeab

SHA256
d6a2a44f388fe4742da9eef907964741f4984ea473492bb1009bc23482d4cffa

SHA512
7552806ed136cdd8f52897b9dac43f467fd28efa74185d708b3a7561145b013ab1dc5d52640ebdd8f88457cf1d37685457354757eb2e0b8470bc931388392f36

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
4c9a0d8f1e242c2187461f31fed36b82

SHA1
2f95c3b5f9901b78b7ddc1ff9c44b67569b6cf3a

SHA256
c78f322c14a44dfb63b479c2227ca646a4106fcedabd66702b38fba9ffbbe7bd

SHA512
c0d83b052040a57b64517f313a9277c5b1347d89b627fee20e651a965ffaf461a0e69da2c373aa65003f868fe4f0640d85e22d505b6469668c5e375cd2fb79b5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
866132082bdec353497635d74d92b7d7

SHA1
63e31831748123401a2970cb8157751aa322f16a

SHA256
ee6896d16287b605d0432dcae92e8d0a1cc66c8fe1402146ff355c6a27213e49

SHA512
c2d76ef144db6b1e384000c15768b63381b260d195b6de842906813c4ea0a1772b77414a36ec2c4c2556c564cd556054b8fe8df1b6737f85894b6c2fecd9aae3

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
31c15f85dd885108a82129ae9fdb99bc

SHA1
2cf846b36de0dda7f91afee1bb1519bfd0b38c32

SHA256
a95f815958f56a208ae9e1f6f1877f2d98ef224abec4986c7c8d88235b13a7a4

SHA512
a20f4cad81e2291bec05b069acd29d12ad312f8aa86d902a63dfd65f4c2b0ffa8fc5dbd024ff17b3bc85df47a073b387169ccb6842bc54913764e019a6f10933

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
2d3c0dd2215cdd56a679b99d7ac07684

SHA1
83ff55a37015c93bf3c02f99cec9a49e85012c32

SHA256
b48d476c6b54440d7d7459b10d2a09af9d34af33e15ab044b66dc4abd8f1107b

SHA512
ec11c41e39ad9e19d6fd911d9b346cf566a5687a2132911127edfdc1d37d2e133cb4a7a7d0f291ef54ba931f5f87d0e0fc4c0193922fc51d3d8677b9e4a03c0f

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
3f2699b9f5b9299a19f20fa952b0baed

SHA1
27cc8d0811926ccabf56a5078fce05562844638c

SHA256
3b3b7e406d407abaff225b7760bb9f94f35efcfcf362f86188cba614099e5f5a

SHA512
2cc918ccc6cf3f60e08f3626e1dcc7bef01f41165164fb0bff891e5db04c0099420ee0012fcbd72bbf37f0b4fa11895bcce7fd1ef7bf66f7568e456698e74a56

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
12f97261f1eeb5c14c130cc427593d1b

SHA1
b69caa35eb2470e0d94a34b020bf51e012e53b04

SHA256
758abf072ffa45df26fa1acc9c04274bbc9a770afd4e4d22df8363941821b432

SHA512
a0527e8ed8a3f4eff866a1de017cfb4daa9b76e38aa3b57413eec5fd5fff1ac1f821cf496e3c9391de6552dd09a84a6215acbdc1fec264ad4e5b22dacba9a0d8

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
96ac9255eb81b989af017393d3cb0094

SHA1
fb1ca2ac07baa3049c3d8c8384bede01fa77ff82

SHA256
1cf7f0ef7de3aeb7c203b1e730faa658a08eb26c5ae6e5492b55a5dc5cce2632

SHA512
c937faced343ff321ad983cbb7080e27500ffa63fff5565bc80fb10506b0617c72e84b24211a7109f8dadc6032c3b38382286dd2640817677327b34c06716c06

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
eff03e2f64f48a7fb8437c8c197e1963

SHA1
d3fff68281da5a4b36676514e07c770e68225a45

SHA256
a76b2ed09a3273f325e18af5f3ac3a0bbad337fddbfb77b958e11e8dc2b037ba

SHA512
f55afeec5cdcb22b295e2944471687527b25ce4f6a662f3dad7ec240375caf81122281513dc21dab8a99276f9b3e1a5ddfdf8436c8e0fe25e8187f3fe6568c3f

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
cddbc385c4dc03cd1282f4384d9671f2

SHA1
5f600d351a0d72444a1bfa08fb1311c6000f6819

SHA256
a4c191a7814e7fa560169235125e3c8dad6d087b8edc47c2588d208a0b28eae2

SHA512
712396a05515f93b75bf6f2326fba77686ab7e46e07d7306f1647a401dc842986f5a5ea7956eb2b71ed852b7bb8ebbba2231c97aa3321e499b2f0d8c1e85d789

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
f0476aea9cc07431d141b4022f064ab0

SHA1
a5dfd6aeac559bf1312f187a8690859ce5f7bb38

SHA256
61b00f558ccd1be09d6594cffc4508d0df9dcad48b9656f5c3832cd3ddf93391

SHA512
6e2eda37a11d127a95756e14733c562d59c81b06175105004380a1649053d0055c3b0132d6443d1d3fa5fa219fd31005a9069d980cc70d258703d5ee3f501764

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
635d0bc3f846ccf608517eb1df0b1faa

SHA1
3ef83850c11b37b95a22f4c1ca9a1b1943d91f67

SHA256
6f4c874218498b84402182784018dd432931842c76fa45b4a37a87be9b4f85b7

SHA512
cfbc87a3027d4fb1af508bbbcda2033027064a916bb8611de5948bfd7ddee998742ed479903d81673ed760f6e0d9a270a6da6e9c8b56064ea01b9978ff8af537

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
0a9f7a4a23721e48d14a12d68fb356f7

SHA1
5d6417a0bbf9dfb582c79e7a8848ad2603c0866b

SHA256
84dde343cac6f9118c5d62593310a3f9a90f59e9162c263424d000c2010544e4

SHA512
fbc3d4f7997cfbd39f51f13414f8b4063943cf50420fd4b6fac5337f9c5707776cad8f56db64619dff713a093f7a525c7e877ae0368ad2c09c2c306d137e1f1d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
3a53bf5d7b09e5165dcfe466c7a10eb4

SHA1
2db463d6149774e25232ddfbd75a5d589329b825

SHA256
08c96be93200ac8a12e3174b9a3ae4df1a9b9c62472e84b1edab60ddf660197c

SHA512
fbbecc179d06130e179e50b15486234c37249d2181d1966db4fde230dc044ee3498206b0b26f1a5261e34d38bd0a19cf0be9e296ca76e02c4a10e30f8e72b10e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
2dc6548f0f1d4a97c5c416cd27570fa8

SHA1
70befdb5a409c16c36186c2c3f336bb11688c77d

SHA256
3c480776d9daedaeda1062158abf46fb026b50db83cfdc70cfa2ca8cc1940778

SHA512
734a4bbf9b6448d108e0156ed951c148e3544c86ee9e6a63d154d6373a1039e97ac0e6c5fd5deaa23691c27503752bc1acb26cf6b5551fe7c20a1e6a5ba29adb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
6b65b22871f34d6488d1e017915d481c

SHA1
b27be6c605303ffbef5c23fd32204908679d6e82

SHA256
1f2951810a9a07bd79eb7318b542656286425b13d4590768a6bc4b3aff31d0e2

SHA512
67050328ccda04b75536b6860e3914139718aa2761b1d68a963b25e733d2b86767fa3345557c11be523756636ae2c87d00822f3696108a5b01de2bd536e933f6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
856251e75c597f61b70e0c17cd4bf0a7

SHA1
ad65610507baa763ce9bdab7f94d194299f47a8a

SHA256
688b06b5bedd0574e955e3b34c86b0391cd0eab5320c691fc51a4deed030a5e1

SHA512
581ddee57b4976432ae379ea159c42cb51345e47cdc66c66bdea8981fe765bcdc82fce563c9aa749663d5bc09cb5fe746adadadf89890f0ba54d03113dd847d2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
4f45a68faada74b94648632a7f74f8ea

SHA1
3e14ceea48714ec5ea175175cbbc6c29b4800b72

SHA256
d5749b12a8eb1060be13b3785e89b831829cafd398bb70dfe55462155f358570

SHA512
c680ac77e116069cf7f1f7a66062cd3cf0459667f8ab7938c83e79b0de9628664dea87716f9f29fd5003cfda3c4726004ce167939805a72ae38ae9425bc89eed

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
0e99ba21aa22154cb8024a9b8654e0d5

SHA1
a88d91e5eb4f656a2f2eacbf50c2c39abf44165e

SHA256
98882f5611f082f5254bd79fb1a9c7a32712124d7b220da34da34611552e34b0

SHA512
e2e6d08b62efd509c52c950cfa5086ff9cf2764318a2ddd68f220afa55736debcb2f7ed4561f724460b65d8603461c3e1df5e8d1e07cbe549772e6d26571cc39

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.4MB

MD5
bf807e484c9019905b18b8d4c679e919

SHA1
4c144984c073f734d0adf865925128828e56ac80

SHA256
726afd536b2cfb5c4b9aba9f023b6c3890ba579a8f3d3939a72b1a3bd75368cc

SHA512
69607f745ea492c364267b498101614efb7169498e9ae0d251fc6354e713d9d8ddfc5e081db429e5ecee23f6fb6b3e958ce6d13bb7948c4e94702864a5cb6e02

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
4515065bb83ebe796eb4686317d87116

SHA1
1dcab69ec5b3f18fcc19092e0e05238314bcb4ba

SHA256
c36816de8ba37b5540eeec7f5a219414e4ac354d2f189ec94bd67b96b47865b3

SHA512
d343de6c3dc8f869743c0c6a136c3960e44786bd942af948b9fedfa7cc49872c3459f0ea22c915963343189abbdfbf9aae92feeb71bc271c69e052da53566b82

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
61f015422d9316deeb6dfe509aae3cb3

SHA1
9e6caa5bd8235a35d187b9ca76f092bca7f63bf3

SHA256
d782b302b4458be468545c5f8dab3de1e05c420c85e10267dbcd851198a9036b

SHA512
d4d59a6f31c276cb32285a58edf2795b2fe355ac2f0ba3c801512f0a47a23bf318c39e4362233b33cecdc47105b56f5f5a87569eb40d7ed831dd7c5f0243be63

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
b8350ebc685b13b3f25655fb3593abf9

SHA1
c427c76826c8c0978ea7a704008f2db1d3e3e4e7

SHA256
006a82160e08881e1cf1ae107a5b1e5b9e98c367a6e0a7188c467aaded514d22

SHA512
f623e80c36bb4efc68eefd6d59608885f5dab0c936299dd0e9d47b557fe7223d7059248ed83a5caaa3ca068ffeb1951d88bf8df9100f701d8f813e948dd6c557

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
bc9d408e37b189fcb63b19844170380b

SHA1
fde8c928f3128c8c5934408b6004964165e4e115

SHA256
008c9f761d68c582c5c3c36171515cd2ec6d23e48e73236d146037cade81c775

SHA512
5cbedd0b325531ba58e05d206fed2816a2c922ac8a5fac6187eac0dec13e8616fe3a08f4da301014c42b195ce064e18be826c70688024621ddb3f9f712608f92

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
e73a508f1dcda73596da0b0f25ce7eb0

SHA1
f5fb341c645c8b4bb21731632363534ad1f7c8ef

SHA256
e335839ad6a1ce9a634c5059769299c1a59ae41fb5f4f70db531b561bf08c21a

SHA512
bb4fd17e557d2439d7d252586b199ea65e59100c6eb398e126717055d8aef0e69b6d1f665eb5b7f095b3c80f1006b9ac4880020e82e99214af2ddea6045a728f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
db1e9a327a6edb31486f433aa3234fdc

SHA1
e750aae0a8917bcb7629684835134d1b40aedf1a

SHA256
9acc78fcea60cb5538e1d822aa7cce249a7b455b1372cfa2c01632067424fd5a

SHA512
3815dbc5b6f41dd7f098281f0be861ab9f4bd909fba3b7d53f6adfcd9325264b354646286a3dbfe533e5089f5537a873ebca92caed3b22d4a3ebd940ade3714f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
abffb6649a866df3988f294a2f10dbc9

SHA1
96a59c0729c26d1eafe97ddbe6b1f51d7f5efcec

SHA256
8cd84d1a0d95a145fc8ebf4fe16283cc01b1392d17d30715bde80eae9ddcba1f

SHA512
bd0f7869c090e97fd1318e31bf4c572f4ae0ce020c07da7f1c2efd4f06af5ed8e951c26a007da4db9546660701ea53df23dd83ca0cf5f2347b4910d2bd411d60

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
f63d53c6926cd250d79204ba421683af

SHA1
7ee85577a036ef4c551477b280ceff6e54a389ba

SHA256
66b84e90c18c9dbb5556f3c287a60d72ad378c1dfeb71cfbbf2116a629a6b852

SHA512
f84cb900fcf4a7c501aa04a1c193e02c9919b81239e27d74b6a4d623433b63ca0af997de68e751fb2a7c6f47be82de0d6f1301979711629bfc68b13466f6dc96

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
470e98610778cf7ac517ad1e2bfc8687

SHA1
8f82359178a732023d89856aba037f3a4a04e960

SHA256
232877a41263b5ccc193fefc8a7afee86db30c85724ad310d36f1af383c9c180

SHA512
1a5e3df3eab5e5e125348137406d62c2667599828cb90b3661797c899dea531ed44392eadd10facf87d38bc257774ebad31f1f433a43ac619cb50822d232c773

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
65a5add49e5452352045138fb1e458fa

SHA1
b4752108fafa2bf8a7d523cffaa19270ec6c7ae4

SHA256
ce983df31598132822419e78506a489a7fd0c4f6d44baecc246455473beee1a0

SHA512
6e8cd8dd65265f0241cd86c0a70706e3e92c2ad7927ff976ddcaa5c9ad904a7bcd0ce7d3cc6c7b349ed0fa4a885e57cb19bd2a45787cea6de3c1b582a973174b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
7fdd93b35eb20a9c90ac6d8b685c1592

SHA1
af072805f0ece393ac62b63bfc3966eb9a237b99

SHA256
cd7f1ee94975484208627d42dd3578cd340efcc66a68fa9dad0e0d38e8de0f7b

SHA512
21cba24d430d149a8b689b409a2bec92f0ace473bf7c4032f67a7943aa9b534f8af159999ef27394362da9b47c139e3976fe5e79bc164ce25b2384d8c3985e3c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
a8ce9867af9572db2201c10f8c2f4311

SHA1
6fb934cb291b69aabe9a4032f3181d1179aac696

SHA256
d45d18cdc71a5701570dc2cdbef88130d266a42f9fb9cacd1e315ac88faff877

SHA512
21ca040e7e85cc839d784c20a0fa2f48677b478c98fa094b7a7301b481aed98efe80861147e797b777d9bd7ebcfbdd67d50643bab5a79ca381213af2222551a3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
7c33f6cb0099b797a633a83ffedde6ed

SHA1
02f55cd96253d60ee4d0466afd3192104b451504

SHA256
0c6aba3ff2f9cab4f16a32364039dc86dda2ad33463d73981476801bd01db596

SHA512
81ca55d8b66f840b69ed3271f4d563c5d468cfc3edcbdc26b0fed4920d79de7fe15e5ad32c90b3b6f405a00cf3d2e6f5f30dab37cc7cecad8c60be1bc31d5e2b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
e0645e1f779a9093e389b9d446b98a19

SHA1
7d05d1a573494c212759ca4c31be983dc2846268

SHA256
5a8f57baba4dc9a2b824c1a628bd04e27c2001232e9f3ff20b4ae5733dd31315

SHA512
cc8733ed45de1ffc78557d6f7950dda51078b1d66206694efdb7649dd4cae9aaf727dc3a2497a3fb863ae8829714c5657422bcf790823c37ad725f8ec3f2c74a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.2MB

MD5
8b25ba4f5f4446c2b717a55fd81e53c3

SHA1
10722ea6d1adbfeef42af720c2561f16dac446f6

SHA256
906cf84f0f27824401258b12ac4a65e064404fd80f4395866a75b2ef99b1f0e5

SHA512
a16e68c0c6870df422fe04c7002e0da10b045930a260bbe92cd0cafb93f76e963b4e27432e9b3bb7d3e1e51290c86972ea7d9beb699d7569a50baf73fae12d30

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
1.2MB

MD5
6bd84152347d5849543e139bb6f70cde

SHA1
b2e59daaeb1e344421626afb100ba81440345de2

SHA256
39eeb6f207585e6231979eec2bbe560f469c70de1e72ed197e9700c97350588c

SHA512
09545f0b666b8f281eba37c2853046dc231fdd2eabae730d5df503bbfba4ac7c1a9f916b3bb9a67c9875d82a9884d386e8551bafbcd889e184065ef3997c0f0f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
1.2MB

MD5
4d86f7c7c433d8ee0f2d54058ba7a3da

SHA1
36d78310117e77040ab2a53d4e8b62cb781c091f

SHA256
bb9e0786ff050c4a00d5505f5cb5857d01032e5a706308fac294d3e874dd4f40

SHA512
68ca0a480d524e50d5902d514def53f83b70baa67a96b66448d9270e935155d11a8efda66c2f65409a9e71fb885ed465239cb4b04d02ae62012186c9171fa0ca

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
1.2MB

MD5
86bcd07e6b48c2fa10ce7878295482b3

SHA1
bef17c4bb2f94f31ceebc9d07b367115526c1e83

SHA256
cee08daa5d09ba31c7ac59c3b43ce638fa7771dd451c5ee1cfc016f821daae31

SHA512
8d71f73d2b8f137d103bd6b13aa618a1868052f960331ee9a050eaedbf731766ec79b14c69bae8900c987ecdde7223f0e1eb9ad2acc9cc182517ce48072909a8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
1.2MB

MD5
6d5ea3f89e685119482b8ed4993fd842

SHA1
355da8c5686324a9ca8a5f755e9ad0ae8575cef9

SHA256
48dc4b5b7678d850adfe44ec7286105197ad51c351bd7577bafc5785d1ced29f

SHA512
9802eeebba8fed111095e625f7b26ae53768d8166446654a348cfa0713c69bdb08eaa019c30a545ce127089278b42042b85f63e2b58fbd170dfd432ce2c29687

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
1.2MB

MD5
b06725240a531367c69e642e6150c754

SHA1
5ed2495e8cc4805052917129532fab0fa63bb0ae

SHA256
25dfb2e74d75201671443033a147097cd020d4c4fc8f8d491420f0a656565e84

SHA512
d95a3f997dde46c9e1f8934b53877ae971fe45db80887aaf2b49fa5d4c10185585e0f0239bf9534adc8eb6f62bb05f02610ed30e49a58f48fdc5fbe75ab7ee9e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstat.exe

Filesize
1.2MB

MD5
77ff9ca47b232645098b3da0ed61b9f0

SHA1
c3d5be0eb3c8bfee5993104f49b47f64c76887f5

SHA256
eda5293c5783c10daa4c8474f5a77ca8a2420e364e257b0f92ea01b0c3c548d8

SHA512
26ae99bc282056b568832297ce28f8cf4e7d8c6fb6f1552cd374e54810f5932e1814aa8808310a218e5de80991d82d2bd7efd7e701b0e9342bae5cb845db3e9e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

Filesize
1.2MB

MD5
81e07c7618d556003a99a7a9053b49ef

SHA1
5badbe2df26b63b0c6533a940064984f7b7bea61

SHA256
6a80d74d8b63dc5a02072b8aa7536b2a91c2f437c91b96f2580cbc365f9d490c

SHA512
8a6dcd9e4cb154e136ae0f6eb2386a43d1b134440db46f70ddbe149d5f458c858b8f24d8c97083a45356386ef781b79fd4a17bbc3e10c6abaf01a786fa15faa3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\keytool.exe

Filesize
1.2MB

MD5
c8444dfaf08af97068dce3b54cd9960a

SHA1
1df22d8a62f909503bd0b0f06bb0b7a9f9fae1a1

SHA256
f36112c57bfbbcefe6cc9c133dded2b4e29cbe914b70237b8a43394c91cd5f92

SHA512
77e6a55584cfc8bc0df2e75a2d3ac474a5cf663775139629b73f5f6510534798d80b9ad764da0a8b9e788df5397839531279879eeb5dc2908a920192b0ab4aea

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
2bc408ba1b4c7fe5364f9487493adb4f

SHA1
33357ed896618b321aa9244dc879d9140ded50f0

SHA256
04ddddf58da94f2091d3d2971cef7dc6692e2486413fb5e23f3fe23c9bed4966

SHA512
63a8080a5f17ea51fae939611f444825d79df1af89400c5676f244ff79ba1be6154c6db728178d4a97a13a0710f8e0315bfda8baf37848b5223d2728c0c9fb8d

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
4d5572f937971e539ac0751d363b7416

SHA1
9d4117b793bfb2646685633a33bca0e9d09b4e4c

SHA256
756339591bab0aaa231ccb41f17ea321f78061c3e386720734c46c4780b7fb1f

SHA512
f1612ed90e65744be0fd1307b02262eb3cc41594a264c1ac5d4f36663b6fd45d0b4e2d82a31e887b6302b0caaeef1899c14894145a62c7dce58605d1ef64ea7e

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
19db491d9f123bcbeefe3a5d5f94bc6b

SHA1
0ee0e61e422f85ae8a479e4fa25f18455eb7eaff

SHA256
e666d58db3734132653eea0ea962d72ebaffeb7ae9e05c45a3e436d6a5fb52f7

SHA512
d97bd3f8fd4273fdb3e00549517c6ffa4fba7297d8fe6ee90ffd217c2f774eaccf534caa54f18940ec4001a53f456f613db550f88d296430962b989eebc66342

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
aefdcd459e0e9ab37c53416a47910ce5

SHA1
dbde85e2c44f086d0719be8515952610716674d8

SHA256
75f8566529046cffa7d6613adfed3d403fc306d136b7fde498508dee13a8d6a0

SHA512
f3a76e10c205fb2b6a75c1e07894e2c1f1ab76da0530bc4106e8d7ce775814f361e0201004c1a1929e93a6a5692b9737f85d8c8375e75d7b824024f71b31155c

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
fd3b9e7cac5bb189bf76f3c98f302f11

SHA1
76488951133bfce6f8b15252aadb04b525e3a707

SHA256
e664472f14066059c486f8ee7954f896b774118272e40c696ba4a5d658aa1658

SHA512
cf698181b49d4e59e63af827c511f531864ed59e465e68e976e0f346a4d8adbd0a845d1953605f5bdd9533d5881929f016138c31438891eb558eb3ad0955eaef

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
2c15948298c176154c69c358f7e5bc6d

SHA1
dc5ed0913cf5828a135de9cf6171dd0e3ecc3f7f

SHA256
7f985eda294e3cf4af5f0da9bfd8b7fdcdac31daa5e0bd18da7e272e5e5c8a18

SHA512
5ac3551949b1bdf78cca338af0ecb4e4c589e9f265819ae31e03fd31979bb27e20820b4f2ace7d10b45ba1adad1ae0fb7831b95b4f1b689ee129ce30eba89040

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
3a541645cb91139d0fedb8025fd52b27

SHA1
15da18123c645b4adc9cdfde9c48b3deaeda1962

SHA256
0bee72db1bb7d779ce67c3c2449d6280ae8baa9ebe563305f0678b755fb7fcfb

SHA512
25bfa6b0dea1e4da24fc39d15d783818b47d2aa11233a9d64304adde6ee00dfef955cc8066294c142b8c3e8dbf2d60a965b63c11a18b0048558155e9bd0bf029

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
bf1a58bd29b9a04bbcb8bf33ccee141b

SHA1
c0607979a55b3ee368e06a7f3676e89e91d9f5f7

SHA256
676b8a2903510fc2c36c23603ef79ecb55fdd6c17887b292e0743ee80fd1f05e

SHA512
92adfa68db8f4afeb61fe28b625a777a0259fd4265d082adbf5acb572f3d94efe26b25cdd80074dfd20617307ae821e2d331106734be4286126f472a0dcef244

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
c694a73d6a9297b3b3951b6855c01695

SHA1
fc7418cb794fffc2afd8983e322e362231f08db6

SHA256
42b6987d3293ffb741e765b0655f20105b79f1aadfa509dc5de7c6a5408bdeb3

SHA512
b0c3848b9e365dbfbe1daeb9c12ffb1bd44b85f0c505fd037d868e57a84dfa807202f128d090ef662e6510d9599f2214d10f7afd323e7d8a3dcc2de5a15f970c

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
1.2MB

MD5
19db491d9f123bcbeefe3a5d5f94bc6b

SHA1
0ee0e61e422f85ae8a479e4fa25f18455eb7eaff

SHA256
e666d58db3734132653eea0ea962d72ebaffeb7ae9e05c45a3e436d6a5fb52f7

SHA512
d97bd3f8fd4273fdb3e00549517c6ffa4fba7297d8fe6ee90ffd217c2f774eaccf534caa54f18940ec4001a53f456f613db550f88d296430962b989eebc66342

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
d99cd26796afb8d5aa21fc058c4dc15d

SHA1
9547ded4fd8a5f0e5ee0742206832131b41cd218

SHA256
84238b08cc1a0f00c29bd9faaec14656b3a250efefd1d6f69a73a58dfc231a65

SHA512
543cd2674e5947ffeb9028efbb1efebb85440861d265f38ac8e80e50bc30d02bd0711e84365365689e2cfc074d2684a4f6f9da0689748f4dfcb2f529a275a69e

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
f11c808ebedd5837a2f5df2978767c34

SHA1
96ddb8d8d4b74dc96438608d783376b797881ef1

SHA256
00adc83e3adb427adf5229ee246dc5d17252fb452b330dbf6a44572eebc2dfc2

SHA512
e8c74cac500b6dc9bfde936269e824f32cb080716cbb28f7106de05eefd24c935e3c7926fd4c507f8e5dbf4632cda681b57b558341a729e839c75ec0b6746a8c

Download Submit
memory/604-192-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/604-199-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/604-452-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/636-185-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/636-449-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/636-178-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/1044-202-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1044-133-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1044-134-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1044-140-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1652-120-0x0000000000800000-0x0000000000860000-memory.dmp

Filesize
384KB

Download
memory/1652-128-0x0000000000800000-0x0000000000860000-memory.dmp

Filesize
384KB

Download
memory/1652-189-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/1652-121-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2564-145-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/2564-155-0x0000000002260000-0x00000000022C0000-memory.dmp

Filesize
384KB

Download
memory/2564-146-0x0000000002260000-0x00000000022C0000-memory.dmp

Filesize
384KB

Download
memory/2564-152-0x0000000002260000-0x00000000022C0000-memory.dmp

Filesize
384KB

Download
memory/2564-158-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/2728-206-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/2728-453-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/2728-284-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/2760-468-0x00000000004E0000-0x0000000000540000-memory.dmp

Filesize
384KB

Download
memory/2760-520-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2760-521-0x00000000004E0000-0x0000000000540000-memory.dmp

Filesize
384KB

Download
memory/2760-460-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3512-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/3512-1-0x0000000000B40000-0x0000000000BA7000-memory.dmp

Filesize
412KB

Download
memory/3512-292-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/3512-132-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/3512-7-0x0000000000B40000-0x0000000000BA7000-memory.dmp

Filesize
412KB

Download
memory/3524-101-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/3524-160-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/3524-95-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/3524-94-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/3736-204-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/3872-87-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3872-13-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3872-144-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3872-12-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3872-80-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/4668-116-0x0000000000D60000-0x0000000000DC0000-memory.dmp

Filesize
384KB

Download
memory/4668-119-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4668-112-0x0000000000D60000-0x0000000000DC0000-memory.dmp

Filesize
384KB

Download
memory/4668-106-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4668-113-0x0000000000D60000-0x0000000000DC0000-memory.dmp

Filesize
384KB

Download
memory/4668-105-0x0000000000D60000-0x0000000000DC0000-memory.dmp

Filesize
384KB

Download
memory/4908-170-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/4908-426-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/4908-162-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/4908-161-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download