afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
Size

1.8MB
MD5

5e62e8b6a7c89111ec71301729aeaa68
SHA1

1d35e71e643756157b77e2dcf6c5a8ad44f233a4
SHA256

afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7
SHA512

875d5bdbd4e83ab423bb783f67cb8946faf903540f25f189fdb53c35fd16e0bac3d2e63d58d19b2e12b590e845b1f9234e03b6eab4cda161fc97a3dbe21fbf48
SSDEEP

49152:ux5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAogDUYmvFur31yAipQCtXxc0H:uvbjVkjjCAzJeU7dG1yfpVBlH

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
3160	alg.exe
4744	DiagnosticsHub.StandardCollector.Service.exe
416	fxssvc.exe
2140	elevation_service.exe
1832	elevation_service.exe
2340	maintenanceservice.exe
2644	msdtc.exe
3064	OSE.EXE
2936	PerceptionSimulationService.exe
3236	perfhost.exe
940	locator.exe
3772	SensorDataService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\fb0070011299d6a7.bin	alg.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Windows\system32\msiexec.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Windows\system32\locator.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Windows\System32\msdtc.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_it.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_zh-CN.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_hi.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_hr.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_bn.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_ca.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_th.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_ur.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_fr.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_id.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_gu.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_hu.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_pt-PT.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM73B9.tmp\goopdateres_fa.dll	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4744	DiagnosticsHub.StandardCollector.Service.exe
4744	DiagnosticsHub.StandardCollector.Service.exe
4744	DiagnosticsHub.StandardCollector.Service.exe
4744	DiagnosticsHub.StandardCollector.Service.exe
4744	DiagnosticsHub.StandardCollector.Service.exe
4744	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2448	afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
Token: SeAuditPrivilege	416	fxssvc.exe
Token: SeDebugPrivilege	3160	alg.exe
Token: SeDebugPrivilege	3160	alg.exe
Token: SeDebugPrivilege	3160	alg.exe
Token: SeDebugPrivilege	4744	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe
"C:\Users\Admin\AppData\Local\Temp\afb333e234f9d2efb2f9ee2dd468bde21fe060de4f1654c2f380e3dee6139cb7.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2448

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3160

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4744

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1968

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:416

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1832

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2340

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2644

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3064

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2936

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3236

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:940

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
2e7a5e7301c5b6807299ce390ff8ea6f

SHA1
437f2916f862ba3196f0a9fa9f13fbd6ac48c46a

SHA256
691f6f027235704b306ad17a87385745dd348a1cdd939800762d2149407c9960

SHA512
8e092ff3fd849dff8521bf7f4db8b268962406cd80fd45bcd41d444adf3ea59fa332395d21dca0519806e81e570de985fec6c7af78281483e9cf699f2124dca9

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.7MB

MD5
908b2e613a740060755ffeda3190ce40

SHA1
6c94749f8dffe8ea43e36845cb62d2f2072b200b

SHA256
8603580ea8d1f44d8793748ae35d277a23c5ae63bfebd71b0635de24bc5f60f0

SHA512
f55d7c2ac3589f9f3a9d79bdb117742b9942fc79da61dbfbe043643a1b3375d87e2ceffcd7f591f47526b41be65b8db00145485506f3113207bd590074db5f0c

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
2.0MB

MD5
a7d7cebd50d82cc129c55e8807624939

SHA1
f3ec4a4892fdbe7feb1b5c49dff6119ac511bbfd

SHA256
87ab9b8c5b0846707ec7280f1dce8818d39bef8c74bb70582acd76fb377654d4

SHA512
3d1d1871fab50457e4e89f11dea3e4385ad5677748cb5ba49673e0fbe985146f81fc2d12bbe78223e9afff22c7126e64f321914699777b9177f390b5199af54b

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
7676f59964c4c0aa76278918a2265236

SHA1
c493c10aadea6838627976a6809a0171c6e48172

SHA256
8be479bddc4239bcece71b304ee878c21dfcb055fd26f00291e3545422377c8b

SHA512
a83c0cb4f152bf3411c8a5bef72fe3ca22d24be0a07c38c727c041a1dab35fc20cfe69ccf2e5ee95d3bc0568929af78387dcfc3c149fdba1ada07ae54dbb4f26

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
9f005a6cfe1b46fe78eaaea3d0267e33

SHA1
ae17c831134c44fd9a81a1ffa7449fc2544130f6

SHA256
b5e960d5dfed93354aee8ec08c91cd5cc2f3e06c97545d52c5c479f4dd1fdbc7

SHA512
56876ca457de77772fa22f0b14aecd7beb5bba70f01b9613966fbbf9ed1c52e65e462924e17ad82de8b8a43171fab8cb440a5464be130a62f9df9845409bb406

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.4MB

MD5
556efb5942f063044b5856e6bcdcf560

SHA1
fe9bd64cfd180ef8ddada28eeaec247bb7ab9a27

SHA256
e555600ef01f5c41962b0a511a429af7188f930f05383d0f922b1d94652f112b

SHA512
3a30c66182637e6a27307be16ad82c8cc6745c36010bbb6da67e2d630547e478e1a84515524caa6d5c6a7779768780e97b3f48ef8344ba623ab3ee25bebedb74

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.7MB

MD5
56840e78d60e6d6fa43a41889ca77eee

SHA1
cf7621fb16e671369d9faad8ad9d7e933762d23c

SHA256
d86b1e041426751513c2e2d91a35dd1afb0175ac09dda7969ad118f966db1437

SHA512
aba322b2bd2d88c4f7f452d20308f4669be9ebf0a3aa22ca67d612e6e1b12abf854da49d7a8552dded2670be94cf446b7b0846effe6baa0b6f1248b71ab8e8f4

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
d175bc95ec3a785b155ed561acf7a859

SHA1
b1e2d314a80946f3df89aaaa401a158f8cfc9cb3

SHA256
e47ae66a3308679d2426beebabb600dc71c9d94442dc5576d54e52e604e0a5ad

SHA512
eb666d8b91cb0d8efcf53e199f627a3aec1ed0067ce5fee90e8cc94187dfc18a0bdb27b6a15adc4de9ea7e647f1f696655ae1762c9361ee876b95602e279a643

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.8MB

MD5
68a5a7e444c3554ab92f7553bab4851a

SHA1
6ef45fd568443a7d2355d26cb05b36d4b8661cc1

SHA256
abed2f947a42669fd6b0de0d74a99738ac7f35eaef2733536bed9ee6d73198f4

SHA512
1153ef0d6b220a8ccd8e8364f7ad37d2a558be679c8eb152d2fb857cba6dbe812bd9274f77826203bd20ca015c6ff6aaba964ec6d87c536596f56222069a397e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
94e539e4fdbfe9a7390bedc38909c222

SHA1
d86a5fb00fc530430edd9cba9b37d0805855c8d8

SHA256
a93a9c7941cf49803306c031ad098308b6f1410aa2837f85a0604105d5e39702

SHA512
001f2e095bc8397d6347a87b4140421b3096f82dc620d55b27dd9eee60dbce5b0b6e15621a63ddaf390399f15dfad2b6bcbea1409543dc730ed038006a254fb5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
a86fc8dc197a3a222c6f7d48cffefef4

SHA1
a28e5f9ebeabbf41ca71f15e2ac4d859a316626f

SHA256
0972ea9dde146531a0756811f996f05f1ee7e81dc8583f326149988ceb5fc980

SHA512
0be71615db8c0c4828ecbdf26f6ee83f4beea21f8326db5672f42f20ff82304c30f350eccd752dd4b7f0f1c65cc3319c295f28778d5ef0cbf44afe89398984c3

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
6de2df1891479167d3e239fa8d540865

SHA1
24680bffd8d339f045bef6e9ef289b6cdbc42e3d

SHA256
ee86b9b47010e6f4e3160835bf2676fbcb5881a37d8d45e6df7035cad55f4762

SHA512
7b756501659691c30cfadd4ae88129d9053e85168df638026508c2041e584441835ed557a61737e26ffe0bdd0cff270382d74108981795a8ee33134936d06e45

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.7MB

MD5
9bb6f2f39f22df03f915578b503e5190

SHA1
8c7aed390d4aa2e53a86c5f6013f2c08d23a7405

SHA256
1b184b972430920ed785f773c260a4a700d8d62dc75307b06ed751c91fc7b02d

SHA512
957bb9646c81e6901af4821769ede9c0527c142091b8dbfeef19c9367e0e92e552b5bc28968706c25b510ee1f23fac34cfae32ebab555f7ac1564710b59d6572

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.5MB

MD5
4ab4542a5b5516ca3883e9f3c86216e0

SHA1
cd53ad3c1862b9ae20d867cf852ee312b7265797

SHA256
c841cd8b4a15c03478f5cc82f5197cfb27cbb6759ce9e6dbaecea905b1b5265f

SHA512
089ba34fafde7c85910a60f981b4f4dae7e347d9013b002a0cac40da64ffc721b2d48a8ed637675f48b68c919e79210fd3f593ac2f4ddf7eed68c0498586e833

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
2796e62e4020ba0adbabcd51e743df7f

SHA1
2b6d95d153348aae0f78215c4faef000cb32ecda

SHA256
9a3e10d76045dd704554c04642b75db5fbba74b19c5d9139d48adf36a6c4f831

SHA512
e93e081987df7697531095a8a28c4edd7190aca28ba7988eb7d90d499efddca74c7d6d9d6c9622bbfeb6fed77644855986d534786770f8ee43aaf727b6fc9ca1

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
471529e27467940776568f142e270a01

SHA1
7d2c79c22c7d74a8684ba1faa6ce3c4585a9dac0

SHA256
8eef209cd19c646976c9615f367b8ea8b73def031252703a1a8c56c8d4584e19

SHA512
6e03df560860e1260560ab8cc9bf1a62218010d647d0d93d3505f6fcbfcb40c4ce79fc43f01ebd9c653f5140a22521222c3fcc1b2bbfee518f44121abb8e0eec

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
206781c88ac229e95ad5e0d210203ea1

SHA1
9e967b76abc9efb2a8aec0c9eb56bc788f614db4

SHA256
ab389ed214e85ab1efbcc795d765c944da07ba99e0169f5b27fec1baf105cdec

SHA512
a32101f64c12ac8e2131213d88910b71d8a371bff0acd3462abb6a2baf48a4e6d453efd09433572a32a5b82de6c0dfff266b20bdeb786e13f641b59a0e4cf6e3

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
6fa12191be6a26961da93fab330db06f

SHA1
e10f784c576b861a52a3248071895f962526981d

SHA256
78b9af695a15a7edd1f41228c5d25c5937497b5185b49bbdf8da415b41a194a6

SHA512
ada89842606f84a6f71b7ee71e7b4e5320b82398fe931cee53365978a61db4451e1af83b6a6905f80c2f3a0ec72a0e028513853488ea4741182febedbd24af2b

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
2c68eabe75a7487e325daa1c6f34dc22

SHA1
f1d386cfb01e3b3254e3aa87b7beeeaa16488121

SHA256
794912eeb255fed989a44e240026302d4497b4adbc490adc1cb4c36d8b538c83

SHA512
560c02434b54bfba591448c1dd30a7463eba4853561f48d62c361e5ec71608517062211b1be7a4362b2dc16077be2ca591f123626ddfc90815a6e985c02b8a4e

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
f7e26d03ea0c4e6725954e860500c39b

SHA1
ccc38bb6174859bb711fddafed0a9189a0b3d455

SHA256
d2b18615310a36534da1e9c4fdc1048a99bc2900084b42e0543d51af3f3da728

SHA512
4cacf0b5946d38737273c32c1ccb44435987b96ad825cbfe3b29e3ad13d47c48c421c2238ea96a9fb365f19b421e41c836476528acb7826333a2a46cb357f0dd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.4MB

MD5
61805af0effecb68b4fd36a910baaabd

SHA1
066ebc3c7fbe0f9d1379479342e0eb1bc4e5ab86

SHA256
9eff67afba9cdacd9eda766a7efd2cf80b6f5a194b27fe7ecfdd7f48faa768da

SHA512
ca75a899522bc1c12499429cdc37959495fe43fae1aea40a55dc2765055c6df1d55d165437269e9546e3464ac405abc419fee1cfcddcf8e4c97972551e8838c8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.4MB

MD5
396182c0c58535b023d918ef8c2139d7

SHA1
c5750e8ba2f472de0d20a5c9a594fa829db898d8

SHA256
749c343764ba4ed672ea0f82e54c2667fe74e43d7b974e13a20a145ddceec77c

SHA512
b02a8a005936c640f75fb24aff116a2e48db71318b719a68edd6cd298687dad0696c99d99bb46b32e0ddfe6428d6b0b6da14d1210285468bca53f76ba5112bf5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.4MB

MD5
b9c26c53932eb0880f49b59ca5ec8e1e

SHA1
b70eb8062c860da066508a9b0aa714b51f776c1f

SHA256
6b9e290bdee859d830e8c39a2a9651d4b2c1408be721c549717a3e0ffe154011

SHA512
3963e942b96790e7259603c584c094a2544279ae293d9ad14c256fe54fc4a59a6377a27aa05e7aa9c1026124a18351ce3c0e8adb855f2be52762b855cd4d8322

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.5MB

MD5
d5d6ff4d03f891c960f3aaa97e9b8808

SHA1
fae4743572985bcffcd2e8e1afeaddbfee790e3a

SHA256
19bcf4ea9ac4f877e0a357e78fc6a69d632a441eca7941651bcbffbcab754ea3

SHA512
0f068c9a429d6039a5162bd775e0ca9cd0bc79292fa8009b411bff226347a57e7de2bdb49d577b5d9f3aab0a498b17dbe86c42c68c6a58313be18a34db13c01a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.4MB

MD5
29c2ae215b9935e94a1bbd872eb174bb

SHA1
d5db3b14b8cf3ddd240346e6c6f64455759e4bbe

SHA256
8c46006366af78dc7ef3813134f09bb5b96ac4b8ab9f6ab5cf377626fab766b2

SHA512
a6c39479774f422df3be183a72cc008f968c768ee0c14a71c1dcf4d592f8f32fcacc530a20458234b55e77a05f5f8ad977890e57c543097999fc1bef5d361e32

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.4MB

MD5
5da7874ed13a996fd11ef90ce8bb038d

SHA1
9138997f04ab3bccbf5ca0d8c946f96f1949fd8a

SHA256
b2ec2da0754ff5fc875570c2685fbfce69a8b674f04830d37de0daf3d75dfdd4

SHA512
26f65633836598bd0ea478d444866ed07d38c2658bac993e0cc9abf05932539a68d18697726abda69b1a997af47aa20d4ac403cb70127ab9f07d1daa8dd16f96

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.4MB

MD5
47c9b956132df76f8440871fc1370d0d

SHA1
bdd329fce6cd3a25dae22c328c07e7c3db1e212e

SHA256
8cd3fc419d9df0b29fcfb6b6c68d0fa0136fcf1a3acf4bd04f9dfde8b8868093

SHA512
25f2d2e6562c57348daa7f66bc8a1ee34d4147abd05310ce6ce6aec5b87cebd9b08b0512633c95b0bbb2a1221f2ed8695f68ec070bbc5c295331bf5a2cfd640d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.7MB

MD5
62d86f203618b28e469f1d6a58596934

SHA1
fec0d6c508681afa26b70fe248bb0f533f262d9d

SHA256
7674c2e0be1377e237b5a45749844850d93e8e2d2aa387ca8c7971a9ac404e65

SHA512
fe8c79db839425610fa0440ee7e74a371c920e8ddcafff33f5c16c906a454c6c1207feb26932dda4cf1ecf5aa12f0b814abd725d198d361b107d73a41b558c02

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.4MB

MD5
00ce1857278c2a9487e683d9bff175d7

SHA1
f6ded4f6e19134da72aa98470416a92ba39d9a9b

SHA256
159d86ac7d90ee015008311e642dd1cbf1363bde41105abaa6a43783bdbcce1e

SHA512
ec6f3d89c7240264ac455603beced2055ab3c32560b5172caf65a8e6b5448c061d8ea5721d7f2c56d1b85174b73f3e2cd207811cf9faf8670fb226cf824ee532

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.4MB

MD5
e458f9d114dbe20b6a54f1412489e5b8

SHA1
4bc24b71235d0854165d9924e34d557abc8b3023

SHA256
efb1901b2e714cfb81bc300b55d586b33b7c3e8f1ebcb559ed7c307e82b208e3

SHA512
af716203ae6dc72083e494cc32f3611093b516a2b7c612a14e447efc8a7ccdf39e82b31c69c2027bc44d448f8569f41e4a550f3a7adf579b2e1a53ae1687e2f5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.6MB

MD5
572a5a0b8325ef827ea6bda9348823f3

SHA1
d0759a1c4bfab058fc13289fa3f422f4e8f54b93

SHA256
125049a29a185a09fb2d0606f2e005d606d129e3fd35be3ad1e5cf6b32bb25d0

SHA512
8ed55988bff30d8c0bccf75cb8091eb0be45af2941676343ab59f38dd291b4fa96bd11b4af8408bfd75c86fe9660964bbdbe1c89a46428c4378ec4d4019f41b4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.4MB

MD5
f14df8f6f2475c3897290e547b6e8ce4

SHA1
e5a57cae808ab4b565ab623640f5c8a1a2ddf437

SHA256
505478040a19aa9a4e30fc3f163f20348b747520080ee962fd38f6cb37b2862d

SHA512
57c929618392e65ccbeede45451430a39593b53a666fc6ba930af0a85bd32d95789cab9553491a8ce6c79d217d7ba0a83eaf674fe339cd9519a60bde138fe8f2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.4MB

MD5
d9578c8666a43cd4e1824840339653d9

SHA1
d72a61650b030166b0b1cdae80c9badabd575fb0

SHA256
b77d2cbfafe8729fc8e86fa66328fe4ac73bcbc4bb072b69f9a5d31e9f416967

SHA512
e15ecf53463d34aefe603261a4a77582a924d6ac72f60c6378c5578b4c8a607f2111d7ccb09252d7ec858be0891a5202683c02b2f698bc131abf84d606dd3a3c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.6MB

MD5
688fdf0e246dc175a7b30e6796971ddf

SHA1
a34777eb20c64adbbbb388f8fd7568a7536c440b

SHA256
97a1e57ee3d3cf02372b983f6c55ccbf559ce9d35ec4777bb1b898226e6a2f08

SHA512
4024fd72fd26b3dca8e89f6f2102bf0563d5f7e86b168fd3e598034611853e9e73df22ee189e3f6cbfb8ada2dd53027a7ed540c79f645fbbe80d01350be1c2ac

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.7MB

MD5
81971ec5f24f335c4194f4ce2cd54a9e

SHA1
f0654c08936f0459b370302c9f0e21e3738d38df

SHA256
188f96130907d5f0a44be4c668f3e4c2f06b881f3b231b4424a2114c485c57f9

SHA512
db815f11020ad6fb68bab056ffc57983b8ea25902a6113dcd544008fadedc0200cc6638c162e52d2226a5b80227572bee04748df1c88eeae67a03562664b64be

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.9MB

MD5
6d77ded7c517577e7194fa672d659ff4

SHA1
0bff221af60799f075a01c8f3e936abd12d39c0b

SHA256
7d0d1d4639452d2264d7199428e2c5d319e0a64d741dc67223f85833d1eb5c69

SHA512
b044a339e0aed702492fd437cc283d4c396d58f7473bf42350ac9805bea3d0649a489aca542c9b47bc980ec790f4b98e313191d02badf14d33b2a75b3905eba7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.4MB

MD5
2e80a3e18ac03549abcdea02147e4895

SHA1
d33177a3785ba528ad3a5ef4c6eba2c0a0e77c94

SHA256
686d15364423e75b79bd7a8386e3424ea518ea8c0b6fd93e3f24ba160c5d02c2

SHA512
a4c7caf9dd57a73117be8a23f0dac32e389e122dd97b9553aa819ef8ca8a7aa65f896852e46111700a8051b5371c799a213d8fca64fe60627714453d93d8e518

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.4MB

MD5
39eacb30ca9677354e7297124bd4a80a

SHA1
8f6cb2e769967afadcb1108a1b941f0866c2e2f2

SHA256
249bda451e5a13bf93b293991ab33aca88188f023170a7d1f8c23f6949426ddb

SHA512
e2bedb4564a8f65122517f8a05efe09f661f1985e28fae441e82cce8fb894f6bb9ab8754d84d041ac17273678d1b143ddfdf290e60124c1046ee992b1205289b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.4MB

MD5
c40380d1fc07d82a1b71f7bf3bdc2c16

SHA1
5b9da4034cd28e6046c6172e01ba72e26e885390

SHA256
7b00977fb5606d27702afaa531a47626c85d51a96fc1bb1468187870a412c520

SHA512
ee9d7ddcdf187b7a4a3e693eb00d8ed40fcb3d115fa97a476f3d1d328fc430b8c1beea0b52ead1657c202d0a92e2bad30e508895702f2837cf556f13bba78bdf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.4MB

MD5
0e6caf8597bc6c58f4d6f4555f785376

SHA1
147bfdb196229a527cc4158da3fc1921cc0b1346

SHA256
91846a55de15e65a656a6d262a078a0672fc8c31ce8612483ce342e7b27d707b

SHA512
09b497d4eab206c0a577b2c018c85425dec0bf00404f115baba15776ffb4d0abc2e4d20d865682537ec77d854c511a1c69b1bf4d9a0383be90d68a47fb1ca155

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.4MB

MD5
386eea3ecad089f16d36270b9a859865

SHA1
563f8d7ecc0a6d99ba82da40f5f3b64a39f1b934

SHA256
a7aff4e4a94e96f67a79adbc5dd33a3f0a5f2511fc5356c76cd18cd8e4d0c68e

SHA512
b81db377241d55d0320a72b9d618473d4b7871000d88db5734255e7c6285be69287e1ff56fef8b4f3956d3e2730439031fe5bd3b95fe714e8d966957faba6aea

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.4MB

MD5
21c0ea94611b7e14aec7025cf5d81712

SHA1
9e1889b069a6cf0243db2bf1a7361cf618b131ff

SHA256
3602b66599503a19019d43a8ffc3c62b062f4b3c62a6d53b76184eef6f975804

SHA512
d27b6a533a8e3b1d21e77acdffe03f08ee90b9250170ca25ab1860cfbdfd313f786af6359d96d2f702a5e997962ff70fb61906c4fb2e52f92dad55aae40f3bc8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.4MB

MD5
0915700458316729510bca04d36418cc

SHA1
65ca6f3cf91eaa8179875e48a363163f8a025471

SHA256
172e21304bcfee66a51bbf6f9b9c17fdf2f1376670b4c553384fab73e6206b8c

SHA512
1ab9f8456701ff0ed8a60632351439561b7efb98f5062b7c8b0783230a40c672e9132417435fdc159ec9b4348aa25159ec2e78b11d89fe1d60923c1e26834be6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
1.4MB

MD5
90d9d0e61e2d80657da379f54b120b37

SHA1
f240748e295d6fd0e9f05404f9efcfd530a9de1a

SHA256
c9887f7948c91e064df285c8531e50b9d276e1b96abdf494c6433b9797e6b972

SHA512
3f8cce50202a263456770d99b9da21714586097e6272ede00ec09374f2188f48e07f06e92d21e886da0dfa8398409539e1d66c6842f33796776dc2e1e333e462

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
1.4MB

MD5
0ac0975f7442927be0404066c6c32cae

SHA1
db3805b22ac379d2bd5e29439ccee418edd8cf7f

SHA256
db8f737fa247566731534d6896fa56ad67c64d10d67105a80702bf3cbdb9c206

SHA512
c64472018418651302ee4ea6d28d7cc8b9c6098c44e093940f06da47a85e6e8c7d22074ad74eff3d637eade766a6416e46f480f7bceb4498316c99ff423a6c92

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
1.4MB

MD5
25e8a735916eaf9f6d21560c5454057e

SHA1
50e0316120a150ac0ecdb337dc23308a6f276113

SHA256
38f739bb4736a9886157c7da322ce8ff43c316bc4a467181d63629fa1a519282

SHA512
03a97fb5a85b440a5165cba213aab69b3f93379526040f2a65075de5cfa87a934fc49da3adea2ba3093f3ec532e2e61083900addb722ae4f4b7ede718c15b1e5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
1.4MB

MD5
6919e6292e895e94639201ca977e54ba

SHA1
4318b36ff919d521654ef610728070c9d546debe

SHA256
b1f6b74d7d8b54591ef4435361f14adb0ccac25b2ca4dc9b10b695bca4c6b6dd

SHA512
c132cdd0ab3158d425e49af288d7934f975375b478db747de9dcb5f911106779b9a4d08bff803a551394892577bac8dda23c479878c401ec878ab30d1c3428bc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
1.4MB

MD5
535e5efb1eb4de3db09b713f5395c40b

SHA1
ab37d54ee311e70dfbb00a2993f1e8a4ad541fb3

SHA256
a693764bdb8503ba8d0374bb28377be7b4b614cb30eb572f044b33607928b173

SHA512
09dd9ae80bdc4bedda2a86c84b7ab2f973a9de4fb45d4f722c1845d56b238470313812612f7e45b2bfbbedf0168e0d60ef70c719854ddc5ba2eae84a01869bd8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstat.exe

Filesize
1.4MB

MD5
fcced34da053b960cc4bba2fef7904f9

SHA1
61e1e17e20483dd55d047ce4ca0affafa74ee763

SHA256
19940d89103b14ef613b4086ab6fca6550a4e8441b39404c11f8c23b8cd5eb17

SHA512
530e1bd9e9e82ad7bcfc78596d16c16489ce1afc0011bca51c1a5afcbf8362ac43bc0027ff6b892aa1d9bcfcf1638090385ebb12248c099af3582372860b97ba

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

Filesize
1.4MB

MD5
84b2fc87b0ba6425df6c7bbfc1d09a9b

SHA1
0463b6967d5bcbd5e670333130d9db9e21f8b4de

SHA256
5446cec88b641b48fe509fb07985051925da89bee5f03bd69a21a8bd8599cb79

SHA512
dc684cbf80ec59d9d01be1d8bd046a56a9a13ae058815bc0ca42d3b5830411785d1fe2efa095095283881becf5f0972c506c00b603ccad5a74b18ff0dc2facb0

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.6MB

MD5
ba85ac82c2b2e2b0a0cb819d957c91de

SHA1
145eb858017477f6c64ab07ca3e206278a38ca4e

SHA256
2c615bcabc1416c6d5002ab158068d00acc97060b3da605518d0db59a267ad17

SHA512
a3afd322a18a2c41fa7787b496bf79959dca5aac0a98d1718ce3f8c1b6e8f7f73137bd2d3f7b98b40a7553e852869dfe3b34b0817c453eca8feec193984f77db

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.4MB

MD5
453d6d693e02360d58445c41c453a4fc

SHA1
6c87db0f20198ea1c9abe10195f00880129d29ad

SHA256
dc4c26edb96f8316eb1a59f3b9a0659067353f2bcd9d07e78f7ebfdc801915a6

SHA512
01a3722dcc6f6935506ee516d6b1aace721f9a578e6cc013492da32939f31aa74e1261f5ace13ff23dcd913a6605de1c880c3416d4d6bc4bfdbeb530f8cf3342

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.5MB

MD5
1a6bc086912f85a3958ad8ceedf0fac6

SHA1
c3d91380ff7482e1677b09992f055eef4222a245

SHA256
90bb196878b7078718bbe8ef374e2a28777a097d945b7bf910779e5d02eec78a

SHA512
179b46c098c2bd3c0f2c5e2cffda6fea6666d1bfceb752780cbf1b34904bb58a732b4f298089be9b2c741bf3ed647c9a2c8504c99d64e68db25b915e1a48a883

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
1607c5bf02b5bdfc699a46105efedeca

SHA1
d477105537feefbe07e0be290e5214b72c722343

SHA256
741f567cd0206037c0c5b74986821b0ec75173fecf75601ac82dc00f478e3be4

SHA512
bae9e742038c021fb4beb682ecb3c3cf895d8d1de38d79e2c0f92367000918438eb8bd2be3bcaa2d7f5d9e10a20b35be1370f87c0522babf7988e69e8721e81c

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.4MB

MD5
4083b7f428f9079ad60895e3bba8979a

SHA1
be1a570071d864be10810607a15ce84811828c2c

SHA256
a9e826230cf84f969cd1b263623c92063f5781cb21c43ee9f09db3cbba3c296d

SHA512
12ba398a4a86dcd640f103e2dd6e680030278e1e2648174186ed948b5f4edc6f905659232a1a7d0e4ba2639888d26d778bdfc739ab0cc42d45fb82c30525b54b

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.5MB

MD5
0851d681f61a09a5d88f961def6afcde

SHA1
8b601bcad9b9a4a0202995836d64db6b49277222

SHA256
25d01cbd98ebe5df7659f3fa3dad5be4ec9dedea34992d20aa76d4f5927842c6

SHA512
db9565ca71f886647b67f319d945a7805513229947e319858b36ae2ac101803f50199fab85bde469b0024d2a150aa0904a0fa58602f336657dfdc6ebe3636d04

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
e132c095a5361f68627a94fce4765c06

SHA1
921676bdb6bcae831d56fa214304e431bb4ea1fc

SHA256
fb9c77ebe2498168966848b5c10422c203efa97641ba20b5a15bd491c7ca59f2

SHA512
193c4f352c29a447489e629baa3dfda118550a7b9d26f7fd148077ad8eebc239f011d28b2d964b2ab876998cec00fa15f73590ba587e7c68542fa91a6fd7f922

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.5MB

MD5
2f1331bdf260e8a0430380f1553a6ba1

SHA1
350e68507e3146d9292a8f8d993de6ec7dea2512

SHA256
1b13ed2783c59864d3478ef2b4d1aabac85500392d3f1dc55d9bdc84949f86f0

SHA512
8f8287b6ff0421df17300aae8fd7b8d587464d15705dbd6bcaae4401638998926d9008576ef742df42c9ff44765595e719732861e406fe95080380d146b0a58e

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.6MB

MD5
286ae3851770ab4e9f22ab68b86e0996

SHA1
82444d532ee064070a381d276170e7a82efba01f

SHA256
267a663084b7ed1043ae623a57f7a64a3fc9157175eaf1c07a533af5bba42218

SHA512
f9b4737ffe44ef3d9393d31f7ecd8c40f801ff876322c34f8e535bc3f3db6579383f56c5d1b9d41eadb15f1e0e7c11092384d9437af5cc6a9cc447d683817d44

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
a44d21cf5f41bf2588ba56e9a9add4df

SHA1
09eb626cb137fd90cb4eb1187d3dfc2c78e48db5

SHA256
a0b548a2b84bc356a299c1bf1efdb5b2b70d850188ce319e9ad52fe84d3d8ce1

SHA512
4d6c5b3993febc003ec85aa6097f15e2102ffa8847d196dfde2e2319e96d4904cf523c7667144d667317b3f5f382b958ffe85a961eb76f5c0c67da1cdbb88e74

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.5MB

MD5
0623a31fa142e779e37e696ef0b555ca

SHA1
7653b41398699b122e483936c5b5d6b148bee2f9

SHA256
09e63dfceac0a8c6d9869079a17ca1a8374886cda75feb8d39df8fa69c92975a

SHA512
549aed386adeb988079de7272b302cea0b885c1938a87c1b56184eed4cf332195e6a853d45a194af559d49be01a1682c4d9eb74c5fee357b69a0cbd2f49ca383

Download Submit
memory/416-113-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/416-107-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/416-106-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/416-114-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/416-117-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/416-120-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/940-224-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/940-215-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/940-480-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/1832-137-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1832-203-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1832-134-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1832-141-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2140-122-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/2140-121-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2140-128-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2140-129-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2140-190-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/2340-159-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/2340-146-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/2340-147-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/2340-153-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/2340-156-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/2448-133-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2448-1-0x00000000007A0000-0x0000000000807000-memory.dmp

Filesize
412KB

Download
memory/2448-7-0x00000000007A0000-0x0000000000807000-memory.dmp

Filesize
412KB

Download
memory/2448-6-0x00000000007A0000-0x0000000000807000-memory.dmp

Filesize
412KB

Download
memory/2448-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2448-313-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2644-163-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/2644-162-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2644-170-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/2644-227-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2936-470-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/2936-191-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/2936-199-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/3064-449-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/3064-409-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/3064-179-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/3064-186-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/3160-145-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/3160-56-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/3160-13-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/3160-12-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/3236-212-0x0000000000780000-0x00000000007E7000-memory.dmp

Filesize
412KB

Download
memory/3236-205-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/3236-479-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/3772-476-0x0000000000660000-0x00000000006C0000-memory.dmp

Filesize
384KB

Download
memory/3772-475-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3772-230-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3772-307-0x0000000000660000-0x00000000006C0000-memory.dmp

Filesize
384KB

Download
memory/4744-94-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/4744-95-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/4744-102-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/4744-101-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/4744-161-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download