9435c3d918d9baeab4373af62ae3554a7e49069a0cdc6aedad1780e346fba3ec

Analysis

max time kernel
77s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9435c3d918d9baeab4373af62ae3554a7e49069a0cdc6aedad1780e346fba3ec.exe
Size

1.3MB
MD5

2be9620604163b74270bdf4266149e35
SHA1

3fcdeb606184bcfe523e87c95a46c01ba9b26148
SHA256

9435c3d918d9baeab4373af62ae3554a7e49069a0cdc6aedad1780e346fba3ec
SHA512

120b3c3234ad67ae62fd62f6fb7512347c3fcb993d41911794cb3bc1fda430e8cdab298d186a538c25a2d829b6a76ce16518861fb9ac988cf8604091aa7e5030
SSDEEP

12288:FO9B+VWGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPh:FO9B8t/sBlDqgZQd6XKtiMJYiPU

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 15 IoCs

pid	Process
4436	alg.exe
2872	elevation_service.exe
2804	elevation_service.exe
2440	maintenanceservice.exe
2276	OSE.EXE
2936	DiagnosticsHub.StandardCollector.Service.exe
4092	fxssvc.exe
1644	msdtc.exe
4664	PerceptionSimulationService.exe
4936	perfhost.exe
1100	locator.exe
1604	SensorDataService.exe
2240	snmptrap.exe
540	spectrum.exe
2992	ssh-agent.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\5a315258726fd8b7.bin	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	9435c3d918d9baeab4373af62ae3554a7e49069a0cdc6aedad1780e346fba3ec.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_75437\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{3A7B460C-9B9D-48E3-A988-99F835A97944}\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1828	9435c3d918d9baeab4373af62ae3554a7e49069a0cdc6aedad1780e346fba3ec.exe
Token: SeDebugPrivilege	4436	alg.exe
Token: SeDebugPrivilege	4436	alg.exe
Token: SeDebugPrivilege	4436	alg.exe
Token: SeTakeOwnershipPrivilege	2872	elevation_service.exe
Token: SeAuditPrivilege	4092	fxssvc.exe

C:\Users\Admin\AppData\Local\Temp\9435c3d918d9baeab4373af62ae3554a7e49069a0cdc6aedad1780e346fba3ec.exe
"C:\Users\Admin\AppData\Local\Temp\9435c3d918d9baeab4373af62ae3554a7e49069a0cdc6aedad1780e346fba3ec.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1828

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4436

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2872

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2804

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2440

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2276

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:2936

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2184

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4092

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1644

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4664

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4936

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1604

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2240

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:436

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
PID:4916

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
PID:540

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1100

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
PID:4196

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
PID:3372

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2568

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:4156
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 916 920 928 8192 924 900
  2⤵
  PID:2752
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:332

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1548

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
142KB

MD5
f7add91baed6de96fbd7df8f06300832

SHA1
f0d8e4e0b12d2df91cb706cd24fa2659a03b5b87

SHA256
b53017efff472576ab772e9c6330b32038a8a77c84127f4f5933aec5d31608fe

SHA512
42884422c648bfdbed67c163a422098b2e1f5f961163ceba85a7261de91bfd8d174fd6429538ea8f34f85d58f8f275bd376b2cdadd571f089aae42df6363070a

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
271KB

MD5
e06bd1fc86d2e82aa75a32aec85ed086

SHA1
dc838c76bb598eae9613a5f8cc3e45c430595e53

SHA256
550ef129fb66c7ce6eae7eb1863f9ea0ecb431d95fc1306eeef7c2d1561a95de

SHA512
98d1a6ffbdc99b3bc15d9ed7560bb04f5d680293bd7f96a29ad1402202f076e221d2d3bf3a593f26544d3862048e653f7d6c28be45440eb468dacce49a306023

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
155KB

MD5
fbad285e4279e5a3aa40ddf1351132f2

SHA1
65b9460ebd1d013dd51e6dc11cf3edb1e3e13381

SHA256
4af72fb7b7b0645542b5d49c86da2a7bfbae78885c3ef88dfdbb190554bc178f

SHA512
176858134ed2d245de1c1653ad13feb86c48c01a4f1f251eb9e2bfe7d5a0c3cc721b2ba807d4db24e6d126294b9aecad76e120fb19aca8bcb3ba6734c4812260

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
391KB

MD5
e1e4ce6e934a111f3e4cd16e1ba622d4

SHA1
7e56fbb69ff4ac684312e36a2eadd4384d7a4c70

SHA256
9e911916710faea05831219fd7374c2a1f2632f46f2d6477b9706450622dafc5

SHA512
8fc4d66904ad888277c77b56fe426634733b209277fddfc6667714bac546d0243e587fe876a1f3d177f17184657b280a9e11afd074febbc5ec37c41d7abf2212

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
92KB

MD5
d6c3a468220b0e7288b5869282e027d2

SHA1
ce6ab01c06a6411c2ef6c592e12afde3a105594b

SHA256
3dd2daf668b7079f175f3122135bcba116a52b9c4c9b89f4881f3467913e46a3

SHA512
aceea19559b59c8e7ec023f5e016b373b29c846cddc764b7fde2004625cbc4d544f0d8d7070e5158889d174dfcc2a1c438a01eec907aa4457c75f6806daf8c7b

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
16KB

MD5
04a8cf61ff4b1cd4e52a6cec00495b69

SHA1
9c7d590ea9acd4055d0e941e8ff19d43398b7751

SHA256
30bd7fbd72b11f31556ab219aaa681850c1c9e3efdefef69a225be972c6fc30b

SHA512
66ec514f60d70d177ea3862df5b99bebb00c72aea9d66a1aee87de6ddf673f30ebed40c6d26ae4b864fe9c7c3fadd43b6d7b8a0fff83a1e4039c85056f5bfce9

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
116KB

MD5
1e8d5988f0bd61e63100e1151c6d6723

SHA1
683236ceba05f1e6452b39b3174e72849163aafa

SHA256
5c1c1233e8a0be19bb7ec25728a9675c46b45a46386354ef634d3c0b04002fe3

SHA512
1af273e139bbb4eed26898b5a59687b69bafcf216c2e4104b8beec93dd2141c25b5e3a8231cf2b7631b96e52a54b560a8b7f1f716ad1bf3dbd20840f609f1c01

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
74KB

MD5
5afccf03e93b3512c276477aed77d15e

SHA1
29f6de3173f8156dc21c50e8f030dcb406e6be2f

SHA256
68812d4f93755b90d0881f59b7947b78cf1248e05ff25ea83517c0e9186b759e

SHA512
27a621eb7ace3c1b85c10de1fffe54f8c503c11a6acf075596eb488ffffbe8b0c714196e8328eccfab03605b1124dc7b098b068e23dec6896f5b665b82e774f7

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
75KB

MD5
a1407f57682b159efc2435c82bcea100

SHA1
e705cc553bdcc5e9868c2973f1b4f48070791c1e

SHA256
0abc82eda1f4d37e51c3fdf78c3a514b9e78b20238dab31a4c7addbde7169954

SHA512
c0d3b4fdf2dc34646834c30a944291933782eb8059fd669bc859bdfc85b552c42c39151124809ea9697c7c75d8044092a5b81bbf8a8e4697403be729c4575878

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
81KB

MD5
ef8105726e18295235c2940d11cf8b95

SHA1
678ed404f31fe195b5dbe863078fef2b31bff5e6

SHA256
3e0baa03c4ddd1f9472082c21b1ce1dfb243a7357ff4ea5a7dd4281c9008bcd0

SHA512
af6a726de865aea5921c10c9bdcb92198c5c0ddbf473e5325d0687de5d83529a41eb68918f7655c5f27323c42080a9b2be89eb0719033ea1c40c3e2104fa6f51

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
42KB

MD5
d0321bb08b06f2d15f90ff8197da1730

SHA1
5cec5cbcdb31401608c843409391e103e0cb3d7c

SHA256
6c1745adae8c7804f924641d5d185fd90e1e6a16863c34c150d41b90b36615c4

SHA512
6b7b99221ec2556a557d739b618176b8546f5c84c067d26215f5113d3f1ff8ca604d39176bb65a878c6cbf0f622e7bcbdc82f440726011c0b102e53077b12587

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
219KB

MD5
3e283c5f68f5a349b5792c1f8a134d26

SHA1
34e83cae587b37c4efeb31c287cdef62e0d9f896

SHA256
69855534fd79787006998da75535e759d9134000e9967ff471471d8dae7a30a9

SHA512
af0b331103d9f5b3ca75d513b260d26de7a8443a967f562890cdea14be982bac2fcc77246879f2263366356919f601f6bbc74fad47dd712f32bd585f7eba288a

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
139KB

MD5
814afdab19fd26c51b973ddead91edb0

SHA1
7c63e7f45e58d7ebc50a5b3258225953611c987b

SHA256
63a10b453561f1775fc0bfd527bcf77392e38b2c581b4a7f18fbc0a7383598b6

SHA512
52805870235c5d401308356cdab72856ac8db312decde3ecad2fcfa1eaa1ba4889341dd357d3c7502baf5f4a9a4c111015efee040b9569c4d4278f12761aecea

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
103KB

MD5
5e4423f1313124a778ddd57e4e81ad17

SHA1
68decad8240b415c064c57a39b9a6cd1a4b0d171

SHA256
589c22ba260485cab72961ddf98bb832ecc9f54002501222039afbbd54cfa9f8

SHA512
30a778dd0f328291df932cc541732879ff0c483b09ec037adcd2cbb43cf5abc1b539b5d8427acbbdb5beb3fb05b515b623b5e61ef31e5fc1d3535249e9f53266

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
8KB

MD5
2a5213f98eb2d11fb9b3c6bb8ef71dde

SHA1
2a6f7a839bf6a8e4975f226ef81162af78d993ca

SHA256
04d9e11c00a4b16b629ae153f521d7420a35fd8a706fa2eaa09cd125a1e6477b

SHA512
3f3d04de81338e13fbba778ec4ddae763f305f01d0f8d4f0a5d678e35aa6dc8e3c9195d5903b47da1d3aedd2bd777ff5d000b4f674b995ec79c31ab206c69e3d

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
57KB

MD5
e4c5d51bad4a0393c48177b88341fc24

SHA1
cb7c92d41db91136566ddcd27ef67ee9b5df2460

SHA256
7fc4a69f06687f32919e3071719a328754816d03b0d30aab06a9a5d95280d9fe

SHA512
ff475133e12df66920673b11e426f0e8a5b44c2237db56f59171e0d6a770349acad3f7ef7d7b0622c326737f44c320781a302e12fb666e2c373b7c2355206a7b

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
81KB

MD5
2483f8069228c500636116842e52dfca

SHA1
d57bdfb7c095bd78be02a0dd39f015a6c727fc40

SHA256
50901ac83359d86ca8c31a16bdfc2df85a918bbdd69305ba80d35cd187f32fbc

SHA512
e9b84636cec97ff71b55237e668b54b7742b0b62c36192c3c1c1c2f0cffbece64b086009e4e199c69297749121ebe96f604fd3124120918ef4cb073bdf382638

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
62KB

MD5
8bcd7db2a51fa7bc5c73d1e4244096a3

SHA1
4805c2dd7e2e467e1019e698bd01e3819919f943

SHA256
2c10a363d3940711d69e6f3106ee934e34362ed1d760add728976d6b765fe120

SHA512
36a355d62f83191047c4a2e7cb00d6677f9c97001154575de7fbe579e4b35809136ce40bf2896358ac5a4f58d2cb79c7435ae37f2f2f53f0bd9562ca8b65d181

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
418KB

MD5
dd843b3a00a93d482acc265fb93f2355

SHA1
72248bf5c73b4f157084f2eb72a8573ff3439f7e

SHA256
7b03c8aa4a25fd73991bd65e96dfc3ec3dcdf2acb0bc8b3cac27ef74d040aa9d

SHA512
8041fd3031ddb990616642a834af6902c07f241d9e4d84be766f082eb29156a75b6698dfb364a87ecb37a18c1eb5a2cef8cc680976914299098fa5a0baf3ddda

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
56KB

MD5
0e3e1f10322801711b35b9a59e8e9471

SHA1
bf430b5cf74cb460e2ef6118fecc7c9a411fca91

SHA256
b13301c803d60df1270614aa6fa03a7e5ce1b262d961c844350b9a662990965a

SHA512
dce7bfcaf04f12e481e0e90f68277ee609da2cdcd8599d1cfc94ee455c104a45434f77ad6e6d5d8c3528501ece7f4694381aadc4c277b9de374f5b1bca2eb5b9

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
141KB

MD5
72b5040788c66be0cf146f80c28a0c06

SHA1
60fe02ae4f6fea65cd7a81a1aaf2dbdf022c8e3c

SHA256
4db40d0695c722f79e6713eb7903e5365ad1d2d2a453733767f3562ffa94e497

SHA512
ebfb7e804c954c95c2fd19c97a82ecc50a575b41e6b6dece5dd8f47f0df12ca3d9d0991a231e4ec19624915cdaba944d160539467d08670f69a324d30a70e5f5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
34KB

MD5
c0bed7e1fa8c29d313e0a69f405abeee

SHA1
3b5950efbb995ecfb3934e66bbf55bd34ac45447

SHA256
9aaa2433dc30d5dbdc7fba001cad88bbe481e69f7baae6fc762e0a85e5b7c8d1

SHA512
a9eccdc5fcc31f0a5922248bc5aaa207901a744723ee4b6b62fec3a11a1e3b345ea38c6452471d89aa5616bad7004d0449db8c5afdf40cec44425888f94694b9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
75KB

MD5
d1ab3d9deb2e02b9d80e4bb3fb704a26

SHA1
f613d3b5859f93484188412f0ffe9dc3ed2613b5

SHA256
7f1458dd1a20ffea3302474c3b2e14d6e7caa7c5844666881cf0453eb83419e9

SHA512
d3076e21c04c47980705d7a4da21f7924f7615ef036f47210d106ca8c454c555174463a857742d949a166002f77abb0b365f02be5f8d7b54c82ce4458e26b525

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
137KB

MD5
1f96d0fe98726082c7b86ffb06fed2c7

SHA1
5e3e6cd481c932de7c0ba9c6501de7a62fe01573

SHA256
6adb9670d93a3d53b069ad8133df48d4483176ba3a7b8d1a83ebafb475a766a1

SHA512
a785d91d17b609228b3f63c09f6f809cbde0ef3f1812c2f1e1c27f3287a999eeb8cc0f9323b827219bb785b3eaa614791b9b65e5deec0d6baba07471864b8ee7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
63KB

MD5
fbfa334570c75c1d64308be7ce88ecc6

SHA1
0b5c7fdca956c8543f38a658827106413dc800a9

SHA256
fa4a6ac86ecfbf2be08b2bd7d8b0a92df1d8d12397f2b410762d67ef238659de

SHA512
438cc3b96acbfe0e6c241d28658b60e8cda76c48c12ce1439422a1e9040e2a16d622f7c427a67aadd4919b8332a0d8fcb745439936218e1998722fb1ee2788d2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
128KB

MD5
922cb1b7cbc83fca28f20df93b3db16e

SHA1
abba32b65791442ad743908741e2c1a6746e0756

SHA256
ff63bd7ee2ab1c32b335f9480b24070940ae7f7919cbdf86997f5a90b272493f

SHA512
a3cc171091a335f04b479c30b0239e0d1da00047b4eb356ee1da50d18a427060ce1cbad24e2f308217227b38d00a2d2ab1492ef3a38c6857de742f6ef1196e41

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
35KB

MD5
3cddeafd918c4c1cd028735338c7f304

SHA1
7406ce264695eba344631b1892c58626c99a7ee1

SHA256
dba1afbb3307b4ef7f9c68635e6d077e4f3b7ce19ca0e463fa2c9e881037954a

SHA512
23b02dee52d662917822c14f6c40c49276fc57a583c49d961b2d22eb5cede81dbcfb94ba638f844629c381e4d46715ee3ff617f5ddf86f2778cff2e3b1a1de82

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
92KB

MD5
3b064bbf2fc7bbb3169a57e183ed9f82

SHA1
252c002691ee5f51d343bb12d60487137fc33086

SHA256
b2a830e5721bcaf109893b392e7cefae2c304edfbd9f54ac6f9cf7aef78091fb

SHA512
296e4e5c0a4565b783df5e25b4ae29b0c06a525eef64f48137690053d04a0942d9320bc0c4e922aeaf5d811891a0a4c9ec58d1667cffa5e383672362d1f76359

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
47KB

MD5
e7508541170facadfd6448bb4561acc3

SHA1
40fb2d95b53043c904712610a2858a69659ca580

SHA256
0ca2c4249f9533a2e863ef90bed7b21b36dce67f57f0b2e25bfd1b02c2ed9569

SHA512
917cfd9df057c638bf7c7d39c32abc03ecce9ff63ee75f702871a2dac59d12d46da4d3819b708cd1a5a3817e08726ad30bb923ba971ece06e805bd83af514ec5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
53KB

MD5
c1899600bb6a3d5bb7303e8ae6fc354c

SHA1
93a6f94b1ad4d3dde3a0a9fea77bed68fb55dd17

SHA256
41aec5b8d93e76796e82697a6f996695857d0dee235f452c72228821b9a0b635

SHA512
fd772f0a74da56ab1db317acad5f8b7844ee945bb672738a6acf8f6d20258f549da901ebe6298ab0c3c5840faf18548992939eb1ab9df50b664d438f5520c6a3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
105KB

MD5
2fd8c9b5cf0346baa44aa074bcb334f4

SHA1
3b4946d7a9ce597ef0d073e04c8b10e898362c0a

SHA256
00eadfad6210ea2b9f8bfdfb872eed75da19b0bee1de0195933d1f15283de1b1

SHA512
f6f741c45a0f2b6765dffb3eaca49815c3ffb121a6babbdf9b84d59396e4a6f11c6bdb3223f9036e9ab552f6293421f761a44860f8a5cf921fb00c3c804eca85

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
47KB

MD5
01e1f7b4838e79d033697454f0bc0e35

SHA1
0c55a79e776fb10897f3b7d3a5a0f8002e4bcfb7

SHA256
22e08e7f9adbbb981db1b5466749c6dd3ddbc61415e74ef555a4006d3d2eea6c

SHA512
ba079bc26990bc444050a4d68ab7ad1c040abfcd6b741dbad46d25d63d5efe6c8632205b7ab7a67481e849625bfe9f97ed6bdb8be0064f77ae4f8ec95f313775

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
80KB

MD5
31449f10c03636b496d27af831279c06

SHA1
0e8770f17d47d0e218877cc15403f5f65f2716b2

SHA256
3ad0c4d956f3f1330c3c6194cc6a6b4c4278e524ac6bf92fd8b9dcbc1c6987b7

SHA512
ed86549a73e42a5aad2e0d827abacf8d4a6ab098e76b254a951bcdd2ea3fa7d4abea8fa8e0849822f254be6f9ef880264475a5338369c8cca9278e75be478468

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
92KB

MD5
d899adf16374443ea18862e5cf40c3f6

SHA1
ce6a8f2426ecb86ccea3c3728da4706cae8cb33c

SHA256
1e27b233cbb7778376c28c5f6d73a838227835ebcc47704a4869a62097acf335

SHA512
4c25727815f03d3c25e1a476efef65477f8a1a0708ad9e18118dc71b29286bd39d2015a4e937e801102d509afdef5794f5cbe691c07c5704f4b4a7d970f0a730

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
80KB

MD5
71ec0f2bd9850fa1443c68c54f48c292

SHA1
cc4549baabb978402c28c9e8131e46ae47e5dccb

SHA256
3fb435b646195edcd927c458f01b6af85dad04db8400f7c1097cddd4f919c8b9

SHA512
e11786f7500784b3ce9fa18947c9fd6bc9b9c5b3d8d90baaed7e39d0b5b657897fe6fb2533c8e36db0b6cb1d05184b8ac01599bf9ac8b6f507866f148910d67d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
118KB

MD5
51ff11bcc5ebb7a8f4ee16377ace6ce7

SHA1
cbfb3793888354b0159a428fe2e7359f130ad4a7

SHA256
7a87b73f44514aa6d335e0ad3cce0bab3668f08dd504be602e437390e101616b

SHA512
ce46aff6533d4b076d49a37cd243a5ab7d697951e601c9aaa8baeffca3e214d126b50b04bcc966a9626e71448ed11780dd83de31c58dd76dc3378ad8c69b0a53

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
74KB

MD5
eeca2addfda2dbc97f43f7deabd5d6f8

SHA1
bf0f573ded35672b04d777a1dcea883a9abdf451

SHA256
9886a020d50414c8732f0fa80346d822dfe7d46095cf7c2c62aadf7f8fbc4982

SHA512
5e66ca1deb7e46bab0bd97196528e512d287b868db6f2edd798360ad686a7c796c3505fb6b82b94aeac1e38ac3007cc870ca73d33212d3c39e3289aa94a1285f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
148KB

MD5
dac1a16a6de16c803eaf496afefb705e

SHA1
e96aea6552cf7376377c4fa76f9d3ab56913e335

SHA256
83f94e5e8a4224162dcf1495b3f4f7cdd103cf17af73bfb2dbb02e7b16736eff

SHA512
0108d9fcc0597d14202bd4877e9edc4a5a52e92d8f17d1b95513cd25bf3bbcfa3f623e7a1c57159a391884b4a53d6bbb08a67bf7302ee8c155d02e532e4e9668

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
96KB

MD5
8e05df95c93260c8357488db7c42d2f0

SHA1
41e85a7bbdbbe71c6bfe44fb7894bdd434723b4a

SHA256
0d9c4951c6c5f1b32c49bb9c13e8314b4b3c6faa1a4121dfa4caf9c7456cd59f

SHA512
eac00b7b9923a1982fc11f376f8d9d5767c63834a39817e84f2f5acd8ff7bfee439a67e084fa992f6ca12fafc0554b0df47571d881f57d98432af2fe73c250d1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
83KB

MD5
3c151f5d70d4bc6645b4b2eb18f993c7

SHA1
9bfcc39b9f17c780be7b1714134974269687cb6b

SHA256
df6f5dc3d3cdcf21e6201ef635b0bd7e54e059e140e843af3a5d7aa394ea1ae1

SHA512
a5f11d078fb37fc97e301f46f528104e63c953cb0b92d992da700fcf708b053890c9f9a3dd221c9cbd01899ac1cd4785e36ab7912a8cbb05d3fee0869f003a2d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
42KB

MD5
17b8ae095b36c3283f59c80666282ba4

SHA1
bdd04ca75ace965dd811866f525cf3f215a1a0d1

SHA256
357e6a03debf508b15829df60650173402bb4a36af32b1dbf901f1f75e74cb79

SHA512
78b061d13e12deaedf203bb86fae448c04d924a24c2fcc03e411f17ff9025ba9e8bd4ba2da5ff3bb49e77b0d9dca3a2d47166f9c13af1546177b35a992e4b569

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
146KB

MD5
4011f01a96981a213420da22c031327f

SHA1
5cfe3c430ce487635a4175dbf0d81767c1e41e52

SHA256
1857982b8c925dca19c85c97acb6f2ddfeadb8f82548995aa9499dca163c26f5

SHA512
338b1b8c8edbebd1b1b7da7c42dbed74a6ec10b2767240f8ee2958687dc1f4e1131223864ae0bff8909cd2a54410e956330302ed7c6dfc17509567a2ee0f6cc1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
57KB

MD5
5e08612327556bffe1f3eb69659d8066

SHA1
9a7f9d05502d9f2c9fa5a41159b571f9c616fa58

SHA256
8461fb41b8975d479ae32c136b838ecd247a7cf36060dfaf4beaa2ecc3fe3140

SHA512
5f06ebcece170ae03ed83892aa76b508144a44beabb4747d0939b72b00f2d2389b64255403ff2363c56752d9952e56db047ea96d6433ff4e15187da7a4d1c27a

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
73KB

MD5
b34bceb2eed3314fcd446e5fb6a2ebf9

SHA1
9b03cd2a92f2237aadb4fe4a2a1a4ee108c6f09b

SHA256
18c9afd16f41db8c9d4e45c3ac44d86dcbccfb99ea583efe87cca477ab47b4bd

SHA512
9238c03abdad2f5d59eead1937c8624676bf6f3975c15ed2327b3f895192e8f58efe45efeb8719f2c43e59f9a5c4440bf99d0a1f93c6329b0fee73b9af374ce7

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
554KB

MD5
cc79323090df5a07011550f23c07b1e2

SHA1
6f57cee0ce2265357bb4b31b12c3057e7dc158da

SHA256
f18884e2950e030ccfa0001a864170f942a411236f18a8c47f21a98e85ce87de

SHA512
0e4703cb3e9b557225b5b4fa975c3e3f7060f0cbd8de8eba5172ce7623ac9e6a7134f952f15ce6f5e0f9a7da37e52368b82939b6a6922765ca653ed1724fc9ee

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
127KB

MD5
6f2667445cfda12d41ab5bd441d0ff0b

SHA1
95a28af250a65660aade2d2426f7cfd110096665

SHA256
959a313c5fd3d3a8dd5f10694991d9a4e1cbf2e22b5322b3444cc3235827526f

SHA512
01dd450546623ed8c16a8f0aa45ed2604efbfbac3f5872615982fd512ef763eb0165eb599c00f0ff033151eb4bf80ed73400faaac167d89b112e18c5c4d6be88

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
715KB

MD5
377d051ebd8f266f35bb103c3f8028c0

SHA1
2cc046164b71465249dc42181a1ebb0c84505f24

SHA256
dc7c3b29280bbdc41a6bb473a2328292e6f0a88d898b3e2733b45490a41d0db0

SHA512
f83ee2edc96067f18a2c0f882fa839f0d8adb8f75d0260e4e0ad1bd1f3432a06f4399379bfbf55e756c5108c44af649f82749fd0297ae1a45cc414afb4b83ede

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
445KB

MD5
fbecf28d0ef9af1968f66dbb18ebd2fc

SHA1
f96630d3e96dc326419d989ae4f7c3fdd159f72a

SHA256
1390009fa6efa544430838c4d2649a830e3196b7b31c0f8db5dbb417078b0488

SHA512
ddeb59ce0f893686e29477538c30570cadd0e3617450ab88c7959ac8bc608b652ddec9d4bd25a303cd1cec29ecceeed47484893052beddc1a48aed9a4ea6a670

Download Submit
C:\Windows\System32\Locator.exe

Filesize
650KB

MD5
5c6b2c9ccfebcfa31745214691627153

SHA1
27c6bb9ec43fa4402b3ba6b7aa2533d582165cff

SHA256
62002a1fe5a6e486709acb247a9ac7406fdbfc7b40a5f672ae6322f97ad246c4

SHA512
239e9843a75bf20d5df5942466c273d024928c20e27f96a01c2594f3c192fa63827a98721ebbb37f598d9ea9ba33c490fc672b9da77546722d47b160b26736c1

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
251KB

MD5
f7f583a5d8888fbc54b2f241cf5e3326

SHA1
6e2476a867a5247f70b88add08b8c67d18bba66f

SHA256
cd1d96a652cd539b827399e7f335870bf545b0f39983b4f981050a8a4cab1082

SHA512
f05ca3439356399305bfd8171838ea228adbde38b84ce648a2c0f8fc2653526fe664b7712f1cb59688a58c43580b8dc22d12c152789e2fa9321a9e3c7a0ed27f

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
358KB

MD5
5d9e8745a1a48e1d3e7bb444d19ca65c

SHA1
5a0c769a68b7bdbe3c698e7b8e43444dd4a6ff01

SHA256
728fc574cee10c0c7d4304aa8a59f6fcd92e41277ca15552df697065d2b75601

SHA512
490e7869f72b3a1acac944ed574489c29ccbabc96eb1d5b0d3e1ae01b5ade6d936d98c242c956becedd99752c911f580be5cafa93b4e0086c218cd84af45251c

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
118KB

MD5
2d26b97b31ccc81299b9cb830de6dcfe

SHA1
62127d1e57751f2b229902d00173bf045b9c0600

SHA256
592bc44240cfc3b34ffa8d209301953b9a073b7037dbfa7e34992c5eb6a0a299

SHA512
e9e3eefe502697f2f042d6b84034c37f5fb06411aadcb44a289296d2d714b895ced8c58d13aeedff73965013ec652b5c059ce717e777efae9f3b4790d77a4306

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
141KB

MD5
c00fd78505c61589b473d40ec99a841d

SHA1
9f7167ce5ca291515841846469563e98ccaece4b

SHA256
fbc868a6f66ae445641fb4c081b967f5e3a67f6b544ab68bd8e262e84ea785fc

SHA512
e4dd87cf088419a1f82d1efab5362422c50fd3bbf3e63c1fa00f839c2e18378db1f93f1be4c19f12aeed2d9196a39b1600ef733c0aea2a494520dc21ec1bca00

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
85KB

MD5
18cd799d4d7acaf631cde73ae83cbce6

SHA1
9bf17120d7623c7b91c43b6774c2c64cca97776e

SHA256
765dd18b2bd0e27623a78c7f143b3ff7794404c6ad676300df341f5a8bcb95d1

SHA512
bf69141dae404323f722c434ae2f6583d682b9a1c92cdacfce7411e637d914749ddcef55e7d8fe5400d60cf0a11a67121ba2d67329471782b09d0eb591ca2771

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
285KB

MD5
273cc46721adbc35e95e8fc3c5c153b9

SHA1
a0020ab0f5ed90e7fa61b26f22e32637bbb573f9

SHA256
659cf9baa8e45010f46cff797dd55d04a4bd44b7fec377f7dec4324654c3131c

SHA512
5b2f49288a42d50c660b893b461969a10c1ecca667a68667a6770791251f1e599a6dbd06aaf3801e1e4f4d006318f6a2555b7479178d3bc8ce6c8968cc4016d8

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
315KB

MD5
bd7fdea3de69322fe6023e4d0ca462bf

SHA1
7ad3ee642e50c9b6be84530f3b7e9e31f8c265b2

SHA256
4a4033fe523c4b4b10a5246788feae3a370e88165b62d6d6197ca49649a108c6

SHA512
87f02609a68c20c925bcc986d798324c344b2ab273fc119551472fdc991089983d436132797199cc2a6d44ccf027a83c82aa915e4ba9842cf5ba317615755971

Download Submit
C:\Windows\System32\alg.exe

Filesize
487KB

MD5
651bd97e452bde0fde46104760618f66

SHA1
1217e15fe3928ab40e0e2481813a9de4655c8259

SHA256
b1432c9995a627b2d90fd57d10a3967acf225a375c1f45a588d6c91add9d75ce

SHA512
8836df3651f20be4d52d791496f539a0794d29be73ccce2ecc024f0e69b5a2ea5e52cc7f8601560a91d2dbab52b2b949feb8a4b9590b692e36e9b33b50a15617

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
160KB

MD5
1307d843d4ac187bc400f5315fc4c754

SHA1
6b530bc160b46d74f732f8a8a2fcde489b4627e3

SHA256
191b533e5644e67c797a4c9d98758a31b0bc09ce0b6a3dea9ab7ec67abe6b22e

SHA512
c162d8ffe7161032de2dd9151b6b2934fe4ce5d65e25e1a5cf01bf5c58e216ef4b48deaa7979064c3a11f2383499694ca40f87d3196811eda62442f38ed2dee0

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
294KB

MD5
19beff17e19db49ec005d518f350bc76

SHA1
9b07d00dbfacf101697b1bcdfefaae8a28c270b0

SHA256
f845e8f4ad15295678d1a0e29de346c64dc168fe948108a6b91942ec355b4aff

SHA512
efbecdd418c0ab572442cc1462aa781a9d22b487e8122fdcf892cafe8242bb88b1427c08ded56d52189bba2b6b7554bed6dd96de552cc48708f8dc438b8d4b07

Download Submit
C:\Windows\System32\vds.exe

Filesize
105KB

MD5
2db8b72989eaed972106c8d62d1e95f1

SHA1
75a6a8a5bfab44042e29a49f8053b235b8584beb

SHA256
d8583bc07dcb257b548995a4b8616f41cd697352cb275e9fac133c01efd5a3fd

SHA512
a083b590f92d066e5ff04928a21b4225337fe84929e03dc6b88613b9df4617db7690586df73329022a425db59cb9cf3f9a2f1cad6459ef98bfa9d57f5f6448ba

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
138KB

MD5
0bd2a2b6a03e6ee7ea0b912c43d4047a

SHA1
d44ded040fd867ebfbdf8a454344406f9cbedcfb

SHA256
6dfc2adf742334f7888df7fa44eecefcde6ea84a8dff3cf5611f61634599eb55

SHA512
377c1da7acef8f6e73eadcc14d8c5f4ef7d028c2ca32561a785f12000421c1aad9813513314debf690949648d7b0141ecab485b6b096ec9a1471a7e20b2ddf9e

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
130KB

MD5
aa7b09b4946caa26654868219ab2dedf

SHA1
eae6c73ed60bd6f087bc7c458457879aba0cbc44

SHA256
5aa2ffde8442b9a0848ccb5329d13466d05af12c97cfecb7070e6a91c7fb5c7e

SHA512
996fe9aca53ab548a4776761e6621ef252fa3e3af0561b6caf6bd597290cfa1cc09bbb333d3163a05eacdaad96923eafa019254644feafe159b7bc397687b0c4

Download Submit
C:\odt\office2016setup.exe

Filesize
179KB

MD5
6ff0afe6d212ab1c8dd58a5c40da4407

SHA1
9d7e8864f9998cf04b51c544f93b5aa69f1a0e85

SHA256
50eb07cc3c976ea784ff0110be745a5f5b48ddc7125db9184f3df82020f66978

SHA512
83771e5bd74dfaba846e52d95d8f2ff32106ef6246549383ef48f1ffd002f37ab71befc8cfbdcf7640896ed731c494a512f2963dc5b1bd798f7aec0dc2061650

Download Submit
memory/540-417-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/540-350-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/540-358-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/1100-319-0x0000000000790000-0x00000000007F0000-memory.dmp

Filesize
384KB

Download
memory/1100-376-0x0000000140000000-0x000000014013B000-memory.dmp

Filesize
1.2MB

Download
memory/1100-311-0x0000000140000000-0x000000014013B000-memory.dmp

Filesize
1.2MB

Download
memory/1548-418-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1548-427-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/1604-326-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1604-388-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1604-331-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/1644-335-0x0000000140000000-0x000000014015F000-memory.dmp

Filesize
1.4MB

Download
memory/1644-270-0x0000000140000000-0x000000014015F000-memory.dmp

Filesize
1.4MB

Download
memory/1644-279-0x0000000000CF0000-0x0000000000D50000-memory.dmp

Filesize
384KB

Download
memory/1680-401-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/1680-391-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1680-402-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1828-7-0x00000000023D0000-0x0000000002437000-memory.dmp

Filesize
412KB

Download
memory/1828-0-0x0000000000400000-0x000000000055B000-memory.dmp

Filesize
1.4MB

Download
memory/1828-18-0x0000000000400000-0x000000000055B000-memory.dmp

Filesize
1.4MB

Download
memory/1828-1-0x00000000023D0000-0x0000000002437000-memory.dmp

Filesize
412KB

Download
memory/1828-6-0x00000000023D0000-0x0000000002437000-memory.dmp

Filesize
412KB

Download
memory/2240-345-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/2240-338-0x0000000140000000-0x000000014013C000-memory.dmp

Filesize
1.2MB

Download
memory/2240-404-0x0000000140000000-0x000000014013C000-memory.dmp

Filesize
1.2MB

Download
memory/2276-237-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/2276-63-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/2276-65-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/2276-71-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/2440-59-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2440-51-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/2440-49-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2440-56-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2440-64-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/2568-453-0x0000000000790000-0x00000000007F0000-memory.dmp

Filesize
384KB

Download
memory/2568-446-0x0000000140000000-0x000000014016C000-memory.dmp

Filesize
1.4MB

Download
memory/2752-561-0x000001DA50CE0000-0x000001DA50CF0000-memory.dmp

Filesize
64KB

Download
memory/2752-553-0x000001DA50CB0000-0x000001DA50CC0000-memory.dmp

Filesize
64KB

Download
memory/2752-552-0x000001DA50B90000-0x000001DA50BA0000-memory.dmp

Filesize
64KB

Download
memory/2752-554-0x000001DA50CC0000-0x000001DA50CC1000-memory.dmp

Filesize
4KB

Download
memory/2804-234-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2804-39-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2804-38-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2804-45-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2872-233-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2872-28-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2872-27-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/2872-34-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/2936-242-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/2936-243-0x0000000140000000-0x000000014014F000-memory.dmp

Filesize
1.3MB

Download
memory/2936-249-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/2936-309-0x0000000140000000-0x000000014014F000-memory.dmp

Filesize
1.3MB

Download
memory/2992-430-0x0000000140000000-0x00000001401A8000-memory.dmp

Filesize
1.7MB

Download
memory/2992-365-0x0000000140000000-0x00000001401A8000-memory.dmp

Filesize
1.7MB

Download
memory/2992-372-0x0000000000910000-0x0000000000970000-memory.dmp

Filesize
384KB

Download
memory/3372-432-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/3372-439-0x0000000000C50000-0x0000000000CB0000-memory.dmp

Filesize
384KB

Download
memory/4092-254-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4092-253-0x0000000000E80000-0x0000000000EE0000-memory.dmp

Filesize
384KB

Download
memory/4092-268-0x0000000000E80000-0x0000000000EE0000-memory.dmp

Filesize
384KB

Download
memory/4092-267-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4092-263-0x0000000000E80000-0x0000000000EE0000-memory.dmp

Filesize
384KB

Download
memory/4156-458-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4156-466-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/4196-414-0x0000000000C50000-0x0000000000CB0000-memory.dmp

Filesize
384KB

Download
memory/4196-406-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4196-551-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4436-22-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/4436-229-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/4436-15-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/4436-13-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/4664-348-0x0000000140000000-0x0000000140151000-memory.dmp

Filesize
1.3MB

Download
memory/4664-286-0x0000000140000000-0x0000000140151000-memory.dmp

Filesize
1.3MB

Download
memory/4664-295-0x0000000000C40000-0x0000000000CA0000-memory.dmp

Filesize
384KB

Download
memory/4916-378-0x0000000140000000-0x0000000140188000-memory.dmp

Filesize
1.5MB

Download
memory/4916-385-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/4916-443-0x0000000140000000-0x0000000140188000-memory.dmp

Filesize
1.5MB

Download
memory/4936-306-0x0000000000820000-0x0000000000887000-memory.dmp

Filesize
412KB

Download
memory/4936-362-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/4936-298-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download