7b1bbf9c5e511cf8b98e2368ed1236d293dc78caf1c466e240198813c3840541

Analysis

max time kernel
77s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b1bbf9c5e511cf8b98e2368ed1236d293dc78caf1c466e240198813c3840541.exe
Size

706KB
MD5

a5ce9488bcdc2f3104f3fbe577e45d47
SHA1

2a74176401ce52d9d989de666e9f5860d7253f6f
SHA256

7b1bbf9c5e511cf8b98e2368ed1236d293dc78caf1c466e240198813c3840541
SHA512

544e71e41822012638ccd1ae0fed78ebc596ea56d9a27ffafe3543b633ae723bb50e2c8436f4b4d5bcb9e09d33379d75e06c5fd34d37edbbd853d6343d8c62b1
SSDEEP

12288:ZoiB+tzwdDJ1KyU9yRsFglG3M/BdDCRohP5JUkT9STXFXlgDlGrcpxhTEt:ZoiB3J1h7sgAMKSW49STXFXSxhTE

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 14 IoCs

pid	Process
2292	alg.exe
4060	elevation_service.exe
4520	elevation_service.exe
2660	maintenanceservice.exe
2304	OSE.EXE
4624	DiagnosticsHub.StandardCollector.Service.exe
1152	fxssvc.exe
1624	msdtc.exe
4376	PerceptionSimulationService.exe
3268	perfhost.exe
6076	locator.exe
5544	SensorDataService.exe
5268	snmptrap.exe
2600	spectrum.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\b777823e8ed1090.bin	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	7b1bbf9c5e511cf8b98e2368ed1236d293dc78caf1c466e240198813c3840541.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
676	Process not Found
676	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3432	7b1bbf9c5e511cf8b98e2368ed1236d293dc78caf1c466e240198813c3840541.exe
Token: SeDebugPrivilege	2292	alg.exe
Token: SeDebugPrivilege	2292	alg.exe
Token: SeDebugPrivilege	2292	alg.exe
Token: SeTakeOwnershipPrivilege	4060	elevation_service.exe
Token: SeAuditPrivilege	1152	fxssvc.exe

C:\Users\Admin\AppData\Local\Temp\7b1bbf9c5e511cf8b98e2368ed1236d293dc78caf1c466e240198813c3840541.exe
"C:\Users\Admin\AppData\Local\Temp\7b1bbf9c5e511cf8b98e2368ed1236d293dc78caf1c466e240198813c3840541.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3432

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2292

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4520

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2304

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2660

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1152

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1624

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:6076

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:5544

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:5268

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:1592

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
PID:6032

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:2984
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:5668
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  PID:5760

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5736

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4436

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
PID:4976

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
PID:5076

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
PID:2924

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
PID:4524

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
PID:2600

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3268

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4376

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1660

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
324KB

MD5
e21b7967a9fc8d324b89a67e6a94d3dd

SHA1
16e4bef0522a389ae569cf563329d6c2d289e3bf

SHA256
8056bbe4a7632540a50cfff6fedf7d659d650b856f0bd02eafb0f63ab9dbebd1

SHA512
9be0b99dd6bd669957d545191d3f167db83f01535614c8cc9b6e6153055a219e52906a18b6a31cbe2cec39c68cf14faa8a2c536f6b9a5cc1df44a0f4f2226a3a

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
240KB

MD5
93e0278bc0d9cb3c813634d8861568b1

SHA1
9fa49cf02875693c2110a495109fc69ede1327ed

SHA256
4b1cd72e6a213cc865de8ca409216f8d936cdc98912e720e1892439a412dd320

SHA512
afb994bb4680e8f4d6ade3bd45c1982e083de9dbb8bcc4417be27982136d496e980f679e5d1e4dbea6122fa6084dffe09938663a8b10b6ce41457f0995b2a85f

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
190KB

MD5
d794ea3d562d05f303c4d16758e8296b

SHA1
a1cd2e543c0572c3731307c2d879536534a0f785

SHA256
92591e7020900455e9238d93ef44c1fa5a3bd18adc2955f0f4d6fffa4590cbc0

SHA512
01127bb9be64d4adef05a49f384973bc8fd94cac9d2560dff630a3e7a0bc36286bbf13028189e60e2a429230c890f197c9d7cf467fb865424a914903f92405ea

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
53KB

MD5
a383c6842a405382a43513c6f349549a

SHA1
2c9360a25593efa7b020411a78e10f566384fdc8

SHA256
6a0833cb5fd01c5597451f6a13695c4c1e6a4e3425f863a391f2a308dc548ac3

SHA512
ac959c3fa4f1bc9c0b45ba8eb07c0c5044a2315d2d0ecb9464d8ad3934543b5f48a6900b8b2ad1f911f6c8c7eb245874fa1d08a4772cd20a85e5c25235b6e9db

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
96KB

MD5
cef3cb09f1a36c3f1102050cc9733bf7

SHA1
3d5d7a02d29e4478a9a7f245c8154c25bf4daaa5

SHA256
81e3da5caf5c974120399cf4bfa5a5ebbcad146f3cecac9535b45e4568180c73

SHA512
4470bd07690d96d23a09eef28b369f3ad6bb2882de6ff38aa611ac5268d47554b9b47f400a235b297c4c6338cbc7f5272eca73cf4fb396a99b6889d583393b48

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
89KB

MD5
58cf7e1454aebb46a95f4cee169e02e3

SHA1
2026701b8becdca5431154cc573395a40c31e473

SHA256
c1c6f9832c7a5dc6762b15bb9366169939db559829e469bd88c1105d7ce778d0

SHA512
6cdf42638be63e8ed18f7656977041e0c1a1f0f673ec6f49fb7b535537c8a2eea1948b9256db60ae801d4f85b56e61cd6523fa4583061e801067c581f28d6299

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
56KB

MD5
e84adaa18af865708413a4aa3a1aa73a

SHA1
8d1f9b511a3370636055ed664ff7434b00f80404

SHA256
16606936a27ff8511e9169e104ed3f09fa8aa01640a89d49b6e2fcbfba97da06

SHA512
a879ef3ca21d621bd4d133f82d0bd7bc19b855c39dd305459227e8fc595a48d0d742fe205a68bc1937cb2b53d70b4053a7f94a3be8760915c82b38cf43ad24d5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
92KB

MD5
1ca5999f1a503c72c23bb71a4a0d6660

SHA1
c956bfe5d7f4ff8e84549527193af4ebebfa99a3

SHA256
0711ac09c65853ffd33fe6986f75538d087a3ee9f76031c8c26b599bc2fcfa71

SHA512
c0cf447a36969275c07d551bc0a1aac3767e88c3ab5bf08bba6fcb94dab8d70ad57a46fb7ad6e63d7e882b644ebef739329d77b48ad09feb818be257ede97dfa

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
63KB

MD5
36cadcfa2687ae7eebb88c1c70ab711c

SHA1
bed3aac7ecba914690d935277421dedf02667af6

SHA256
2e471d99be2c729bcc242f5cd1f6abbbc7eb122f6b142d97168dd7251d69670f

SHA512
79d4cf4fb69c7245e65ba0fb09a6b03b7a73889fd5ddb347c157dc9cd3921afd054a3ff5a23b23ff238c36b03f16f08bfcd82ff795fa34a0d31bd1a28e8c2b6c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
68KB

MD5
dfb94a09fe3c8167340a00bc8c7824bb

SHA1
9bcc45a967c916764f2eaa5e27bc1943cf5b3c14

SHA256
35b0b00daa8ad9ca2abebe75d50646197dfde93f634aeeb396650fbf6053f7ec

SHA512
6c35375b16bd837f7a81a67cead9e5366ebaef839cf5a8ec278282cb0914eecb0c339f21ee7840fcab82f40f54f541435fc1ad346a75489507cd4ce5b0da8aab

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
127KB

MD5
8e42d17e43fd1855cceb630b27aec43b

SHA1
30db5b4a6626d045db5633eabd3856cf5108afa0

SHA256
0d08d3a65dc1320ba9dcecd8ce20d21212cbd12e20cd5bcd382f022c3f4654f8

SHA512
a1438006da14e8d2f4d7265a38fb7427fab92e9272fab420a8f39d681fe7da3c774ffff3d1c4404b3fdab693ec768c2aca379227e012bca938c15c239166492d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
101KB

MD5
cefa7b8e7d8f16cb30cde0891c7144ec

SHA1
a7d15f360986d956e0064853312e265f28cf813e

SHA256
143b096304a0c3ccd2c9169c979669801d9ef2cf7c1e417356e2de5b28916e4d

SHA512
49238a10106c1dc2ec9dbc677e7a85930b4bef3bbf2ddfcfb9cf491945bb828fa6b838674bfe3661f140631a23382670f1e2062c9b06ba6a766d70ab5078b8b8

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
75KB

MD5
efa6226cf0dc3ba57a60cf17e94f0d6a

SHA1
c62e5c6b9f7104dec64dc2005b61f62098d523cb

SHA256
28bdeb2ea4e6b83a245b1b593ab012a7c9163d5a379988dd225b3c822566166e

SHA512
b1397c55db48eb026a5765bf1f37be6b0f5551a5709342f68a028a9ba3e651c17d6f28229a994265db0f11e8ad0146a7fda608008ea4f1ef30d6ed742288a4dd

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
105KB

MD5
eb34cc8201be5d9bca32fb52e108f58f

SHA1
ee3d2c657446f1c6399c241bf6877288325705f7

SHA256
9ac6791604f974043cf896b9f79b1c48c17381cf6a362a950fd6599f03e4d919

SHA512
94f11a6668323fd6cf35c6d67f4b17864457cbe3e0a63281749587b0dcc8dfe90f658c0b51bbf7a6d53759558d042d7ebbad3ca49f0fbb6230bf3a5a7baebfaf

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
149KB

MD5
c219c1d6a99bc41dc6be8687f4bbb7ff

SHA1
882065ed4bd492aa64b5f5359a73d82f69286f66

SHA256
982c9ab95af6eb412df5afedf240a0496af5e50f61c05b53ab40db3239e5b7c0

SHA512
f5cb76e53f382eba70c430c826154fa2a7aeec5a6b8f19d5feb5449ddfcbc760a4b531841892560d063b54dc257f4a0ceead2d24ac1d451e5a81c436d042d58b

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
43KB

MD5
7169e94bd37e80f71a28ac2aa817befa

SHA1
37262760dc317ba3cd1b19c7763c9d76ef2d8787

SHA256
76bdb7681e4b67ed4197116cfd3d86133ddab63d4c28773658aa0996147b1d9b

SHA512
9b9104375c3de6970ce1963a06f972b3a507225777abe073d007b00a3cffcc748dd8faf486bd3809b0a90be637b4acec3cecfcd02483a2c1b63a18f30928a7f9

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
33KB

MD5
e6c53dea358aa04c0ce80977b4178eae

SHA1
d6ae4e2f0b2a1a4fd627ff97e8a33ed0ce4b55ad

SHA256
b240cd2cc2edcf465b127d52c0c925b483e7da016f3f57c890fad3016bd092b8

SHA512
4f40b277dcbf34bc34de75dc79df74bd73bbd48cb3445e828eb5678bf2aaad993fdc15689f0f94935a83f39125943a36f44e6b18cadecefe5169b0ae2bfeefee

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
22KB

MD5
16cedc3191709f605de59964b58c1b4d

SHA1
b0636037232f01dc3c6f89dabc9df71f44b4f834

SHA256
e7aacccbc82c1e646011f5678c11da9364af3adda69f3daef3e0103eb7eacb49

SHA512
b9502e19c72d702deac72f6e770256f04ded87728e260435d8ede3436868b9122c603d8799c3893b8dc6a7c44b99fc9f5b3148962ca14364d9b1cd54015724ee

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
270KB

MD5
2218c7f9e8f1a5e954a7ec9fc72623a3

SHA1
9c2c3d48ec8ce219bcb9162cbdc22e3bef219b1f

SHA256
953ffc6717c8e79a2ff23260082dab59c65563c6dbce7cacba150cc114c5f80f

SHA512
267df08ce5199be0b315fe78128c95896c7e81b8297c6b49b94a41dc7ec73a471fc9bc52197baa27ea3b8aaa0d98336cbfc2af583f6beae78a5a008d2ae77210

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
33KB

MD5
f238d154ad991b83a5f82ab7a3be2dfb

SHA1
84d712b67b6f84cad0a61c4005bdf9f14243e8ca

SHA256
79f5ff61cf0b048e757c64c5d74cca6e01acd889070b4e0c10c1cdeea03da547

SHA512
85bc67f4b56ecdd98cfec593f7f568eae11ea9988e8dade488f833724c751177faae5c97d727bae944f5c89042d00a2ce87d293937427b4539898cc469cf47d2

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
125KB

MD5
7ffb1851b63acf81fc2f37e524c9e5f0

SHA1
7ff1975660056de5868d19d235c1499640db5b0d

SHA256
3eb3d48124a38c67b7ed769cb26ca37b550a98b814638ed7cd01600704cb95df

SHA512
f056f3b9b78666e4095df5f9f0e860d2e2e435f43d76e3408357b8f07a59c99e70d4b2e81b08301d6e8488808fdf8474d48cbe01327e2b6b461dea90837dd6c3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
96KB

MD5
9b98089aaa1cc85f06015cccc01ba518

SHA1
6e3bd040e1899baaa71768fedeb6989308565acd

SHA256
a57fc38afa210d3c95e32e8d6c6fbf45a8765498705b97d116d5e39f950282d9

SHA512
1d0a3ac1ed0daf3374d1b72278adeba94b1e98d5ba242370db5fb6bd64c267e5a3480b7b975242a48d8f0c55ad0dd448493918b00db9dca87e951bcdb91d5524

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
5KB

MD5
f59d58ed072ba89162b0b1d4d4b849df

SHA1
e1efd4b816e7dd42bc041c4b3e6caba30338cc24

SHA256
a0674ba112c1633913637788bfc601e6df39ea8d203303b6253dc5a03a15fb52

SHA512
6e2c6e3e7fde98ba232a30c9a1d2ec24e177ce72f9df37f7ac4a6ba31fedbe95da2e26b34a818778cfc10169b0fb9a8f5740bcf890cd4535b88c6f4f3442515b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
174KB

MD5
a98d6e1a8d70652b16122c4ad872df5a

SHA1
62e201f4df56c835555df82c2f9701e98260111f

SHA256
da6dddf73968468b9fabd2c21823e330c26f18facc9a79372d27e63a5f275ebd

SHA512
7d4b6fa39c69e3cf4a1c0ba3bce5d47ba0ed4491f6cc2fba8a75c871c9683f42dfd1d10b7ba09b544373f0254d68abe52ff71277f3302b2bb085abc31baa3d39

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
121KB

MD5
a16c3d8bf71f0671a18d0d87e7ae973b

SHA1
6c321fedb034ddff53bb38b4f9428c82433b7366

SHA256
b0b233fe5bcb8748715070face2ee00a791de6c1af7e08edf8105be1c0cce085

SHA512
e88b7d2dd3b9b48a7eceb9b6f89e8fc327cf14d8a9a4efd7dfd5c7c63064ba43c5aa5d35a0d15b11b0306736bc23ace1ee99069b3d58adc28f1c7eb27d86c169

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
45KB

MD5
121d350793054931e6fe8f260e345fd0

SHA1
f28f4ed9a18f07d3d521b06c2541e24358db2e06

SHA256
a0809b79d4221fe6e8d91fe51f9e0fef848d6737e37806126e3ad0b3e82dabd6

SHA512
047e6b611dfe7ebbf16db24d8f968aa1dab9e0082801c3adb523f356d20f1f5743c21e2b480e7106407dc7a2c515f2ef854c5630e0e76e9587e4e4bc632f6f38

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
92KB

MD5
442a67ba53b850453dad4c6ffb86fd1b

SHA1
b9d49a5bcb12cb9ef4418d559dba5ab2a3914978

SHA256
141bec79f638f284f506650df4267419677d25c89c30ac757ba3a8627ae7491b

SHA512
bfabb72917af6255537bf4eb2c635c170b056ad864b0433b433af08ab2f8328a00099574d129c1adaee51ae909b371326cf5208e000d367d09cbc8baf7abce51

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
83KB

MD5
d5c5e4d637d4760fb9c3327925d6cda9

SHA1
ee9906b9f4d46519fd1f632f83794cca5a0211a4

SHA256
d58032acb038c33c74e208f1c67913927df35cba06a34008d13926456122acf2

SHA512
9374c96a1a60f68f6ed0fa3448d03d028d165486da3737dac00ec6980dc9e8d71c700af72aa87931c0c2c7041652145ce7f36d2d445e65db5bba715f360d88a1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
147KB

MD5
d87471e4be92e0fad8cbd7e3838a08d0

SHA1
755bf7c8c89ebea07ca09d3e03603cb30a2baaf9

SHA256
ac64cf351266da1ab605d4fb333753281ef783051b88a2a8f975840857052d7d

SHA512
504fc3acbf2061e644f5e08bcad610b4299fa45176adc05fe048e47298620a96d46a1868855032665a1559be69b1b71c0ad1f5f22ae924feebb9a0e0f8f118e5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
95KB

MD5
fba9eb5d333d7e1a5d2f4829898be2dc

SHA1
0d9a5fc8504f08a8d27cfc2aee372c2613903b2f

SHA256
c56422657d9e8bfdefb3271481247444f7a7df1c039216566aa8361007e32a4e

SHA512
a2bfc8ec50c089f4902116fe45560da0599269d99f6cc9868cf598ce1925823712524a11155839b97860c7a45d8b4621dfb6fdd7a8b6e9557c574766d8bcb72c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
11KB

MD5
f89795c252aab30062c05771b623e8ae

SHA1
784ea2680ee11050697199aa112a4e1233e715bd

SHA256
b466f2ef9221660618d4754fbd7ae2b25c8eba196bdad994fd78ee5a678052d8

SHA512
94a446cb08ab3affb81814dcda996cc82163c0cce837d9f143df369a644c8b74756a49450c215b4a02978d0f28ea757dd893ce48da3e5f8236fd640d0586b0d1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
136KB

MD5
ae1b0a7c7fa254a98dbb81c781c98b3c

SHA1
0fae319079dd9bf98eab908c088adc9c74213517

SHA256
5531e54a9c579db961776f392cbf9fd278bf8d299a86768ac2722f2a1b409f88

SHA512
1411185a788e59883925304a7e7457b473bee924bf5ec93952668f56a0727ffaa3f5576785adb59343038a42453dfa1e5c7b5169a2c6c0b1ef0466f63c1fa56d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
171KB

MD5
89de3f7cc3ac81785b57fb8d99403fd6

SHA1
d5f5c86c077de4d053cfc6505a1962e27c907e97

SHA256
836984fa4935ea88f6794199809edade1fe3ac1ff5e872b2ab3beef033f4dd1c

SHA512
f239c6e6cbe9f29e680a3bfea7a34740508459f2fd670ec42c76599f35ee2cbcf4262d6e4257044228645fc6774b4f3efba5bdfe441fa33e76ae69033d0ab9fd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
5KB

MD5
28079414880aaa57cce41380a9d1d410

SHA1
488d76f7f3f69a7a50f785b33e16af96855cdf0b

SHA256
f88f3558c2af35eebf347ad69c41f3c1b1fed1a9557a391bb3e4cba848cf3ccc

SHA512
c4bcbe1dbebe2b73efe420bb71a015b8f7ac6b5e3d5fe276b7f738e53d1a1f4ed565014ec7716fb25f3c81942c41fa2978574a730cf42a0d934e515b756936f6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
21KB

MD5
3157c9dc3ecbacb12ae5cef9922f2ba9

SHA1
9a0dae842bcf09a753277ab35228d74613a29831

SHA256
3bb8a2b6d27807bb42ac8bd9b229de0d34e5304b28559ae1c873dfb9b64c8c41

SHA512
850c97e6d33879d920758d03772ccc8f68cad1a8440bbbacc4c5f244bfb4aa866c563ea17fb0eacafb547c96a7ee66ad698b68af30d2ef5ec411d7048f6e070a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
61KB

MD5
37325bb5a5bab859be11d2f99038ef5f

SHA1
8a95251efecd16d8e97bfbf299c63eb0201b07ea

SHA256
a8180a5c8e07ed4f14f6f93cf81b6b9974469fa6da49d0a40b9181175cb8790c

SHA512
46f3305b0c0b31eff75663a50e32d7ac5058cf7a940a134e06f48d27862e334cb0ef9b40a8739e294a4047164316359ca0c33391c88dbb2adbd55f643740521b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
49KB

MD5
c2da5c576e9cf0085d7bf92de47fd46f

SHA1
4b268aee93e3f03e17f547394d4b32174a25aa5d

SHA256
3ade63523716e4a46dbe094bc37d038f100cd1283d18d11d71e9d62f5dd1bd11

SHA512
a8960d57814e82779dac2d01eb5eba1c09a15a711fe38bc0b8954043dc9a2f609fe250d127a5b97820a59f807f4194d53c1291de0df4d56a214c7a430b1840c1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
84KB

MD5
5e6736ec7f7fe105dfecaa2988c2d4eb

SHA1
921d82f61f2bed600e784ea834a9a35d8405108b

SHA256
2800aa5bdc01f7f715bf37de8827e67165d132a88c125e0fa232f86d5efcccfe

SHA512
312d73c02653270ef2e6213f3640338267f91226f8788c9efc720a7c6e9095c7f5e52a2a6fc711e69ecae48e5852536f20125a7b57136ffc0f260e33c10063d9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
30KB

MD5
63ab5bcb81b19453a3f308b3b69db701

SHA1
eea3aa16d87d54ffccd2e88d159cc223df0e1e0b

SHA256
03f34c174b803cfd3be3a36db5751ac78119793b9e09027eeb3543a60f94e971

SHA512
cf2836d3d8b8442221a2f95c52c94e79839993de8dcc2f8013ec68559de555f850fb348aea89c0447243c7036dc519f2a2b00da6acdfa2845d512c5277236a5a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
114KB

MD5
00a3eb531f5b1b342bfff1a86564a56e

SHA1
2d0311898a78ddc8f027dfb2d481e24fd1853262

SHA256
23014048a80c0d68701630dec1eb48c375a00aa065418c99c53c195084b83ebe

SHA512
54af528707796f8a632d1953673b1909a80b1f33cf035e92c38536e06e2dd88f6ed02e4dde0c59c2e20d895b3775b6b067829403084f7db1f0bb41803aac68c3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
5KB

MD5
07ae2d8850108e3b757d66123c27c9f6

SHA1
e8ddfc9989c698bf752d0fba192821ce2e4a7284

SHA256
4c4001fd8c64ae2e295ef21148a164cc2a73b412c37d0f07ec8115773d981604

SHA512
b76a07c7fdceee4698e89b2459b93fc30321dc7ea95c8d1839fe49a55880f52d7acb5e753ba9d256a0317c72e94e2a40dbe91552a916590e49f74e4fa6b46a9b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
67KB

MD5
5de0a57b0ba5c0fbc8f2e11c987e4530

SHA1
be6a86d849d2ca2db49c309e2614cc1425378e3c

SHA256
36d1f1e271bdf55c1f301bed015dba87ae1e8c1b49f8a82de93d211938980386

SHA512
5ee8cacca65d6398606598d4e5facd24330c04dcee3ffa361af4f0f90a06777ecf37bac2e0d285b2b3db4133c4498384757ee3219073c63fd7eba5f14fa04858

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
57KB

MD5
8c33ff89d9e49be01b4911acf4a5495d

SHA1
a13b467b26dc14bc7ac4aefd36104f236afd3a91

SHA256
ac10e90dd9fcf45133808adbcfc9bc2a1fd73918a18afc13d20bd5962a3ffe54

SHA512
160c6053ec2d70454b3ee5f7bef6a140f190b15e8586017d7b6fc4447ac83b4f53ed067b83edc9982c43acdbc74e5b1d7c917c101207de3a62c8df03c2eacbdb

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
179KB

MD5
8a2aee8e769419402267166073c35a71

SHA1
3769ae2365c44cc4bd61158264b40ed16c176669

SHA256
2b308368ffb66a9ba75bffd65fa341b41c04785c34b8aa215dcd4c64028c2418

SHA512
7205ed768114e51f08b1ea36e8ed2d2a249604467c64b72f966402dd4853f3157a1888dbb334a32e06de0d75c0e0eec2da5a720f1bc6257c91120c8ed26c9439

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
57KB

MD5
1e4ef19d8cb60fed2e0e04664857217b

SHA1
b64679c2289576147983c97dd3b061627f1b2135

SHA256
08861549598ffe80022cca694c802309655ba1f89a6f66bab9f6a8df4286e7f2

SHA512
8ba3f2bd6ce64e85466950a6af8eeeb05df8da81c4d926f46dd0518c58cbb8ad37f55166cfdcbbbcf06b3305650323d705b8dc953db40c9561b3bb9ebf15b98a

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
57KB

MD5
a16f8f20e9864e5730ba08286c411e12

SHA1
e8aff130bb727bb96bdc0afdb950f6fc816e98a1

SHA256
133170b124298583a41c0b83417908c6e2776d798e09cdaff74061375602d88e

SHA512
c881239582aea0cec98fa1b7b8d0ff5466f4a9ddc5dfb0b98a38095850972e1f900b11274bec6b6d4f717f7d8253f1f8b982f2122d244e579903db4f61b88fdc

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
24KB

MD5
f4ae40a713ddd96dba8fdfc394c49ec9

SHA1
f0d72e53b0f14c88bcd356e63a6150122f553448

SHA256
af2b8ce56c1c9be9f83b80d0a20f6c6604dfa0f307e844f22cefeeb3390cc58a

SHA512
92aac74b01a3ed44ce3af6996c46fd787c88045388d418d692e65448744900620d1d9c425a5bcf627aaaf514abbf8bc22e8f93ded5dd42dc8d0a74fcfdcb6a0e

Download Submit
C:\Windows\System32\Locator.exe

Filesize
40KB

MD5
164cb7b9d1aacd07c46571b6bfb18389

SHA1
282be96c4694e4ecb2169e07ca49d86fbba22a00

SHA256
25433870a8d83e1910ee842034e9cae140b7dfe44a90573fbe2e2485aa370356

SHA512
b1ab767c295ed37840b585aec440701be78ba13bde812432d84602c1f6feedf8b5c9545a71dd975aa8bfc4bbe3e3ff626b10197a622c317587e8e61b19c5bea0

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
109KB

MD5
b3bc5bfc67af89a2f86dec9120f1647c

SHA1
3e69f96301af6b8e36ba518022b54093e4492386

SHA256
e0041db02e06de7605387853e4b5ba140f628204542111c5e848fa5f150db575

SHA512
357b0803b1ed537119a9cbcddef72bfbe240b726a7c6c5b383a1465526ece81fff6981fda9a70bd2333506e63991896ff346dbf34f2af74fb9f730d854f8de4e

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
109KB

MD5
c94a51d2e5810295c8631d8d7bafa91b

SHA1
c9d7551d8545d6cc762eff4bfe52f28d6471148a

SHA256
8532d0cb2d5af974d9507c8ecc1aa06e33763ffb976b46863af202c3eb25b4ab

SHA512
ea462bed2d9f1d0807e18b1b4017da2663126c8791d989a33eba462c81998f6f75217c2d205a869222ab8a0ed69d799c91d5d2d7e35be0369b7baee2224ad1b6

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
63KB

MD5
e25f2a0d373510207cc982d089553a4f

SHA1
5a2718c1e7c7aaf01eb10f8d2a66655628cb9242

SHA256
7e0df55d39484c7182788c883ee5445b9379a748ae4d8bd81ffbcfdcd5a70e87

SHA512
c71df83cad526ff6fda8f6ecf6a90d9249902638b6d1609f009773a817a80e0882a4590aab9fbca34fc7b24d8e0aa3afd8f0049a3e936b82eb6ac20d026d6ae5

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
41KB

MD5
f50c694b45658407cfc8917f03ef574d

SHA1
58f74570d2454d46198c282687a4e44e6571b18e

SHA256
a0ac2fc7a61652f1ad82bb429590694baf9c182aae0a6a90a6f3b1f0d84b3f61

SHA512
eb7363085a0333ccbbfd6566d7bfcf19509da2c12a9ee5037e5bd18ca96d57bffb119f225b13f647756fff750458e1cdbcfbf1bb7fb9fad67ab6617f70a5d701

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
95KB

MD5
842f164cfa3a61547f6d15496b359254

SHA1
625ae1bd0b3f8af0a6cff8a8e16161ed7601513c

SHA256
5d3505a5333631e5eb3176ac3511ff85bf5b707f6708e19c2ca747cb03d5ba99

SHA512
e496ee0d07ddbb4644f23be2ce27778c56ad3d3f75d33293f2b915cfa0cd5769ed5fff5e6e4fc8e01076f6da848daa4681e6889021801feedd7d2234d888520b

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
12KB

MD5
b898d1c1f51fbb66c461a585513f0321

SHA1
9400c963fe53ce29d4afa9668a550d7c849634d9

SHA256
1ad249dc00ba606b2d7f321aded96030643639920caf568e860531bfb30c2c21

SHA512
fa1553402103ef6d922ff34d0cea8e6214bc3aa27cb95a788e723876c148b0c09b2af41f5df7582286d1b3a4fba6b5bad6f330913e5018b07c76ba2e019794d3

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
20KB

MD5
10dd66d8f48ee58f69e91e427615bb8c

SHA1
71abbc76fb82bf70157ba464c9d7e49d677f81ee

SHA256
6ca8067d70193f4d1766ce3d2359828d670b3e9c53bd24c44cec0a945f3f84f3

SHA512
06e89bdc23d33fabf6e4addb946b83b478ca2717ddbacab50a6b91d6b261e75e400c491adcb4d90464106eec6a949eba626b1c4e4759b77b80e6b6ce6a9faa71

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
508f4a3bb49dcc2ada1b2cebeb9f580d

SHA1
e3d4c66b2fddd0517738ea08d30ea4b747171474

SHA256
b4da0c07608352941f6c86dfd29223b8f2ebc2d1e391d0e997a5c000d3cd4813

SHA512
914768f67836d9e2679e43ffaa037172d7a7f12a0d6d97d8e87b9a7674b104b3da19d6108db7a7143420fdf90f89814840948e171e5be30dde3aa6d5cad74b60

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
92KB

MD5
b37b1d72ac93df675f6e212ff8a6e30c

SHA1
59fe5d941083695b953171370de6ab8b22948cac

SHA256
97185fa426fba7812eea650b2526acef8ae588fc5391d14e2d719938e9aa509e

SHA512
964b8731659309fa586af2cc61ef190bde31d69bd8ff34663af05658c8994bee1b9fe57bc6eef9e3d8e9700eb13a7665331565ebe99f0d82d2a3b9c5458157dd

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
54KB

MD5
5f677b72ed4dd459ba03d60e80dfd0f2

SHA1
4030a62104c98066fb8600dcdf24ec7ea6fc4120

SHA256
f13cc35ee33c5e4c92b3f6c8bc5ceec0ce3a8f222568b0448156071f66bd9517

SHA512
9a5acdf3cbc5044adb940f39db7b6444221acb74e4bebbb3a41645355a89d2a3e60aa9275a40a2495c745f742771902aa5d7af846c77233d1ae16ae790e9b54b

Download Submit
C:\Windows\System32\vds.exe

Filesize
144KB

MD5
8de753b163ba38605934d10af92b3c2e

SHA1
3b5fa57e73e8e4d16fa35efaa7b3f7b41e4ea897

SHA256
8aaddba4ec3f6b2d68739bdb974bdf98145f1f579449118839ea49fc3ce883c3

SHA512
9d912c3a9b2737f01913a172837641d56c004d28764d8fbc9e7ba16b062ba2ddbb3beb1e7fea14dfeb3e10ab99bf7117b3bc3068f147f33a2cb6158f5c3878c8

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
57KB

MD5
cdc0ae392542072368dd0850d3cfb8b9

SHA1
54c570df063dc42640ee3f9513f7e571e0ef6176

SHA256
abcb2246ec8e72a2a87eb15d0a718deb87da35cbd3bd15d8f9c6f445f1b6ac0a

SHA512
75256ef7d02735faed2212768f243e5eb944390848c67713f8ae6f30332697a7fb2e6e30b376868842180d2021f59cbb9d119ff2bdb290d5df9e80e8af756551

Download Submit
C:\odt\office2016setup.exe

Filesize
80KB

MD5
f57d99f90a5e71b5b41d8ac9e9757ab5

SHA1
4ab84e6ad509a7fc55ee644115afba219f2cf880

SHA256
9bd5854931e91c6d6968451136f6b7aea8287b6a474ad618ebdc5747705a06af

SHA512
005e84b6b864e55128f982c21c525760276d380fdb27c121ed63b7f58c60e257d6a6a75d9f2bb3637050f526559fe6575d2c2f557069a380ff7c3830beb89cc1

Download Submit
memory/1152-268-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1152-270-0x0000000000EB0000-0x0000000000F10000-memory.dmp

Filesize
384KB

Download
memory/1152-261-0x0000000000EB0000-0x0000000000F10000-memory.dmp

Filesize
384KB

Download
memory/1152-253-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1152-252-0x0000000000EB0000-0x0000000000F10000-memory.dmp

Filesize
384KB

Download
memory/1624-267-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1624-335-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1624-278-0x0000000000C70000-0x0000000000CD0000-memory.dmp

Filesize
384KB

Download
memory/2292-21-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/2292-13-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/2292-15-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2292-230-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2304-62-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2304-70-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/2304-236-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2304-63-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/2600-416-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2600-349-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2600-356-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/2660-58-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2660-64-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/2660-49-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/2660-55-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2660-48-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2924-377-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2924-442-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2924-384-0x00000000008B0000-0x0000000000910000-memory.dmp

Filesize
384KB

Download
memory/2984-457-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/2984-465-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/3268-297-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3268-305-0x0000000000570000-0x00000000005D7000-memory.dmp

Filesize
412KB

Download
memory/3268-361-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3432-0-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/3432-6-0x0000000000B90000-0x0000000000BF7000-memory.dmp

Filesize
412KB

Download
memory/3432-1-0x0000000000B90000-0x0000000000BF7000-memory.dmp

Filesize
412KB

Download
memory/3432-17-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/4060-232-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4060-27-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4060-26-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/4060-33-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/4376-295-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/4376-347-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4376-285-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4436-426-0x0000000000820000-0x0000000000880000-memory.dmp

Filesize
384KB

Download
memory/4436-572-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4436-417-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4520-44-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4520-38-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4520-37-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4520-233-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4524-429-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4524-362-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4524-370-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/4624-248-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/4624-311-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4624-242-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/4624-241-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4976-550-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4976-413-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/4976-405-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/5076-400-0x0000000000BE0000-0x0000000000C40000-memory.dmp

Filesize
384KB

Download
memory/5076-401-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/5076-389-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/5268-344-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/5268-403-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/5268-336-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/5544-321-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/5544-329-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/5544-387-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/5736-452-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/5736-445-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/5760-551-0x000001C9E4A40000-0x000001C9E4A50000-memory.dmp

Filesize
64KB

Download
memory/5760-553-0x000001C9E4A60000-0x000001C9E4A61000-memory.dmp

Filesize
4KB

Download
memory/5760-552-0x000001C9E4A50000-0x000001C9E4A60000-memory.dmp

Filesize
64KB

Download
memory/5760-564-0x000001C9E4A40000-0x000001C9E4A50000-memory.dmp

Filesize
64KB

Download
memory/6032-431-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/6032-438-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/6076-313-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/6076-375-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/6076-317-0x0000000000790000-0x00000000007F0000-memory.dmp

Filesize
384KB

Download