8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db

Analysis

max time kernel
187s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
Size

1.8MB
MD5

0f755611f46a8c95abf839fc096fab6d
SHA1

6e5671c63cfc538718c6ddc4390730d81f83cd31
SHA256

8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db
SHA512

17ca3184c6dee6590d922310dacf3bb79633af1fcd9fcff5f821400f403f462aff0346fc070d9f7089aa0d85b78828a6ab6dad5acc71cfaf0ca7b1af82031fe5
SSDEEP

49152:Hx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAGgDUYmvFur31yAipQCtXxc0H:HvbjVkjjCAzJ0U7dG1yfpVBlH

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
3672	alg.exe
4764	DiagnosticsHub.StandardCollector.Service.exe
412	fxssvc.exe
4288	elevation_service.exe
2828	elevation_service.exe
1376	maintenanceservice.exe
2008	msdtc.exe
3520	OSE.EXE
4208	PerceptionSimulationService.exe
3868	perfhost.exe
2768	locator.exe
4856	SensorDataService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 25 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\9e6d45dae04146c8.bin	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\System32\msdtc.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\system32\locator.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdateres_vi.dll	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdate.dll	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdateres_de.dll	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\GUT2026.tmp	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdateres_ta.dll	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File created	C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdateres_ur.dll	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_108421\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM2025.tmp\GoogleUpdateOnDemand.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File created	C:\Program Files (x86)\Google\Temp\GUM2025.tmp\goopdateres_et.dll	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4764	DiagnosticsHub.StandardCollector.Service.exe
4764	DiagnosticsHub.StandardCollector.Service.exe
4764	DiagnosticsHub.StandardCollector.Service.exe
4764	DiagnosticsHub.StandardCollector.Service.exe
4764	DiagnosticsHub.StandardCollector.Service.exe
4764	DiagnosticsHub.StandardCollector.Service.exe
4764	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4876	8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
Token: SeAuditPrivilege	412	fxssvc.exe
Token: SeDebugPrivilege	3672	alg.exe
Token: SeDebugPrivilege	3672	alg.exe
Token: SeDebugPrivilege	3672	alg.exe
Token: SeDebugPrivilege	4764	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe
"C:\Users\Admin\AppData\Local\Temp\8802745903a6085878f672137c56e1eb7599c280ee07bd1def069ef7391112db.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4876

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3672

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2796

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4764

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2828

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4288

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1376

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2008

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3520

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4208

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3868

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2768

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
22KB

MD5
654808ed8b191a078a579a7107bea79b

SHA1
c37bcbdadda9c0e2cff7652ac9bc6b23945bda56

SHA256
78b1dcd879b113043df4f4459a9830463b48c00e50caada23191adc585fb04f8

SHA512
074cb15df34fdad04c32a3cba604214e97b30b785d055a1f7d7c1ea46055d6ac7e121f6c6453b15afff128b05e95dca434fd500ecc68efb0859b45b8b3162d8c

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
80KB

MD5
c235c63bbd0c4a8197b29bc7958c6dcc

SHA1
1a51f07ab1efbf0b917e0ba2f3e64358e58c7f16

SHA256
3ecb344397cf55c1f6f4a5b335c95df3641b43df1407b641c29a85e49d8caf5f

SHA512
cae8d405cfb6ace8c65450252dfec82c34828d24d0d75830e671a7fc19d4be28f8df3b3313d71cb704990c1d81340a5edb01599c6b052d7732393ad07bc7e8de

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
77KB

MD5
4a146e19b6c8e81f83afb06aadfbf16a

SHA1
1b04021456612b5f481a72a858031821d127bbd8

SHA256
81afa99e9b08e913022e4bd30968c92bb5c911cc3889071ec12272ad0fea2b88

SHA512
1e76868f31a7c310b88451d1c559c447e52347a59183359f48ef4a9fa98c40a437f4b07f248ea29abb2523a743bfe9f462abe3f05e1e6066876a4b9647bd9343

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
896KB

MD5
2238a61118c2cf37afa5965562a3b87e

SHA1
3f2f804f82309475fca78fa1d7e49a1fcd3c5d19

SHA256
d496de982f9318dc43bc2d6490951470bee27695f86f798ea85104ee119993ae

SHA512
c931df355cc89bc4fe09b75f3c5759b185c5a7bf101575856cb119fc0689e1fa85abd8fa7bd2c37832016cd9203aff02f59a36c802c28dc5ff8a3e42d20548c8

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
352KB

MD5
7e7bfbafbf43f42572ef5e153613841d

SHA1
8125589b8ca8756b819281dda13be87501b0fc71

SHA256
1a8a3bb9863dfbf708a10bb8ae95999d3353cf826e21582939b98496e3c129eb

SHA512
b906d9583556a3f3d4afdde95eb11f2402bb71c5ec7374dfc2b98cb2d452a39a0d0ace2599ab8be763e365cd4698d3e1d786aacb301157c9f40d91aa0cb60601

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
128KB

MD5
59f69121637e41ab24bd52f487ffde58

SHA1
8c611abe3b1be9eb8cb9086f6a669d155baa65e5

SHA256
0075ec1ebf5de4dd20c73164e2765d32d63b5f3f2c66e0e37d8d19a517342f5a

SHA512
36e838f106d64f665837deef58d0bb15e95735f9ae196436ef97d60ebd6e37250a73af24e77d0f5b17a92e78fcf31845f122fb4f3146fe8176bc848f9dbc0daf

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
439KB

MD5
37ad56f304882c1a6649673d57ca85b4

SHA1
0fc84e00b5c5d9c3363f6e352a92e94a4f3ea3e6

SHA256
d6426364fbea1134be52005a1fedfd2757d4b423d21821be5b66df916d61b4eb

SHA512
7f022e5cdd640bc20c100745c0e4e48afc729e8388413c58dcd5b84e4ac932082891caee7185b688547f461a8c6baec4fd92ef1290b6300443e27f4dfb3414f6

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
280KB

MD5
5a7d58d25e3b48ba8194197563ec7e35

SHA1
f8b43829c8159ff21a79bb0b016779f9f1abc156

SHA256
e8b9e8ca59a89460e9f693f463d389f622ec27248e9bd5712d7a2f1b4e543c72

SHA512
25e9163008df5fd4c0b3758398f0940d44a47a1d98a702f590f553e397bc209be9f7058408d3f366d4e6a1916a97c830b78aafe7bd1aa62104663d7508ddb3a8

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
480KB

MD5
7aaaf00114bf700fa7691e28f57770dd

SHA1
189a5c54a2970a9d9eabc1d28d59ff0f312e9d41

SHA256
11624179e4628c83bbf68f723e3b9988408b14999c0c5921ee7c1f2208994dc6

SHA512
92d9c01d3a86da1ae48013967e2c4cb1f16643560e162fbc413b36c78f82a21094b14db867e9d7f17b1183d7b0c691b8ea654b25dead0174cd95470338f55863

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
686KB

MD5
7bd35e2b22e250c287c86f081a1efa8e

SHA1
4a3863f7fc7c32f192174a192e80bda9fb7cd088

SHA256
09414bdba2db291db5d9c267ce04bb3c56b89b890d69b06739138f81005fbc3f

SHA512
fc1d88fa1582da23f0392754718576211775daaa45ee41435fd56ee1a9927a7bdb4af4416f008cdccef8dacfa3669a63089aa257523952283ca98a1d5e5b2ba1

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
255KB

MD5
061035aaf42f2362f4c22a33270025e0

SHA1
ee6330703e5a9a2aaf03217fd15792c252ea294d

SHA256
eac9e97946ad33cf0ddb8567c095d439a92d0b7c5b81ea419c0f5075c7bd213d

SHA512
3be32e4a579c9dd5b678f33425d2d64df5c138315757393648d6ae30fb125784dbd4fb5d5ba46f2f72a2ddc1cd8ce0211208e1032742895e862c3aaecdf61a85

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
128KB

MD5
268d555cd0cee153685b1b0775ab7135

SHA1
c884564b1302e6a169b0fbf0f65a00cc2e8b1883

SHA256
d5bf7fdb05094d73ba2880c556caa9320ddef70be019b17beaabad4b0c40cf30

SHA512
e208012491b4f13cefc9d087baba39f15ffc6ba83f723688c9a11ad8e4b6eb46613becdd06a9e10456f002f57bc3d9d91c523bc9fd8e46221bd76fb4d90c6f67

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
342KB

MD5
8a9a6e4ffeeb95a7df8a2354d912d856

SHA1
21f1414bc60b326aaa0c81309e32e87dbd4d306d

SHA256
a54b0f9d0a28fe50b0a44c9ed6c58b347dcba8265dfef9c9fd321db1b33169be

SHA512
41a6a01f38dab9bd49491e6d4cec33ebc1afb5610eb483d786f6be7f2858ed278726fd2d94426e3e5881224cf8a59f769bc77ae2f1f80bf328cab574a0cca498

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
92KB

MD5
195778011cecde4ef4b37eca5d33a76b

SHA1
f56950895094a437732b439e3358eed404769d12

SHA256
0f4869a659f84f201af0c9a6380bac835f8c0fff854c6bbc6d5f02c8862d40c0

SHA512
ad80867ca653267c4e04bb4d5f59c6b3cbb0c268e1d3d95dd4ae33fd2f6163128ef80ca370ad67664b8286ceb3578d6138509952e0da88095e0a567d3ac96216

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
64KB

MD5
96fded621eca701f9f3cba75eb28043a

SHA1
ae82e29f9902d4347b03c933e5ec042752d116ad

SHA256
17fa8fa647c613de7ac10abac63597ea618e878380c68e4c476904547910cf6e

SHA512
53461af5ade8bd32e2a500bc104d60eb4d64acd716278c4ab1275270121078dc1833e041341fa0f65dfbd566b0c5ea9ed9671ef1d2369a182657150369b31823

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
267KB

MD5
f282d93536e1951dee3d26089b40ec7d

SHA1
d4ef80474e8f1197430209816a284d41af0127c2

SHA256
3497cc90e9895210a66b88c1b144974b1eed44f6045f64e314399d16cffc3df4

SHA512
ed109860ed4543f81f07b8a65dff43b229718b4591f06b185cd1eb420bf1bb8fc87cd6ebcce6940beee3ece669902ffa6b6ce5e1fc1f13c5c9714b5a1c69dc78

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
215KB

MD5
9c37578e5e0685861a2b536c49e7164b

SHA1
c3888e7ba8b644ae885bd843e44f2a6cecec707b

SHA256
234f136b106d602b2f86155d65578041a3db9689c517c43e4db602d392f5781c

SHA512
596b0933677074faba20113c9d9cfc3eaee96d4243efbd4e641e2cfd6b5270bb78d94bd81a899ad7e005f6289e0af06045e3f77a3e93f2de0d37a6d0c627d091

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
349KB

MD5
4e21020cce77c5c1109549fe2976fae6

SHA1
1a54ce2052f2a7fb89d234547b0eee897005fbc8

SHA256
ee345c4009ba1b1e78963f3c8e8a7aac5c45625dcf7ea0fd8ea4162c1fb4609d

SHA512
efb0983c17c953b683fbd79e5b04f3a09edf580efb4cc990f791f75af29065d3fb6a85d44744db34cf6e653d4c90e71816b182365d9ea8a96a4130cd75e0a7bd

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
100KB

MD5
5bf0f87a2c31e0dcfefe3f29a528523d

SHA1
3083310cea178bf5edc424b6afd7097e61d317a5

SHA256
c0075c34aedb014fd84d9624bd267bcec392c6bb72ccec8958e4e467c3bf4976

SHA512
50c3c2b2201bb2d2f0c86425223bda3dc2f60234c42f2ebfee5cd984da023bb52ee7ade2af2741731e57d627fd02f4d57beac6a41fad256333a082785bcc5b90

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
321KB

MD5
d16364d6158b0a345593406195b75a71

SHA1
9932c53a407b42e56a6595cf65d097dedb586c0e

SHA256
f1a422c0a98f10d5574756c00795814c1e81a6606a893831cb6cbdab21b5f588

SHA512
b15940ec760f28b03d31c0465b1d03b5edccad1d18c33877b6043dd104f23ea1495da5c30d457c2c64e33ba4d4bab3ee415cc525ec3faa9b460be9b222597782

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
60KB

MD5
407947ed0c714453f2f548878f671700

SHA1
c16a8541e2ea0c407759be5def88b1440e101871

SHA256
051947bbc5e8c9dde75fd1bf9075147fbb111d6904c9102bcd6fd93b2d2981dd

SHA512
fce31b143fea083e8ed3d8550d9f02df0bfd737d35e8f0656ddfdd8c698b4cfd0b50c3df6a72434835d3d52a4918c194ca272bb6a8a84381ef29c9439ba01ab7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
78KB

MD5
3ae81273fc31a209eb9c2b01ed4c7920

SHA1
10a2ca397f68a70a8316e47e53ac6c13c3e95c2d

SHA256
f47ba47442f0cae48883a462be514de5f7cba5b96a400db4e5a09e9a30ee5808

SHA512
fc1dfd6d94faff4fd80b4e5365c68008062c672957ffabc60ef9ed8ccf13430f250db387f7167c27470083b7c0a23c3c7cd177d513401843961ed2c2acc8e377

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
139KB

MD5
104e8eac6a73d610f82b78d547494fa1

SHA1
06d3126c68636fdbd6a083b241ff317fa4792d90

SHA256
d1c05df9a3af0626bc6463115b5222b23ae7563a0d1fbba51a5221ee0b2b723b

SHA512
f3bf2874e0b1516213db58dadbd4ccff253f2fc881aa37e64c67e27983fab37b5c855e715157a3421116b4d1a94b285583b9e441493564569e8a04a7090ab73d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
140KB

MD5
12f0291db3260f198048f01d8bf7af65

SHA1
0a5ea00a809186d0c2f235c2122b9b8bc224dbbb

SHA256
bc0f3e4598eced6b75044ff37436d3a78b9d31b893ab12c7205e00dfcd037017

SHA512
5d679cd44a96777782e35fcc01974f72382309e594cdc5ebaf9aa99e6d31f247518e1782096033b6b9916e20ece22fefd3e1eb03869d9dd2b46ea3d490c9403c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
80KB

MD5
ce73135a4a0140b9db137f2e3c4fccfb

SHA1
da91986cfc120cef6f7484be0a45ea46dd981580

SHA256
99a4d11034bc4d26b5d356355f2874c655a2b9a49fd72786a303f32d5fd719a9

SHA512
d7ab95447dc76173fca69fff5496b2fc7281c0fe0c0fde6a9189b389d2f66c90e533f0e6e5fdf58da2dbb51a50a718e1d732479d3878667d6d3910e94292ffd4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
71KB

MD5
979cc0447ba444802de05667415bc43f

SHA1
2e202eee9132c291b0d754fa8d6fccdabbfe4428

SHA256
c59098285ca05f14be73eaf63822847c3ec25688c0c046cf8e7510630cf1aea4

SHA512
f58b9f4f7fe18ff12c0a9af84a311fea965adeeb45aefaf168a7180a6416d98cd5417be143883188a6d5b9935c1e10bf0344239927bb4a70b9e8291643829829

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
106KB

MD5
a71e854e3ef5e6fa962dbe72e0be4b83

SHA1
982a8f6bd5afb652d8159429020517609778f440

SHA256
2ce5820e47f24216a890232d73a3590ae279d6c073630f44f0bdc218ba64132f

SHA512
df11b2a20739919885e7ab285a744a9b87b5de7ea00b465e3487b218b2f5d24ad92f13ac1472ac4c455010145d84b44e2c1280cb340d232541c5029f7f39476b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
199KB

MD5
28fc7e63bc6760ff02f6a71fb1e5d09c

SHA1
c0b21d0ed6a81c0d206f603b2cb1c8df40f2c44b

SHA256
7507f3a955ebed31f69bcaaf254b09de89ca65fd7d73abf73951640557f95a2a

SHA512
fb13e4670c06f4b603704036c8c5c25daf64525ce9370bd321cff87b81dc271d2fd7a0989ce70ff5f468a8cd63e6b3db4bd1787307ec38fd2fccb5ffda04d1fe

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
70KB

MD5
ab6c8db9bce99aa15dee1ef4b8ffacc9

SHA1
5d3092997efb40010703ecad64360264ecbc613f

SHA256
9bbb8ed688de838c3b46f175dc920cfdec2610669e4b721b0f5d3b13defd0cb4

SHA512
9bdf73f574d490ec51a7413e65a95df07795e47e3c2c128c16dd339d74b4729b6235200d9e9fae119832c2db2cd94fdb1381357237976e1b96e1932dc8864d0c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
75KB

MD5
b0f4dca913dd27c4edb97dc2b6aa6cd8

SHA1
4674f1023dccf9b2c1a3588a6a372ca5fc6a9734

SHA256
c2b18531877ddb12dbb5d94202b54f698e8a8526c5d85b8788b993824f910a06

SHA512
f4458950b281e08c47b1850331f72b6bee0a60f7295f0c159f62e3d0460b414fd905d9cae086c120e900a37155ed8afe0d60d94af8fdcc28494f0fb5510b6d9e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
99KB

MD5
df71677ffe8c6d8b6431163b7650297d

SHA1
9abe67712b275bcbdd9a625485554e1cf12d8efd

SHA256
dfc2e3566797b25fe120b7079e6428651d5885f07844ccc5e35089a1cfdde48c

SHA512
acc1a47f251eeb3a1937bad184c2b3e2052290eb0044e1b82cf1c0b89648b14ed09093cc6ae2d598b0a04e77960d8b365244a61f5512e16d5d4e2daa61d97272

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
149KB

MD5
0021e516c3dde0874e4d1991546426a3

SHA1
fb7b3686166ab0abe770de3dc8361e982cbd9b8e

SHA256
dc38e7e6b1c38d0188eb60b04b0c228ab8c516a69b9b4ffb79951d643dd344a1

SHA512
3b7fe96e8c7c3cdbc03e56a2317647b9374a91efb655b4a4d6d0f0cda4d5b7c3bc0277a1aa63eb5d4c52c6d32c2dd63c201c3d131c5e858a9a5e4bb42099eb3d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
149KB

MD5
1428a4b70518d5d5bd0c691d2eefbf5e

SHA1
efe0435a63f4a0fe47d68df31028b3f6a317254f

SHA256
9cfde18b24ac8367a6a4778057da915edd7f1087713afa5fbbc7645e6b3fdfa0

SHA512
60847ea20bcfd488c9c75c56050b9bc0914fa845e9cc01ee75f97392929c0d8150490d81e88ac6048b883bb9f9a6d1c676cd9b73c0b0764c783f16ae7d5af2a5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
91KB

MD5
ffa9f3ebc1352b805a4f6efd490bdec1

SHA1
a14fd073dc2ef9e99f0e2e69efb7ee71761d8343

SHA256
9c2080c0493e9e29362458586abaebef5d8a4f8b8682371e619668768392828f

SHA512
179284e3e08a9c251f0e2558dda5673be0e9fb3aa8c021d1e5af4dcc8f0b65c76fba3e2859d34795a1c96590d80a36697a7adc92757fde0101c69b008ad8e8da

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
94KB

MD5
8a39c442b327bcf62e5936ff599c4360

SHA1
827ce16ae4dcbfd3f64c7c4da110b3c0031d9c92

SHA256
c2b3696fda7d77f3548bfb271541680f6cd010cbae735ca33eeaf8af03e35477

SHA512
82c5f6c1346c98a9b53b76453f7f870b4524643f91dd2ad6c4671cb2ba5aaaaf0ed3605d24cdc28f8542948fd8643a58efdf6f5c20397eca1739cf19ba9c79a4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
57KB

MD5
323e8fa35e678102fe8706e20af31513

SHA1
47388af6c576a87cef94c5549aacad74aadae6e1

SHA256
1edc48fad4e3164caca384541408b036a970f5afac1484b341927c3dfd9ce07f

SHA512
a5b83e63d8cf2a49268ee4890f904cc6835b383f15f9f729075c5fbc7fe64f546e5c94b8d4707f34aac4a9fa70572f8c5222217162e41c6a5f63fd9aeb853b98

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
67KB

MD5
3b83fda966087cdcab25afb5f0f2d28f

SHA1
e0aee40a25d94a936d0ff937812178981bc83c88

SHA256
0631ddd899203bed3af41d465861ba8d4d5a610a8674cffa16d869bc69f1c7c8

SHA512
29b931088a04ee2471415d84b03d4efc86fcf7dd6e2eebaf09dd6542501c49b30f2c2cff0acfda576c9a6adebccae8a0315e09f2f80ef9e22acd580c35affadc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
132KB

MD5
c619eb0f27e7a4defb21bc95381be331

SHA1
5decfc0130aff2eb218526d097b6ca59348b17c5

SHA256
1b5215400abef35d139c08b3c9965944e9a34075e41e877ffd8ca29ca50a268c

SHA512
d7ceecdfe285d808b9320fc5c475cee938ea27bf35aebc6b3c3e6194a00b1d24a1e9df9f64f2f3a3d33f66f06e468ab0897d1c69a359772e6b5d40e0a6165cfa

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
76KB

MD5
adce4446e3f892c8e523132bd3e5ac82

SHA1
407b83440a2b535008b551f7f03ecc605febb6b5

SHA256
b5e221c6ca03f139a151f8db3e735cffb05b25a363f064cdb56eeee1460fbcb6

SHA512
7bc83bce5fe19e899943c8eb9d95befb338f77a19471a1b4de34f4b945b5c2fa921ca2cca0e4810d825c981dc5eca1761d372557976f9205110edc96bf1ee29d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
84KB

MD5
a045590cb2dc91d2923233996ef3be2d

SHA1
d34a7516499cb5f78e23f77d27873436fdc6455a

SHA256
3028fca4bced512352fb0d60bb935fdc6007190f8d54a6c769846ea8d792b4be

SHA512
a7c158526573af355749950561d86003285bf10d40c4fe0abf6a84cc7422c6fa83b876a44d0de05b02e209815ea22ae03545fa66ddcaad1a88e92d66715c9a13

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
51KB

MD5
0e825bb5ba4015a32082bd69bc9581d6

SHA1
bc63aacbe4a14eff3d44316c835534af06f73532

SHA256
60dd6d53ef606459a5d526eeaf57cc05cf7eb6c75ad76eac2c5be2ea9953633c

SHA512
0dd00bef9c9fd8248e8f56ff1ef0c280230f7b3a09fa2dc9884b9828719c64e52ebb87206d857a1417e63f4c8e4387c7a909b4e1e25015489876be0d8d390209

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
61KB

MD5
4f64806f685a53f8a7cfae4470d33b7e

SHA1
9f68d507d1ad05bddf31217a04401b46fbb3125d

SHA256
1e75b9953f683efae0befceb83ff1ea227b90a06f00a89f5d1adba028f1278f0

SHA512
b8a2f5ea0c21e5ab3b15b245f746242dad78bf51112d933dcad47bce0f57bf6a35c0d2b27e7483473bd83f2b57c67a435c29fd37295d7d2d828ef8ef97985235

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
74KB

MD5
5185243779babbbeda4a4f801f315d0a

SHA1
4819cb35ab23243dd7c2e8bfb61bdf49aee419a4

SHA256
eeb514476e2e58037445f8f9fff6f56d1a693c867bc660b2e666ecd0e1e93fc5

SHA512
33d98a9ceb24c2f6118d65204f118ced62b0252a0d802e9648f6ca355af22cc916941426fec079df67fee56935600bd89d8d1f715bc9d0199ebc26b461e1940e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
57KB

MD5
4052f9dd9e5dff0e8cc365118dcb9733

SHA1
47fa43a6db29b1a69555bd536593287280737fe6

SHA256
263d9bb7f53243056cb376c35bad1bffa3468021026c88f094e35c4b75652bd1

SHA512
c1ea079ea75b030f840c3f5f14c76c86fe27f21e786a7927e03fbf0ec627ec162a79e88c9343c4af4e5d47c15e650ba0bbc87db7c12a377bf857ca164a082c47

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
122KB

MD5
768347ee0eb21605e743b7a3f03b67ff

SHA1
f11900953c89752ef94e53f7d8f33ba4fe8ad388

SHA256
596bdb5cd3061f50cd0c98ea88f5171f8905c483172c7a9b8bd83d6aa881c944

SHA512
fb8271476d917a89d6c32d2d7990c75d506ae81221e750baee9edc3154f65798dc1ccc16bbb525307378952bd170f494af3ec85ad49822933c8ba554bff629d5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
115KB

MD5
1ccb3f04402cbada356b4ed8c3709ab7

SHA1
376c738f5b0df87841afc1d7d6a59ba76b3a12e2

SHA256
08804cd6cee61083729003346f9a7e43d5b43edd5c14af1b7045987a89f22b9d

SHA512
4bac2678fc4e55300883fc68e53b975f7b14559d3046c0f4261b520eeaf018cfc5751c5aff397cb3b8a6fc474e9d74d33cf02bb16337e8b3c0c97956d8e964f8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
51KB

MD5
46ddceef8d49b259e057d136759e3371

SHA1
a82b5259cbd40f7dc903826ddd1dfa58bd618cc0

SHA256
5fbca640e8c5283bf74424181af912632ebfe575a6444d87ecf433fa87b0cbfe

SHA512
cfcbfc4a713d0c08790c029381317cf5a542bc78883b918868a84fd6b48c6a8a79e96035d84484d15880da20e0dc79377e7a019d1f247dd2a3b9f05803c3cfc2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
79KB

MD5
7d49493d36716a8fcbe03ff8a332f91d

SHA1
87699cf8d786561bc15dc54cadb4e3f05226d66e

SHA256
48ad1c5dad8758904e3d4ba614ea66b83cbde96fb4593cb1a43775f54099bcca

SHA512
7e57b47290c0504f3d9fea9c2744808f1f71b40a581b861347bddb8851c34a0ec74b9da67a2226cd5aa725d2ff59cc39ef4d367d55005fccf117e4ee6e98afb1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstat.exe

Filesize
102KB

MD5
4b1fca201e62ad6d8cfadd82c4e14292

SHA1
efa8abb36f4518617640ae61a394e42a62410be4

SHA256
a99b3c2d496049b8aeb69229e7cde6a7c2cad3483f28e1af471a006e45813886

SHA512
d53beb3789af19b6e28369b3685d2458cbe8d0e95e7d888c6000d40d1e36e0386f87133c67e3043b8f62a6b869fc5b0aef6a1d9528064f41f43c3094311abc7f

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
215KB

MD5
2617452759a6739c3209248316f4514c

SHA1
d4627934405d5f5dc90904313b896d63f358c9bb

SHA256
7a1933a32d4f21a67ad0b76b7206f6586edfd2b36dc6770e6a5e2d290ae93ce7

SHA512
309286af87042d156e1e8c14ee091f1b38c20c0c9af1be5fd35e10aa461bff05ae233d9000aeee5363ec04b888092d26de04d7aebba49440e80e4fbbd9807e7a

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
8KB

MD5
c428ed8e5e441c4e0318fbfc59705ac9

SHA1
4f07cda30cf9cc1f2621f451e42ec6a8f62926d2

SHA256
c3527b3d04cc12ce6be8c70bf1f8ed435551851c800d54627a52bc4a098fac79

SHA512
1c2b1a9d7f6f7cf1de0266a87764f3c89083bb7cbbd66e5d754662b978ca2e92c374873e9f245e94721aeaff9cf46a3a38d4c3767b32b948b3269bd32c48103e

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
510KB

MD5
539a66796d924fb9ff4ace7d81f22dbc

SHA1
68573c1bf3aed5558dd5cec029753a2fb4669b77

SHA256
008b2f8a1557afda94147f48c201974bedaa374f8be31dfad8e5ee6ed94f02ca

SHA512
294bef926e922945bdb42ff2bd0423775889473be1907a4d4fc4d23f682fe3ff98ff7a6309831562134995a500298009b9be0e9d0e7cd945c4947887363f627f

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
672KB

MD5
48b3645da5026e32ea5da7d1010a1195

SHA1
0ee9dcfbe6bf286b06907c97bfe3146107739196

SHA256
6edfdca00661fba663edd7edb8a2c6247564d6fa148e2145e0c3cd654bdf1281

SHA512
fa8e3b2523961af9155818a842aefe3ac5cb1ec857993e66d8361d750778714ad3cadbf117280f507fb172332b7532c4e25f5f206f26c247e4aa274de2e4d992

Download Submit
C:\Windows\System32\Locator.exe

Filesize
211KB

MD5
eb44a2906636bd7d81d92e96a64e5e25

SHA1
0965e28aad51fca85f9274ddc69e301237858d2e

SHA256
13bdd02177efbad3f48b8094ac078d7dcf829e58ed54115df711272899abf78f

SHA512
1fc126b68e23e2589d48e7d9a6904936c7e93f7094011270eabb0db6983ee635996cea222bbe25a1d6bbaa18cfcb625c9d3a59a29e39f2369983da1a7f22aba6

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
322KB

MD5
853d45a583fd2009266973078e40ba25

SHA1
98f9e05083250b200bab5196a9b9159db1f585e3

SHA256
22089f9b0fe5c5213fec78c8ffdac0df1e62987423b6d47f497b83bf076de140

SHA512
9c2a188efa9bb8e3f6a414fb31d6ac5ee988f6666ae83246fe4f2e1e53ab16320987eac8cffe15e0616aeee9c3cc42dea2d89bba8be4ebb7bbf284646a222cfa

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
149KB

MD5
275811d5bb96a078a4cd2bc16c9bb8ef

SHA1
33ec4125fdab74ec50db5edfa2b8d36b0ed6044d

SHA256
ec2b76a5010ba8996109599cbd84f2f682878eafb03033958b4e2c41812ce24c

SHA512
d05c5963f63aa891991845333116295f307d61b051a19221deedff3b25d025c4afa92c5905db4c1d3aa360e099d7f137ce2374c14ba33e2ee061d2d37bbcfec4

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
958KB

MD5
f74249391927cee5ad0b5a8ef7ee4837

SHA1
f630542318903156d47662ad40ac84daa71e0f0b

SHA256
af55229c76b0937edbc0c741da215ce05eef3bed544a0d3732785ec9026fc6c4

SHA512
a0db7161e09d3ab7753830265904a3879457bf449152e7cf81e31efe4d38943f149b8f7330ffa3597b35031d5c27320dfaf5a0cf950d84a5b87e8f0b4900ea9e

Download Submit
C:\Windows\System32\alg.exe

Filesize
448KB

MD5
03af83510b1237093d040d78b46933c3

SHA1
aa6d6ac61bbbcbafd12509a8cccdc00d4ba7840b

SHA256
b4ec7cbc3f51e98d9fd31f998ba22e5dc367e1230ab42eeac01212e814a572c3

SHA512
9daf64f0f1c4171e0abc5ec902fb7380acdff79afe6d9f6448c53fdf87739364fa6c17593bb753931129c572a582721916d8bf20d1ba7371d07afb91cc9cd710

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
238KB

MD5
46d864a1c7d4c5a41afaa3f12979fdaf

SHA1
5c8dd8609fe355b3d9e18626b0d34409dcbecaaf

SHA256
55f2e19ce2101deca3e9a7d85631f5e870fbf40efe4bfdf98bc0942b6466ecdf

SHA512
a14df53b81af08d238c6ef41f26216e101d1470c094ee8b87455cedef1b6c8eac8aea02df8ad7ad52cbddbe5085fd5d4f98789fd6ab403cac034819d9a84741f

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
74KB

MD5
023f02a4622a0d2ac214f7eafe9125f6

SHA1
b1650bd7695189457c8c8bf448be1d57e46fdd1a

SHA256
e0ed02f34e05d58a4c37ccc02f84b2aed8049dc4954f841d1c45a23cd03a5c6c

SHA512
52aea8a2d923272bae06503da327d75edc83e3bdade48d3b667070556dd3671e155571c9af7dac8150e28d4b8b32248dedc1c7f9b91afb8ef44c9da887f982b7

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
92KB

MD5
e2e8ee87b8e9107d4f1e465745b61e39

SHA1
640285db6f03bea84cc2c11441e61312e422ee8b

SHA256
91d72bc1a03d7ba21f80796b5f839d9b01173b162574cedecd25c3eb7372b408

SHA512
0ae75e55c67f37d46a0afbc6b51819d99f78ac329585624f63f8515249f8a695379ab9cd497b64150f0e9f7bb4123209f915057227f79212bfe29adc62a33ba7

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
88KB

MD5
cbf3d6b320bfbf2ee31f8fa453af4421

SHA1
fbe1efbe0aafccc16dd3e85b6e02a27cea851a3d

SHA256
e70752f27c1530d8c95a61ace5ec08907ded83e825a8fae08f750d099a73a75a

SHA512
08b7852ed0d3597c4042a9f041b036fa1fad70da4525a1432ba3f435ec97691f75f30c20a7177acdfec2a8c0a31f77524df333de80c6c7e1ebe77d201a09a08c

Download Submit
C:\odt\office2016setup.exe

Filesize
384KB

MD5
91e2e114b61649a776ffae27e7c6b20d

SHA1
3625a716a9f1588bd0abc1f9c2174b29755051aa

SHA256
cbadd3d87d41b9d34f963d8838c978ad45f1f8753cc614378156e29bf512862e

SHA512
0fed4b384fa7a6b9acda55c207a14acdc32042f43c1e5fc4767d326319aa1a2f3fe4f7addb4963095b1d6e851da0fd754df6964a35717243d567c0ec63e90278

Download Submit
memory/412-107-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/412-106-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/412-117-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/412-119-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/412-114-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/1376-152-0x0000000001D10000-0x0000000001D70000-memory.dmp

Filesize
384KB

Download
memory/1376-144-0x0000000001D10000-0x0000000001D70000-memory.dmp

Filesize
384KB

Download
memory/1376-147-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/1376-158-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/1376-155-0x0000000001D10000-0x0000000001D70000-memory.dmp

Filesize
384KB

Download
memory/2008-161-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2008-226-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2008-162-0x0000000000CC0000-0x0000000000D20000-memory.dmp

Filesize
384KB

Download
memory/2008-170-0x0000000000CC0000-0x0000000000D20000-memory.dmp

Filesize
384KB

Download
memory/2768-214-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2768-223-0x0000000000580000-0x00000000005E0000-memory.dmp

Filesize
384KB

Download
memory/2768-479-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2828-132-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2828-135-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2828-203-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2828-140-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3520-401-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3520-174-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3520-186-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/3672-13-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/3672-145-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/3672-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/3672-64-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/3868-211-0x00000000005A0000-0x0000000000607000-memory.dmp

Filesize
412KB

Download
memory/3868-205-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3868-478-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4208-198-0x0000000000BF0000-0x0000000000C50000-memory.dmp

Filesize
384KB

Download
memory/4208-193-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4208-470-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4288-121-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/4288-122-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4288-128-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/4288-189-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4764-160-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4764-102-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/4764-94-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4764-95-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/4856-228-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4856-477-0x0000000000560000-0x00000000005C0000-memory.dmp

Filesize
384KB

Download
memory/4856-476-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4856-305-0x0000000000560000-0x00000000005C0000-memory.dmp

Filesize
384KB

Download
memory/4876-133-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/4876-312-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/4876-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/4876-6-0x00000000024E0000-0x0000000002547000-memory.dmp

Filesize
412KB

Download
memory/4876-7-0x00000000024E0000-0x0000000002547000-memory.dmp

Filesize
412KB

Download
memory/4876-1-0x00000000024E0000-0x0000000002547000-memory.dmp

Filesize
412KB

Download