552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2024 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
Size

1.8MB
MD5

b49ac48d08067809d2d56c2d3306212a
SHA1

4e27c62c4758e52c757ec8a5fb865f1097dadeb2
SHA256

552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c
SHA512

17593d339760a0fd189287850bbee962a779f5e65a9ff69d28f20066d8377c2196e0e80c4c654458c645544577a0ad836ce59a413617290cd7896b218f40bf95
SSDEEP

49152:Vx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAGm2G+dfefF:VvbjVkjjCAzJzm2G+xOF

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 13 IoCs

pid	Process
1436	alg.exe
4908	DiagnosticsHub.StandardCollector.Service.exe
1808	fxssvc.exe
4536	elevation_service.exe
644	elevation_service.exe
2352	maintenanceservice.exe
2232	msdtc.exe
3716	OSE.EXE
4464	PerceptionSimulationService.exe
2492	perfhost.exe
3188	locator.exe
400	SensorDataService.exe
1448	snmptrap.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 28 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\system32\msiexec.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\7395d5d4ab059c5.bin	alg.exe
File opened for modification	C:\Windows\System32\msdtc.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\system32\locator.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_135953\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_135953\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7BA8.tmp\psmachine.dll	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7BA8.tmp\GoogleUpdateCore.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7BA8.tmp\goopdateres_it.dll	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7BA8.tmp\goopdateres_ar.dll	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7BA8.tmp\goopdateres_fa.dll	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7BA8.tmp\goopdateres_kn.dll	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7BA8.tmp\GoogleCrashHandler64.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7BA8.tmp\goopdateres_sk.dll	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\GUT7BA9.tmp	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7BA8.tmp\goopdateres_ru.dll	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7BA8.tmp\goopdateres_mr.dll	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_135953\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7BA8.tmp\GoogleCrashHandler.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4908	DiagnosticsHub.StandardCollector.Service.exe
4908	DiagnosticsHub.StandardCollector.Service.exe
4908	DiagnosticsHub.StandardCollector.Service.exe
4908	DiagnosticsHub.StandardCollector.Service.exe
4908	DiagnosticsHub.StandardCollector.Service.exe
4908	DiagnosticsHub.StandardCollector.Service.exe
4908	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
648	Process not Found
648	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3488	552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
Token: SeAuditPrivilege	1808	fxssvc.exe
Token: SeDebugPrivilege	1436	alg.exe
Token: SeDebugPrivilege	1436	alg.exe
Token: SeDebugPrivilege	1436	alg.exe
Token: SeDebugPrivilege	4908	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe
"C:\Users\Admin\AppData\Local\Temp\552733bb51b1ebaa35967f7dbd89f9e8ca9c2a6098da543b359c9f6a6ea2d76c.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3488

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1436

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4908

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:376

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1808

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:644

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2352

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2232

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3716

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4464

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:2492

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3188

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4952 --field-trial-handle=3408,i,16599691418790971742,134777455365707676,262144 --variations-seed-version /prefetch:8
1⤵
PID:4696

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\elevation_service.exe

Filesize
1.5MB

MD5
14634139414b39ffb6e00e441c37d521

SHA1
8df1e3dd29ec80b58a1f9f8ae37f0baaa5206a9f

SHA256
92f02e775309837d108aff7f990d7a941739bd809fec4a7dc1d4371acb5b4171

SHA512
95248fdd9a031d46481e0a0ddf7325d1429c4aead325a4963ad788db82a4cbbc594ce302f9e146c04e5d432ab46b28784ccd4e88d914231fd95b4a27cb29acae

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
660KB

MD5
5323b49bb08f8369e98db49c8f8e90f1

SHA1
a0d083285f2862588b0b40180b6be81756e9222f

SHA256
9c3df8afed227add78d976864b11ddcff16691547cd9a96afb9fc7e63f4b8e11

SHA512
60cb765c2ecaca0824c59379a6e6621ac8bd151b0c03057fe9d51a6595b66c9cbbe4ba9b0a420e23c1dd68d8f091ebdbee638b426174b032cd0efdcd279fa2ef

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
d7f96e1414a7687af870355c25c1cbb8

SHA1
a8e4304ef4ee9f060168cdc59d0a700c3545e78a

SHA256
9a5f48ba8a1b9e0bcc3799806953c90cc3ef0e85fe4a5897e54bbed7cc6310c1

SHA512
1c7332b4b8a9c934c990bf771f94308fce5de092610ea31d8505c23bb47222c4df92b243fc1a3373e3be1c15f8bccb2ca9d7a7f8b62354074b9c467a92e01722

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.2MB

MD5
0734d0e04450bc0a0faaa0aed6b8e606

SHA1
c8351442ecf95fc463e4d850469142bdb5e76b3a

SHA256
3645f6091fb478031c5900c11dab405cfa77382916d1fe5de0394348d49055e9

SHA512
47ddb3ef5cd9cd03ba965456db576e3eb02c6b269e852207766e0f38699988fa93b7bfb1fe593b5c4e7304f65bf3882caf6dd55f590b6258c7a92e0b2c42ac82

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
3a2460e1e046148177c18fe7b256a4d7

SHA1
f94a62378e86f26bc6b8468fd721c3cbfc044052

SHA256
b2ae84de31e1804c50bd80a1e05a7fc615824f34ef55fdb5621885f333c90376

SHA512
7ac79f772c34a270c6a8c806b6b86fec670e25ec31625736c201dfaaff80b958bd117736e2df85d693d01cb962a736967bac69449fae55cd4c9121ebbdb59ef6

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
320KB

MD5
9acf08dd0bdc59ba17a2559039bab878

SHA1
3db0a50d1e5c88e846bdb89fe52099c001118744

SHA256
0ef8072d0343cbf196d3045768484fda71269bbcd48842d0d94d1256b6dcd56e

SHA512
23541803762b3247b7b128251b62f9756bf79a05eaf6addcb4a673954e78d836ee8effa9e70963c534335fa8b73dfafc35bba0a1b0e62938bcdc0818df770494

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
37c56e6e2f406ec3b3e4bec7e0ebfa86

SHA1
e718ef403b215a3e6e87ddcfda769956a8354798

SHA256
1900cb141f7c9f7ce9c2a0748e6d22876b33f9f89503d0132e0f9dbe863068d4

SHA512
490b5bd2b22637e3b05189340a88492c77b5738e695e3958a26ced29d5d835b050910c2cf118685faef24a7961e94d55a2c63dd51b7607bc6813973bbc5edcb2

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
271KB

MD5
9cacac86c5bf143e5f23c0403910e787

SHA1
d201c77a0e3cd12d3f9700981940b16fe7235e03

SHA256
fe8ddcac5fe0f380410d22bf520ce64882994e76f9665949a71a5f230da5d73a

SHA512
26dedfad707f388f6edcdf4378780a9280a46097d3d9962a27f436956fdabedd2bd518f14b08a37ea80b101aa864da80f3604edd1019838bd55e633c5fc6f062

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
bc005da2e9139962a4595f4a138d6e06

SHA1
b94a8bfe5b7d248dbbffc5b6cde17851300e7147

SHA256
07177136463a4fe845d9f14cb48377a8f5b841920ccb056782446ebbb015dc59

SHA512
d816dec6ed6ddc32e3d1960ce454190c8ca37774770c21e2db4560df9771ae854bf5fbf57a1996d8539d73626306fbd29edd44de0f5efced06bac99eb33718f3

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
21df5bfcdc19731f56f598d14b6a4d77

SHA1
409946e5cbcddf910b47b0497d751c13e18a067d

SHA256
db160de023e84d0378079d3ab4b9b9546b11cfbff0ea489b36509d90d791919a

SHA512
d9bf18a1aed3175e13941903b0729e0a2c6c692ddcd28fa3d8ca01d00a2b3dd447de41d42d3b116d053475e1ef2db3bb5ff0bbaee7ac8fd229525ddbfcfc8904

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
4.9MB

MD5
bab5409f5f220a21373577f44b9b5ff6

SHA1
4c4ded055aa31f81d4b9d387e2e35332e4357aab

SHA256
d3a2a4f8256e6e9e428cca541b43b1fb02416efa3654e487f2e340ddd90308c2

SHA512
2984da161821363d8a9214f2e7a7cd0a01933b241ac34875e97dfa7cf422a3e50085dafcc92d3ba399624f6f7f8b5b7531eb92b01a484055adf4918403abb5c3

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
c96e27f2fd1b483cb617758ec3cb061c

SHA1
2158b2f4c7297330d4d75859438aad2d1e1ae08e

SHA256
56cafcf90359324f8a7b8b13401407de0c6e28cc79cec9979f5378912aee4f4a

SHA512
76c239bff3c4e5c52ad1c139261c9d0bdd6d5ebfefe659de599b8f1c202fb1b0f8ffce3b4af4a3782e670121f26f1a0e6e03d7d2248337f3adbf11b449d0dfa7

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
79a6c22664119089e9314fcbc1e06bb2

SHA1
1a6dd2a6a8bcb90a5d078d32a8329f356dbdff32

SHA256
a28c1c94a7c57d10911626580b55d293fb50b8bf94df7ec0a3b7a215fa5392f3

SHA512
ad72e64e0947d67d7dc5adf821276a338a4ab2203fde552f9eeb1df16766251aeb75f22f16273e139e11e97eeb0d9072d53912de977826eab2dd1f42979b84c7

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
0ff9c6f1a77811e49f6dd85d668c22c6

SHA1
552c03fc494a8a31e128643975c10f7f2e5ba09a

SHA256
ce5b412d74ec1d82bd1db3c24afa9ff41480246382fb1b194500c73ffd929834

SHA512
ce561d8431946f4c029e23d6b2f65c3bdb72996f13af9f5a3a01aa83874c213f73281aa4c474c1f4956bf789b23198ed17544752f684b26c166dc83b6433ed2e

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
256KB

MD5
e718288e5302e1a3541317b1e9abfa62

SHA1
b9ca5ed194870695891a00d7ec04fdf2431aa702

SHA256
ac158a2c6f7c6173f9c2faf57e60bdf402c23ea612413337f1f60f39eeaf1305

SHA512
d9c6016ceb49c871244c2bf2b04044c98257d855f5f2dc4635c87e009cd1360236885a6ffc3b2841be0fd33c8efdfdc98c4f60804276e28b235558b26cfb85b0

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
192KB

MD5
d65b79655965e4bab0d72266c8bc952c

SHA1
4725aa346188372ab0a1b3b24fcdda556806fd27

SHA256
847df17f00959dbeb829fb951641a80e467d321d2ba014a4bbccacb8c64c0293

SHA512
59335b16db3f8bae3c2e87dd8f464bf30143ce79f1d3f8936984b3277e7228e5228a01368e35380703826ac9d0916eecbffe5fffcdedac1eed72fdf73c6f73c0

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
192KB

MD5
88d6596d62f20018454a321b3276e9a6

SHA1
434ad54c31b59b46a88eb3b2ec4733dba8b635e4

SHA256
415097e8b430254d1cf216806246f507dadc89fb5e77ff4a0abbd7a99623c9fd

SHA512
1ac27bca55f444478cd6c81814da89ce195ecb227a96f659975bf0c1ca18bf29e16c3e19eb78c670f09c38da636985c5abf6fc3d88c9c70e2fccf17ffc795132

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
256KB

MD5
c8af5295adf10f1ff48d0645806cc69a

SHA1
8d758948c2883707e2e03f4371a4a84b1b147cb8

SHA256
8af7b29ba513320bae88622297ba312d9dbd66fcd063c4ce94799be8c8e39d7d

SHA512
d3a3cf6727345870de9aeb1aee62c6835f0c02ca649315c30b134b63787028185d2126d141de0cf2a66fac197fdbda0d186a6159edd676bf63f684b2a69d7cdc

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
7011ebf8ad514631be948e1f6788d0ff

SHA1
780de8267f057e9070ba7e0574adeca474cb9329

SHA256
b42acd0fa4f134773cdf0ad25826030f83fbf59f61699730764629908941cf62

SHA512
1e31166198761c20c8a5ab8cfb56978e0137e6171130153a9922b927763d7d15d1871e3678650dc16a13da5d9d7b034caa5f44a8130dbff7497bdd4384ae68d3

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
192KB

MD5
07a3e511306eaac85ce0d3c4ef76f9a3

SHA1
a843d6eb14ca2cda46ec62d86e4d353c6ba3e95f

SHA256
ebddadf9876c561e515f98d6386d3436ffdb97acac7e511b071b3b02170e3fa9

SHA512
87b1afe8c62cbf4a07c31f7f9f1420fbe6d5c88fc4aca5037f47ce42c5d307f51281ae9a8b04a12170ec616d80571e6f33fb20de07c5485df1114a1b1fc7e170

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
192KB

MD5
c75163931ca27ff864a6796144ede41b

SHA1
f2ca6a54e738553314b0c38f063eded9c449c06b

SHA256
236a5e567e9cd9dc0f3b4f06d10c554431e2040785cef7d5c16a69d00b646e74

SHA512
ffb492868a8d879f33d7a6b019bdd47ddcb0c73a48a6f845fd56176fd8d853fc2a4230080d8419233b37a5678ed72d85ad7c08545a4dbb37c4eb326f0b5d2b6c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
03e542150c8235a1e871c0ca5a8afbcc

SHA1
c85c0cf4c5b01f64564ccdcd2307bc66bd860328

SHA256
5b90dddcfd04bad5f505159028d0f510a1883cb26fad60685d4023b139601d79

SHA512
9a81aeda1c0b4f79ab1fbc938909ebedec577bfc2d9a9ef31dc166915e231fbe18968705bdf4fba3d55618722970dd148c2f8b8fb104442f853c8e117c3903c5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
128KB

MD5
b2ecd3a6802afc50549f74605afe4e15

SHA1
552a64474b66b2fb57bf37f4964dd5a8e10376f2

SHA256
8cd5b806be85e2c4bcb7ef54c7faa218957ad2a27dc2b15e3e5542896bb0dc2e

SHA512
57d3ec1d0b491398c46d74cce6964d311cad44ab2305e3b5951d83148f44ddb71648600f22c66c0c2ab2dacbd5de85719c84c8f16714692aead48e016e8e38b6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
b79327aa443782c94dec25ebc7d488ce

SHA1
62ea0e1182d4e45ba32bd38bd60815a38181fa0f

SHA256
0a1e320a8ff5fae5e53495e5e2417d8509996c88e502717b9d07176464fa0939

SHA512
a1951374767f8e721a343437bd199d3d70c79d0d8784f0e9890db582c104a7a847de64b42c5b87b0b584b55a9d441f62bc684e25d720bc4c2a5a51c21bda8799

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
19fe908c822049cef15e58bf7ad7f7f7

SHA1
03c39536f3b6e94dbea078dee11838bfe7b0974b

SHA256
89225a6a087758449d36df687fb99718fcbbf69b8542d967813999550660ef83

SHA512
9c2002d9a1d660f72cb9a041d76bc4261714b3ad57706bc4bfa6dea70dde8334bd89a206beef0a27da7faeb78703958212acbef63ce6cc892ea93b952113cc2e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
5c4adc55d1a3dfa86e59d07aea52850b

SHA1
bd6b8662f82ebe051e4b60c9e49131687216fa67

SHA256
9a10efcad56488cae29af44fa248d9e5306246adc3153e9d4fdf011e71101b4a

SHA512
fa68a22b5fa1d2b215418c52e246d7b359d1c13f8eb5f8216cd15bc0184a52df7122d51eb835f90f8f635b0b09bb4f61d95bf9ba256f5f83180e44d85321aa3a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
591b9336034fea781ddb8defcfa916de

SHA1
975aabb570ad0e76d638d7feb77724307697a1c7

SHA256
b1ffe1f10684217731bf5cb4f89525645997e30602c4b27537a9c060f30e286b

SHA512
7c27bbc9e6d2e19c043db6fc98a18093e0402a6dbefa59bf2d5ca7c5a649e71e2d62b5c9c20bf0dc1acc31f52aa90934bea72e2cc2a7e966bb55f865f68dc0c0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
c7a6ee1abaf9cf1bd2308758115eb8d7

SHA1
1633d37254625a1265e384f1077be8d3ce0ac974

SHA256
88bd44fd4ae34357f79cb9b901c3006c4bd4c6dd80247439638ca87517e4046f

SHA512
34bb4a2fd26aa229d10748098a55f216af443c3b2ae82dd9230ff5d4b68c420dfaacfbb7e21f8531c67635c35b346406e7040447d4d614dd5e21b17f861ee71d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.5MB

MD5
e068d76968fc5b779103d59a1f7ffdb8

SHA1
cb8dba2590f0b03c79bdade5d831fde40ba3722e

SHA256
0170e08995da049cfbca61a91863fd50000dc8c6c8f625a85e2d8be6b688b994

SHA512
69c9f3c7f2cab6210238f69d03b5649e6eef20c549e0928c5474bb4e2aabc1c6a2f6fa8b8407c1c53baa817c2049acc03b467b154ad66d8c0a98a59d0b13f378

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
4a3fdce87733b3e16120fab2163acfbb

SHA1
14815979e60fd774cf51829a6dcaf0c9a20ac600

SHA256
618403072974d6d5834ebfce8a40505d5582dfcf4dd4ff74be32d278ae38364c

SHA512
7f519a86ef7fe898cf8874b7ce224b87b9481b81561f30fc4a5ad57e669a26ee8611e28fd0bd81e559987a6a8ffeb13718871eda4ea724760397ee4509332d6b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
df6e98b86b2d32fd8a76637ed8ac0ff7

SHA1
9317d4a51a13f35b61d0353a77b8cb911f4bf4b9

SHA256
960835f0845f2daf2d2cfe87eb42814f1ae2762d8de6dcf7d0ea5f9b0912a3c3

SHA512
4e463f53de05da9f9cd4dfca2d4c7c7366ac3d9387634c4fd14eeee8d1d2ad86a734a4ee81e86f04c5ebb24c9c4d7dbee447781662fc94835575b30bdd93b094

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
ca222cc73b5b2ee1e6d259c5a781d1bf

SHA1
d84a910d734e567da2d4b1b69625b5e1bd1befa4

SHA256
b27e73a20990eeb428674079db8764bebcfec28630ef136f870eb27cc8d49d31

SHA512
aea09efbb977c418f91a687204e5be14635d8a03b707ca35e4e658a338e530cf8d456c9f2f3bf1ded05037ae705d31cf017a338ad4a3d4dee671f33e12065dde

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
76936aec425952bfac9fbcce02245fde

SHA1
e5a1b5b5a63106867085208c3d50290e45fc8667

SHA256
3dfb5d065076ea2e56c1c4485045d806266b6de3ca4a7a8a12df1918dc3986d4

SHA512
70ac1553aade196196db89ab1ea6431d6070268f2639b50e056eafef7ac171e649811385125ca1493987b4f213ebb8720267f822ee4ded54021dff49b31d27fe

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
89053c089f56d8c6752ee217aca4115c

SHA1
590b4f1eaf0c9ecd046bc4a510a887ceecdec170

SHA256
9dd62ecd9b0bb65f6cb75a1327585957c0e50a8ea5c2ec56c8fa95eebf652b10

SHA512
444ef6d4d8ecf64cd58ca2383e617f83385669932c3ad5bd3fc58e807e1624ddfea5fd6e4ecbc707d4a427beb7b9b6a6790659b592906e05d0c5ea2788c6a818

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
bec78f1008b6b7e4ffa2a8f1bd97ef77

SHA1
0720c5ffe807dbc53f15d70eb29a94b75a5e90fe

SHA256
6bda2814fa169536f97522cdfbcb81a816bd58488e82883e3d9887a67d10ea4e

SHA512
bcc364f62646049d9431f671c179280cd8498605fead89425423c57cdcb6c8b6acf6d872241738b518abb2926c8f15312b6009ca9db3acb5329de20726a48b84

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.5MB

MD5
5748e7daf7bb546ec5dba3dbc4501941

SHA1
7cc523c3e902d3de73212c222a9a94054bca26da

SHA256
dcae869260f00dcd06fc254fc888c5e38c51898993e5be86b5d28808d5bedbc2

SHA512
bf6a75275624c163301a9425255ebd787bd4016afceb122f36cc3c7fc63f3586692c2e02dad17bc62d9b2372e8282fa72f6797788ae1e0b48bb9555de10e98c5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
ebf8b0dbb0e0b95a2ca527878aec4d16

SHA1
4d65c60e24a80585314c7346e2db9758590095c5

SHA256
6a56aeb23ce686b02a207fa23c879c2da5cb07d9ce31bea74d2552a857ec2d54

SHA512
62676e1750abe4313c68264ba1e8a79ae1d09c088321b9ff69cb784d403e96b37efcdca28b89cfc235c03c0f01e0fcc4ff050075357fad3a25961a7bdc091a9f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
43f87496e93e2663e94efc725d490321

SHA1
db0a8a73d55958a5ba8911154792cdd164186a17

SHA256
e96c2cd90de7bfac2a5ee16aa83a7f2184a427834aa14f228f2b32dc8f8b1e09

SHA512
06343142f08b21aeb99038d753842cd8f2c3489ea4df141630ffcdba5c29a89f20ffb3bc7ddac1b5ff809b04d4d038ad0ec6356ed88b2f49635f768b57e3b5fa

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
c37bf0b819e801b2810a7a753d340b8a

SHA1
df277ebe7e4be477e078bac1f16dc06e46db4e73

SHA256
9be2af1269431d24b2b02dd805243caaa0c419431726cdb771f339369854430d

SHA512
a8b60fae28d2022c83a0805578cf970a80295d14689e3cfed83be1882da0093d9e780098c97cff0bb34b7d0b803a96aa2abb571fb008850daa657e8a27fd9baf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
e750bbe5b4fbd31198312e6d91c54e5e

SHA1
e2f75746d2d9ed985cb0d8c945abbf7bd71f2a4b

SHA256
1519ad6bf44ff054bb0e5da4945969698da766fb8560e5b601750a2781e6e9e5

SHA512
520a82370e99128d9db85fa9c93a90de50c9c0f489176b56940b43f2b073810fc600a09dd97cae8f28e6ffbbf5ea0aa93fc1c818b0c729336fb8f27dc5eb9822

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
af67196f4091b591fe393d132e4358c5

SHA1
a7720918776c9371fb112a44b74a6ad6e0278b19

SHA256
beff56c1d975631e6c2a2dab19817af68fa48c5929da662facf461cfb70ee270

SHA512
d3533c05063f693557e19bd7f75e5cf18f693e9f0233a2baaa3ba92f50f03e6c2b2bdf71ec557c3e719e9031154af0c2bd33a5f4cc6620f6b8b520b93f5f5ea4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
2a696d1b56383bb405c8d5678b909fc0

SHA1
41173939e6e92c440c31b9a27e2bcbff22e11c9f

SHA256
ca44efdb3871c7666aae14dd80d103931f28324d495c6d09aea27cb9a4ece738

SHA512
1ff8693032a2f854fac6960c240fdf4c60a47ce106a77945aeb67708d2f91f839c0eee4f8d9e6fab9a35f8b5c7ec745d5b19ec3d51da025079a6b51bde2407a8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
744859bb6752e189c274a316a0073993

SHA1
cc2a60a6f8181bcfe61f79aa54e71a3d5c9dda79

SHA256
8b1df8acac30419fb41aac5ea89228d5ab959e2247b0aa78bcba5442136f0162

SHA512
37a486f1cc56a61981a40477c0131c4099f66ffe5257149990108c40c6398a1d07a37f6ec93916268e7044eb8f0f5790fc119a15f70f7194dbc63d97be2cc926

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.2MB

MD5
3e4273f6eb7cae2ed68dc4168125ad90

SHA1
1ea235e924af08d166fc33b5fc9b20616b06bd7d

SHA256
34542b2f2da64d9cd7f49d1d30f1050e25449399ab39f405cff189c716cbdf13

SHA512
c31791c129a82e145f1e15aa3bffaac810a5e2d1d65d11f386b48e141e43686a2f87818b5e39ca80cb204e85c5650e15a1886a249bf0947368fc83823d1ac74b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
1.2MB

MD5
cfde51af1139388c0805036db6bdfb52

SHA1
b37f3d70550ce65c4a817b6fb768940c028e0144

SHA256
aa527a78e45e2cf271b0a57245829bb7468c9fb662aa746443de4bbf73b83ebf

SHA512
cd2a98f2fc47e70206aa9e0b2a4512639d1e0db05beecfed350dafb2f39806733f2ebd25e693bece4c757abd047f3a4b8007d9655b27daba01b7ca41a4fb2c5d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
64KB

MD5
11d3558fb9d4a2912fc67b3d7b3dd6c4

SHA1
2e66df6db88e6e7cec16892725fe3d173dd3c8a0

SHA256
f07c4a2a4850977fcabcea9103db633b3f0a84e36da5bb75f6a7acded2f7b887

SHA512
02fee1c606ff8e62aaa8dd54e5bc42e93235119fc42be67bac02c9e8e9c1e5c5aa2a9a2d741e5f4a0cc93d639895db0b642f09808be19ef5b6861cb6eed0eefd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
64KB

MD5
574969b23bee4478dba886e36517a17d

SHA1
b01ec46ad3980189fa233fd41d27a378fb616503

SHA256
b8735797b36f2ce7c58bf7033152a46d41087bc4d680e2cf1c5861f47affdb2d

SHA512
7b02b711c3eebd4a97fb0071f09d8361c0db6fca6b3707249f08fc76714468153d31e14bb5655932aa49d128253b587403e65e7a333a040425fe8442d5097631

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
64KB

MD5
e1eebda5b145327e3a5a0125a8530a7d

SHA1
b90d730c3c81dbfb96795a475ffb1a84b462363d

SHA256
29f1066fcf57d4bc5e8b3cb803c979fdeca9e840c78183d1efa3e2bc6bad6754

SHA512
311b5b34eb5ec1a0d97a56dea1300695fa2963e239ce85992aaba74875724445718dc6fa8e04f113a60e68e597e649f83a62be78ee452a8799194d33f7abe22a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
64KB

MD5
47848e4e4e62e89652634e4a3e77dd56

SHA1
768e9a041bb89f876179b2bd7602aa6dfc04e4fa

SHA256
79b16e6b2ea471f9946de5ca17d295ee7edc738865a76f7ec9eedb0c399e6a5d

SHA512
20c27bfb6f31dd085d589850f710e9188faba563afd45fcb3e51ec804e256728ce3a6b835be6a3c9b4dae831443e34f75d2de104d174128bfea86ffc394f1320

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
256KB

MD5
09fc63a34d0a0ccf2841f1e689b3b0f1

SHA1
104255e43137bc823c4b1bf3d75ff5919b31fe30

SHA256
1a5ac22a40fe10abc520dff7996b4f38b820e6877493bf133e3f8eaa24282138

SHA512
dd8018643ed0c4a65a2d364b9c2e5017198a1acd1fd37c90f62c15d7d5188b41e43fc60eaf976cf3059a05e1cd80ccff601c9ea7a7c8f93b599022c475a04eb6

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
80KB

MD5
f6afecdb8b0d39c997039a6b8cb11aae

SHA1
fc147c8fe1f1d44eb3791995662ed6ec400ea412

SHA256
b0fed428d75254e416ea6e8e5718420ff0b62a7655ce35ed054d56379ee91476

SHA512
e3e6daaf8ec55029489af045ded69fbea5d94551307387f605127ad13c1334b2b0c36fd8db3c8d4bea70a9dfbc4d627d23c416f7aca3357090af91e2f7867d52

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
b8c52c3aa686c3d4ff6c6cab26b7c2e8

SHA1
227ce3563962be32e1000f49f4bed139730c2294

SHA256
6ca280d02cf8794b3676dd83bedcc6982c11307fda82db87932d82c3076071b4

SHA512
2b4f058c89b479970dc20f54057da46b9c7958bda2cbb45e615a164ff4eaeffbdff3afd92a84410e95e707a8cb16d8fba9e2d9d9ae1cfafb10b4cb56e59af832

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.1MB

MD5
9e78104d0ff396c2197ea98e1fbe92d8

SHA1
e9af6491d4658cf4d2b120d26d91e72c3ec3a50d

SHA256
1e8c1015891e1e9ef8ff37f650d3c540950ab6cfc7ed8b8889a3580270e85426

SHA512
f1c8544fd681c287694bc5c5ce3058fdf07b1111b3a05242a6ad1a777df20aad57c9f2d0658191de86fbc81b0bec050988124d4dda407bb21e05abc1c3922ca1

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
4df89a6dfd8f0efabf028fecdf2aeeb2

SHA1
7fcb3e59039ceaf0fda39106ead27c4ab713fd48

SHA256
d5510a5130c7d4a62703627309894e33a3e918881412573e2a22509b06cf491c

SHA512
03867c5b51e3eb14167a29c0d003d7325c23be312788a5837bfaf31fd0d191634fc7c8054224220c1bf4051ba53e80e4976e89e547cb2e52f4fefc0cbf605383

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
b8dfc4b10e952b6f1c2fae5549874b4f

SHA1
dc3e7ce6dadae7596ef524ac387b25547ed61ae3

SHA256
2d795755d34d3390d799d89c5b4f64fc1cbcbccb7c6dbc8586db75b9930eef67

SHA512
ee6f72057755d9e341badf04a8eab4a21d15cbe6e30fdcab33782114cb295343498d8108f3a7d34c721eda349a358f5367d251e0dfcbadd4558a2e77028e5bca

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
bdd056367f0b2bcd19d2f658010ac02a

SHA1
90660d564f691f47adb021c54feb25eafb802ba5

SHA256
7e40a5d6ab6a5f93c96f0dca45c5efcc764869fe53c745fb25c5480e5ec7e244

SHA512
2af63d4d81294fd71b0c708314e796b4821a869fcaaea6be7d5116d75be7e8afd69d20cce482b2815cb29850ad484b6ad2168459ecf41209331d949a1e8dc781

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
f073ff8fd17f4457c1403512ae18ecfe

SHA1
e3af9810c8cdc05ead83b3b6f20a993df184ab30

SHA256
800ba18332735937d7dd843d2d5c5cb52c03886a393e450480749714849a725e

SHA512
d3b9519453cd9bf431d61e0684cf3631e27437ca7b6a6e69ecd278c475a09f320b340e41efe9545cdb33bca94c18a4f0adf92f51c6270b72a29b415f072831d9

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
269KB

MD5
6d6c42231bdda6ad60d720e5491af2d3

SHA1
52d73815f27593698ffa06363ccdd19bb161a18a

SHA256
e579cc842249619db263673476e145ff9c305be9dca691b61b0460afadf83583

SHA512
eb57073894b3aae58dea52dd9482782b33c32c455df52eb7909b99e8317131880dc3a32db3061c7b1256a368d34b0d0e1a8af5980338a04a049cd99b56b0057c

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
8c482f84e98e39b8a12571b284b38926

SHA1
2f1c7ba452094edddf7930aef91fb0aed84ffc30

SHA256
f35bc035c9583a4f4ac3edf2aac305a26ecb176fef000630b4bb96486ed0811d

SHA512
3bc674715d686544718e6d2d432c6490eb1a2243bf4bbef03d69cb8f33994fcfb511372401bf224c1f23a31288dd0833d0391d4218e74047847b03aaa58e5918

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
a45523d327b19ea6bc148828f8d9679c

SHA1
a7ca48ee1653beba4851d28cdaa736704dff371f

SHA256
07109ab738e4dbbd2c1caff9830cf587a17f1b0ff16eaca617dea00caa2620cc

SHA512
a88c0030434de6a8cf0d8027d62edebecacc65462b159687693dce2b7d483398e704cb1a5c7022603b346990039d1026fdd91decc359033ccb7cdb228cac2f0d

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.5MB

MD5
2bf9c9cee8b9c112d4c3f9a754995101

SHA1
94f2ab957ea659a8f879dc3f14557406e807efac

SHA256
eab7964b5f0a7f02186019ad37333a9005729087fb70f87037c60291dfc41baa

SHA512
2998c1fbb3fbeae0ef99dac32f753042060b77867766cd55b4967fbea7d30eea14f31e2697b5469b36145feba6e374131d09633fd7d133bfcbb85cfd8de231e0

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
1.2MB

MD5
f59461fbfd133f7f90d9ca796bbb8c41

SHA1
729e0d41e3b212d12054f9e51456525b6b857d3a

SHA256
b8eaff0c35177f7263c9e5a76607d91072adc964b34d7af369218020b13716c4

SHA512
cdd5dad25f3ef574dd716142cae32835015d734dd3dc072449be3d588c7e8be8e20f1d8e903a8372817ad203cd0004ffd55eeaf59134149e8535b8501f8811ee

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
0d08c83852ef10324c3156e58be3e2c6

SHA1
fd137c15dee1bbfb182a79761fe0b82c14c04ed9

SHA256
5587b17d1391d71fb8f1fefc3ec6a391346face38cad406b78558c8d86412f6c

SHA512
30f2ef15c542a9699b565bf155e27722b9862df9b5d64a340cdd7109b8859d3ff382fb1dac5a237bb3e263105573d55a96a637ca9fadffd55e1b8052f0e72b6d

Download Submit
memory/400-230-0x0000000000660000-0x00000000006C0000-memory.dmp

Filesize
384KB

Download
memory/400-470-0x0000000000660000-0x00000000006C0000-memory.dmp

Filesize
384KB

Download
memory/400-220-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/400-469-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/644-132-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/644-204-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/644-135-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/644-141-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/644-140-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/1436-26-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/1436-145-0x0000000140000000-0x000000014014A000-memory.dmp

Filesize
1.3MB

Download
memory/1436-12-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/1436-13-0x0000000140000000-0x000000014014A000-memory.dmp

Filesize
1.3MB

Download
memory/1448-539-0x0000000140000000-0x0000000140136000-memory.dmp

Filesize
1.2MB

Download
memory/1448-491-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/1448-483-0x0000000140000000-0x0000000140136000-memory.dmp

Filesize
1.2MB

Download
memory/1808-105-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1808-118-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1808-115-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/1808-113-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/1808-106-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/2232-163-0x0000000140000000-0x0000000140159000-memory.dmp

Filesize
1.3MB

Download
memory/2232-171-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/2232-164-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/2232-228-0x0000000140000000-0x0000000140159000-memory.dmp

Filesize
1.3MB

Download
memory/2352-146-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2352-157-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2352-154-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2352-148-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/2352-160-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/2492-206-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/3188-216-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/3188-208-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3188-474-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3488-1-0x0000000002420000-0x0000000002487000-memory.dmp

Filesize
412KB

Download
memory/3488-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/3488-133-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/3488-308-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/3488-7-0x0000000002420000-0x0000000002487000-memory.dmp

Filesize
412KB

Download
memory/3716-186-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/3716-180-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/3716-463-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/3716-443-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/4464-200-0x0000000000C10000-0x0000000000C70000-memory.dmp

Filesize
384KB

Download
memory/4464-192-0x0000000140000000-0x000000014014B000-memory.dmp

Filesize
1.3MB

Download
memory/4464-466-0x0000000140000000-0x000000014014B000-memory.dmp

Filesize
1.3MB

Download
memory/4536-120-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/4536-128-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/4536-121-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4536-191-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4908-162-0x0000000140000000-0x0000000140149000-memory.dmp

Filesize
1.3MB

Download
memory/4908-94-0x0000000140000000-0x0000000140149000-memory.dmp

Filesize
1.3MB

Download
memory/4908-101-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download