c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0

Analysis

max time kernel
145s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
Size

1.8MB
MD5

aac8c2d4c723feda50a22584e23bd334
SHA1

c3d04c5700180196d41173cfd8039761e0ed4ed8
SHA256

c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0
SHA512

f74de182be1491aec4599c3719dd8b25eb9e7c244db3a7f53428f3de2ace9fc346189af6e714605e8a1382f535f8ee513d73f90de23184f77314cdfec473d86e
SSDEEP

49152:hM9QPdxwfE7WlFwKAfzuTiDFUFkkblI7a8K2mFhbrr:h1PdVQFwKZCFgXlI7K2mF9

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 13 IoCs

Processes:

alg.exeDiagnosticsHub.StandardCollector.Service.exefxssvc.exeelevation_service.exeelevation_service.exemaintenanceservice.exemsdtc.exeOSE.EXEPerceptionSimulationService.exeperfhost.exelocator.exeSensorDataService.exesnmptrap.exe

pid	process
1256	alg.exe
3572	DiagnosticsHub.StandardCollector.Service.exe
400	fxssvc.exe
3404	elevation_service.exe
5008	elevation_service.exe
4888	maintenanceservice.exe
3920	msdtc.exe
2696	OSE.EXE
1520	PerceptionSimulationService.exe
5012	perfhost.exe
3584	locator.exe
3832	SensorDataService.exe
3520	snmptrap.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 29 IoCs

Processes:

c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exealg.exeDiagnosticsHub.StandardCollector.Service.exemsdtc.exe

description	ioc	process
File opened for modification	C:\Windows\system32\spectrum.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\system32\msiexec.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\system32\spectrum.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\spectrum.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\ed484d3fb3e2edcd.bin	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\System32\msdtc.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\system32\locator.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe

Drops file in Program Files directory 64 IoCs

Processes:

alg.exeDiagnosticsHub.StandardCollector.Service.exec0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_el.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_iw.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_pt-BR.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_te.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_fi.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_am.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_es.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\GoogleCrashHandler.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_hi.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	alg.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_it.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\java.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_no.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_hr.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\GoogleUpdateBroker.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3ED9.tmp\goopdateres_ar.dll	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

Processes:

c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exemsdtc.exealg.exeDiagnosticsHub.StandardCollector.Service.exe

description	ioc	process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

SensorDataService.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

Processes:

fxssvc.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

652
652

pid	process
652
652

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exefxssvc.exealg.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	1108	c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
Token: SeAuditPrivilege	400	fxssvc.exe
Token: SeDebugPrivilege	1256	alg.exe
Token: SeDebugPrivilege	1256	alg.exe
Token: SeDebugPrivilege	1256	alg.exe

C:\Users\Admin\AppData\Local\Temp\c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe
"C:\Users\Admin\AppData\Local\Temp\c0e69832bb047699c651166551066ec69a07bd4181ea8975841c652fb8f2b3b0.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1108

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1256

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:3572

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:320

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:400

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3404

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:5008

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4888

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3920

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2696

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1520

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:5012

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3584

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3832

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
2.2MB

MD5
e73ae7ecd8828ba25556996df22fa2cd

SHA1
debf614ddd10766708284f6832eec2c8a2da4781

SHA256
a2a266f85f19652d2b95764c9499e110ba7457a822e7bfe8652146bec35549c4

SHA512
d7c9b4e19701f46bc401b441d4a60468c8a3ba58c4343fe83891aa349bbf83d095136ba4f9a18eb003ae9c7c10dc67178fce55edb1d3ac3da3f782dbc469a8ae

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
9fd9951bdaa12b14e71a45b8619a58b8

SHA1
4f73f8bd9c2068433f98c12735e75cb23218fd66

SHA256
82d3065407805b5aae257a2c3ed1d253654aff85da52b8b2a5e5dcf93a60836e

SHA512
5e4510e929ba1809fcd9a5dda36b611851e898a6c1bda1b55d72a354f44ccef88c1ef5c3bbfe415d3e244ad6fb2ad89518167a99081a432e1a500643f6924a57

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
568a5fccdd976b2fa841db6f6e0b6227

SHA1
3564917dea5b4088b4579291c0c5a8446b7845eb

SHA256
f18ea85be95709ee2ccfbad04352bca561c65e14f6161031a22e7a2773f8ffba

SHA512
09b54740f01c17750ef0b52545a58499501747e29bf3e691d7d2c96997988397cc3b930e0843776f9bfa96260f4a09d096a639cca5524374e6dc451a57dee7ca

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
6e759912df84ea9a462a7e6caa3c7eee

SHA1
ccce86235dc0dc834d5b345132b5d7512f1d3fcd

SHA256
30d66cf482b10e3d46729547a87e32f8c7f8f11e797b0d2eb5e75791039341c5

SHA512
216a3fda2e8a3cc384f72a7470d9ba115c5ffdae3779f81c221ab3889e2f79771c4f2284430e549da2469ab9b0a07660a1c146725bf5416016c0c39d9c79fd38

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
68c1446a15b5d020dfa00de96eb5bc14

SHA1
44a93b1802ddc4f161ae0fb65cde114c75873ce9

SHA256
694be75145e085380b9a4bec0c372c1032667c82f5953fd0f05a2b7e03285f64

SHA512
ae09d35d9aa94aab80ee4b47be0c55e9206966c02b4f83a370cc1d8d9bfe77503fda1c293a8693aad83797e7188fe2e33cf090c1902da5a6447f306a46f1000b

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
0e717777c9e5acaa5d9e47d7c5f73220

SHA1
1fc9e58c88ec7c8868ee113b4b8ab9c0490c8f1c

SHA256
c5d94068efd73c0cda7e8ef85340b6ade5d8884e06f3e89dd9ca4e3be50cc74b

SHA512
392a981c50639a09804ff2d04946abcc033903a26d1f454fa85e447016e1fea755d5f1a1bec48ab8827b222649590496a2b68b29c4dafdbdce26dd20447e1ba3

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.5MB

MD5
e353ad19138eae4425c9e45de2eba602

SHA1
bb90395912e9d608b91cfaeb8d590d951962c85f

SHA256
f58ec729dfade36eda53e57fe0e33a9d209314369099797d4c25fbe4fb885974

SHA512
d1619870141a2e0f17bb52fa66de7960dc6b70f451a4e9e2528058ab123bfebaa622d720daf703152d7d4789ec6dcecb4e0b3bd359391365b1419f372cefdbb0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
303adb04782a5055b5e65c9b99062d78

SHA1
b54faf7ed8d649e1d669c158752389c930027cc6

SHA256
23b4dc95ecd3463f289727962f682cb7a4e1941e187dc3fe058f3feb4daf5bc9

SHA512
3609193a6766e5d2ddea8cb925a09b04933150b33f5354d0bf4e83a880eed8c6aa5956db7a0882df29e4c52ed5079cd9f26daab75b708f408a2f67b960795627

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
b70b33d077e51f19a144c5c6d0f60740

SHA1
6dc3f726111dbba121f38ccbaadf8bb07221897c

SHA256
d9cd4000803a5025ecd5db4c2cdd39a7c42922be9ff55f6656aced3dc42f1cff

SHA512
9e3bbcc00808317be88a56bd162a467a9881465926cf62b1c2b0d0c70ea7bf1c556e761641e24f195fa5820776866bfaac6d2848cbd84927774b6a2bdfe5befb

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
5.6MB

MD5
c05451a8447edeeb5d6d18c500b3d3f9

SHA1
56b68cae7bd1233b8dbb369b882bf9b5dc357255

SHA256
a3800b809a1e3f02c818377aaf1ba483d31e69fb218c015cc17bceca28b1d5ea

SHA512
d2aef35abb0e7871e0d134ef0c2e83a06a4dfa39edab6bfb13672c0b6a1600a12b77b93ce496950f933b1016176b3b654c12ee249d893ffbd53da7be8b2ea425

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
b9b0877726dbbe20b4c37c2f424726cd

SHA1
d55eecb689a01f3524e50bd19af0aa188a77cdda

SHA256
8a8021e190bb67246c831046542ebf8086ba2705b5b3df3a861b3b7bf131a499

SHA512
c2e5f7fdbbd0e68614aecb93677c531a2ca6e6e8159ddd0aab2dd8587b6fd419b5a976a4553a106df4e0417c3974b506b69e7393e108130944921efe5cc19f8a

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
5432581b892e4048268a268e2e77520b

SHA1
dcaf97ac48e5b1f5b5388a6ed468bf92121bdf5a

SHA256
c55969e7a85b7e90464db62e2f68e3bc07611f7d8fd06f40b94d287f5b273c87

SHA512
27f69c10c9a9c74ac0841549ea972902a94765f1043c4c23baa272ac2c3549bc2c9f5bedb3047c7bf2421cd448e69c9f0b57e8edf3fba5d3e4fe4e1a2173ded2

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
d463fec36bc224a86f7fc4fabe0d1066

SHA1
276c25977880ddba11b66ccc96a7376498052bb1

SHA256
6b2cbbd23b94eb957de2ce11724b5ffb0113954e9a1398123d599af31586c624

SHA512
e28087fe7981e5116206dc995532fdddbfa4ccefa2859bfe2aff90e2251681c7176a302fbe93e35664a93ed467111cf5a22800ed72b7acbbf433b50baaf58931

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
6fd25272d3ed356761ef1d2cf6031513

SHA1
c4121ec0dfccc8413d1f7e720a666460d70d3c50

SHA256
1d0fd8d51413d96691543957a3b471281e3f09a47aaffba3dbae425abad38e1c

SHA512
c1ab7211332ebf7f46093c0544a5210d6dbbc5cab9ac47b6a82a56e7ecda534cb2604addb35b7aed2aa518725fc33f5fe9f3768d02b62dd2713862172e81b75b

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
25ae93b8f7f9be054f8ada71ca0416e7

SHA1
870e112568c95bae8c37efe07cd5fd7855c597b5

SHA256
9cbd18ddac1ea60999c5e1a4e376308fe980c14da711e74b62072f59a618c116

SHA512
b686fc18decb866d129a9fd8a7587293cd3dae9cae68fb33f701c2233bf2efbcc688e5d1dac8f760488ad48604e40510024bc1e142819c68ce72764e7ec503a5

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
63e3cbba2bfb2ec42845ab0491797ec2

SHA1
9ded7a33d0c83121f7c5922b79049e3f9d7c59d8

SHA256
bb6d6b3720d68cc3183029ce1f0508c2dea772b0a5bbe019b64c88cbe235e284

SHA512
ee7cb4c07a85fb24fc4f5c966df0ad35a6d975b313dbb41e66ca31603f48f9aa41306aa5e92a7b1f793679f5f80facf109e3698033f34d921863b0dbd514ed51

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
f27356ce94bb75a1bb38a267527dad3d

SHA1
ecab9d512082652d53aaed3ed3726e6bf1bb81ae

SHA256
593aed99d4a6df63921ffc5a3df90e6277baf0dae9019a3ce9b54612908ad808

SHA512
67d975b25e15f80ea298385a40d50e69977796596c74f4fd67d956e2321c785819b9b4d7712d1b8dd495bf0cfe4edc10c4bb70abde4d4317a737347424972fb6

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
e64624d7af518417ce185ee19ee8a4e8

SHA1
d4c4f8c822b36f51f710ad4259ba498e847b5700

SHA256
ef39e59e923119c382a12b7f21afe6c7f75c06d319b83151997f6871ab83321f

SHA512
16545fb9ba8886eb0cbbe5b1443d6b515eba44c31445e8243cf769e0ddc5b7a40b91810af29e13336e89bee03949855843a180937d5aa72b12c6e10709f69daa

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
2220f9e33737c41cabad4399b83d18dd

SHA1
72e16442074913b167a8b4a8a28f9fc259260972

SHA256
b1f066e97144f902241b94fcab7ce738668c0c44175f8ebc0432bdc349c6484c

SHA512
e803c9f43de0bed7932658bb0c7e542f1f66990f83dfa66703f8c5a72b118606e2a0896f8afddf9b9a629049209cb722d657525ddade8583616487f8437e0328

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
4077bee7a9f04774756c171d6a63eabd

SHA1
9feb73425b23fe8c4460a01a6c9535e218c85ac3

SHA256
fff38a4498462703c8a28b6c18fa84e2e00b3186b75effbb49f99425bcfdf783

SHA512
af48d055079fb4b1c2b92b4088ebd1657596e4481139780f86cd76c0d71538ad036550d683225a27f02f2c30cbc27f71e3d8c187e003c16328ba4272cb44c786

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
bf45f2b9ba8f05a95ee0f445f9ddbbab

SHA1
95e955e62e6bc62319d906e86340f5ef1aa3b2eb

SHA256
9aea3f1540dfeeceda619659bb19839cd00dc8420500cad935937ec60b8ef7a8

SHA512
84e8ed8122a6d0097cab7a499b4e24bdd4583df90710d66faa19e47cf024fa374c56215d12a2b91e4fe2ea66fe380ae40ae9d4e9943a476332aa1c9816cdabdd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
cd5b7f648d67357f7ece29b70250b8d7

SHA1
01d12ed17978d6377b5441a72292a6419fd2ad19

SHA256
ae94ee5527bc887366c37649ebd0e068baa47c108746fc20cb439aaf049cdd38

SHA512
cc6109b12dac06c2a0cdb5ea50d6ca00f7fdf5b6d5446bc0c4621a489161a43973abc586b87e4c50ae20dd3c987699a87f7c2309e7ea64f9bad79dca3d900312

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
740087ce639185eb59a2997d334ac457

SHA1
6c81af3dd355325d78782b40f5b8aab97a24ccb1

SHA256
be2474d52178ba8859f1f9ebc9bf484788e366eba4923c4f6356fcb3f331e686

SHA512
10afbaea4bd19fc3bc64961230d76165b2e38165950daea197f106623c5e88d5de20abbb107ef3678a851bc1909caf7262f9a4e3252b8e8b78842df8d6f55bbe

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
7dd437aa774de4a2f2a86a45779faeeb

SHA1
47e31c2e26e6db4085e848968749439eeb9f6762

SHA256
df9c07b06ddc7d6b36c034a2ca013bb37c17fe21cce5d71c77aa64ac77c1e9ac

SHA512
a50fa358cb7b8610d6761d236b3ae186be3bff82b1a1fa728588a416ab5a31bafccdb4d51f12da4d00b3e8b4bf676c50f1a207431ed325393c0ff648726db603

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
2dbc492f2917473226cda4c2d0c96547

SHA1
f9f634e26c15df9dfca93c053ab89142bcff3b80

SHA256
1bbb85f792291c46ca2b7324e683373e2030f8d1c73b5fa4857e27e1558de2db

SHA512
2833a998b05e3018c3bcc8eb2a2732d1abe8130ffb4f07e6b776c6189e4d9a0f2c1f733314878ad8759c3ae96fa008de656a6170a8c5904a7c5a55f8f34765d4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
cf713fc4458094c491b4c86549f840d1

SHA1
ea1239713a6a119f8d6e87b6d5c293477f2e55c9

SHA256
a2132bbcb0ffd86b06a97e636184dafd84543845f061e20f545aef5aa8944385

SHA512
eae43891e74d590468607f93493372f751f9a68b8b98f004ff226fb11f6271555a6f78fbe85d88dfcb8ca03e904b126430131fe9ae06ce9543b3aab3020030f6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
eda85a9400b790b7ac6d836ea5818479

SHA1
e8895dfb96672a6f024764857a8f721fe62bd048

SHA256
156dc829895e22193ebe00f760d5105e70b1ffffc9bcd435bc73f6cab3d58877

SHA512
60b45e395ebef0428548938a384dfa4b04e9c9d902f388117d6629b566062ba79ad73ff43238b29bdfbfe4402811d628f6eec981603ec012ddfc0697c5f8a4ea

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.5MB

MD5
0d70b995c56522fc45f764c39e2ca9f8

SHA1
85b5166b0c0c43c2ad59f69e1873c91b5120d246

SHA256
0c3cb7b24b60d3180e31d339c7e3c8ff5c0a07ac69d9cec12be76f9ca0ba17ca

SHA512
e90887bd9a12a9c3d487256df9c237298ab8df3e543f73650106d1481273a4ffe06adcca16e3c43dfc576325e737850157da0ad6fab7d3dac5b1e3cbfea5f084

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
82cb9d068ab1329a40265d8ba7a6c3e1

SHA1
3ae5848fb0f29007b27952a6b990fcae912b8d8c

SHA256
7ed734752ff97c0dcbb634c5097ce245a1ae8208be86ad125dc48f8912c722d0

SHA512
c8ea43fba55caded302d84911cf3043e0f633221b89b0dac9044ccd3b050afe99ad200b0ff4c594e82b7e925799402282f61c74d7aa254013dc412086f57310a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
af82d6ca32cd4565a145c928b01b7fd9

SHA1
7ee81ac49f441b97b51d72ad577a492fbf9dd6b6

SHA256
838e120e935235e61208aec3e07702904f2c7fbd6f66c4b317d0f527beabf10e

SHA512
e12ea1b781c61486920efa0ac2d1d136c262a661753b39edf16458ef5771de4122241a9b533fd9e5a23100c82678b68ef7b060191bbc2760eda3debfab9882de

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
6276ce276063016be2a0b928a8591dd0

SHA1
0a22e85d2299e43d6ab076b6a574f02ae137ddbf

SHA256
d991fa96da8041db0342ed607e78a2cd43fad50d1b4203520915c6accdc93b56

SHA512
df162ae35a94044fef9bcce5581fb087db99f3f7c2693f886940d6a32061ca8f137579535f104f3070ae435754d02427a5e7eb8e0a9850c54c954f0420c1420f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
16af1a89eb7758fc507d5388a47d6bad

SHA1
3c85cceaa6c7110afceb6b9f37af099cafb48129

SHA256
833fe2a93dd221ad99bbb417b3de59b8d42668ddfaa501f6d2adc7ce0e71d142

SHA512
9ee973579fc5c923e2b8faa060622945454e3e41a6b7287bdea1f68ff4eb4bb97c38239f49e29e476656f277b22efcd8002bed0abc0819c3e8da95a6f734a1af

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
37262c27cc375d60c173caf3403a2acb

SHA1
a9a1ce89c37c9de41238d2e33cab5bec6609ebad

SHA256
6db505d3ea87a9d8af17c2724363f555cc887dd590e9e084642734d3315f504f

SHA512
90e8e39399086822817b22a6e82c2f2c5cc55af8e50b5a93895fe3334da23e845e436e57c14c1510dd3593bcffbb0a8424d304ba445a1ee497f64a017e06dca4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
e8ad8be80741a0435e995c05d063659d

SHA1
aa6cfd3420b85cb352e4a6bfc35bf86388b6a9a3

SHA256
b348ce20dcc2d34348437e4bf7c945679748d2e21321f72ac2f2c5d8b68d7873

SHA512
d24f82c3f8936e0d29f46a9206963940148199e280e14b572b5f363cc1ccc4f7eb6b2d1b4dc64ac270f81e9ea0b64f57d8be7afeaf7be16d12cdbdeaa4c16473

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.5MB

MD5
2007910284ab970f115889f46fa8928e

SHA1
3fa6cc7144bc26219bea65945162146effc898ef

SHA256
944732935a5b3585a599d094f12fa37284f72eb99f0e0ae41f158a08ddd46ee2

SHA512
525619a995c380335f6b46344f39bf982d4346a18fbdb9c20ec52ffbfa9233b981ebcb0c4416aed05262c55c1120805d4fc950b59a80601136926c5958cc6347

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
22ad355654bbcae09e388514cc1c7548

SHA1
29793f3a05e3fa61c82496b6c56022c71e9b5884

SHA256
88b25194eef03e99238873b4696d3ad68e68df7dbb5879260c6e255ebd62fea4

SHA512
92be09603e63165b3ecc1e911b23f3d6956c199328da8bb0fa393a72517f44915bd8e531576d976f3671cf5d0cfcbed0b715d3d249c42ebb22d0d33f375ecfef

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
3ae03024cc3be676b29b93b940ccb01f

SHA1
d04c717a2d1555fcfbef6e86cd3e796fd0f2f3d0

SHA256
ff1be09d7e197f1cdd69a69a55ccd4f20633bfbc6ddb2532e007dcee7011dd90

SHA512
245995aadfa957adbe64d103552ae6f81bd920bc273fbe676a792f93954625697ee8ee5293f97cac30a27362f03d875d65572a62b30843473acc01174808b13d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
99eda03ef36e74401954283e069deb69

SHA1
08954a7afd2cb7951001bf696596fa9dbb86d9c8

SHA256
9794dc48b3e7de44d3f92e7f81a1c6e3f3a5ea30f0b0cf58fe00eb71ad3e6166

SHA512
6a18b1c236b1ffccfdf7b6e39d6f5bb1f1acf5349a8403c46f9453252cd574819347550e11929fa18fab7fb1b15f20d5bc58624c66ccae512937f968e01f0279

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
81eaa4ad2b50c7502cdbd670c366d8b9

SHA1
3e51830dec30400ffd16b0a69401de0a2d034eb9

SHA256
f47a3b48ccfc742de85d14f99464e3364aed1f2c52af324d8e08e5c07112bc2d

SHA512
613085312a49f060ea1d6abe5aa49a8c9124228685900d75df6defa2f5e362667064f4e2cddd81f92aaaf39f686ffa2fea244464ecb2f4d0d72e8dda23fcf837

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
78755a37b7e297ade38f9d71156a72bc

SHA1
4d2bb803543d4734db45579158e45005a89276de

SHA256
3ae66752aee1a1070f97bcf4a766c2a4317113456d5fe704558aee512e91534e

SHA512
d486815b467da16203400917610c8a06b307bdd2ad3def949726d69bc36488fa5621ab4c5087d078262f53ededdaf6e9992ab3b20694fb2972e85b2589b082a2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
87d6fa2676530ad78072cf9278767ca0

SHA1
617643de4b042fe08291afd25401756e323235c7

SHA256
0d235de9fd47960e829aec8d185460afdf44c37b38672b0cf5eb029a16d0ef53

SHA512
9fab9a9cac2c50ae3493ebfc57227278f48fa0091ac5a22d48970d6bd880d7fb1875f4856cd48eb5ae9028698aa8e946f10760f9e6bd5da48f60f4c33cc364d6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
2bfd3fb1c9f27e45da6397d1eecf207c

SHA1
5ea180efb3eaee76f68992e1e2b46fe5b5c67860

SHA256
6df25b0ff25b38420d3ec58d4eaea73d3dc0ed1116e0003dd55a8134a48b8ba0

SHA512
41517a274f2b1a049eddce7e89d154eb5e5f1fda91fd6db86acb43ff9ffd2e24dc39fdff0ad03a498a466627271f5c7fb2eba2f6579d3be34bcf4bf13d0a8ae6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.2MB

MD5
1d8e912db978b7bdb771d0db1762ae6b

SHA1
0b9307481287384f15205d48c1029be0c1d039f5

SHA256
93691fcb9edcbd3c563b544eb09a60f094e236355602d048805a063a9c76acb1

SHA512
93ec4aecf8a8ce7a0f642b496b2bbd1240f0ecf5e42d91791344eed8f1c7a78ad946d86f6eb69300ce7c559124e43714928ea93133d26a4b402366e1ef65db0b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
1.2MB

MD5
12a5562910c5297cd5a60e2529cb9e18

SHA1
d62d380b46a3372f0d6cbe6821bfeffc669b1b73

SHA256
755f5f4e811ae4bd9e83f8f9a793d6d116405fe3d56ab91e635e3dd74e3504bb

SHA512
c22a0b1cd9d28dee6109f7ebc67860be278b6afbcab81071cfd820df946254d0692603a3a552a3ee5f50f765ec0230f3e45ae24db79a37c849923d2853298794

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
1.2MB

MD5
93f047e03560941ed9dcc267465ef615

SHA1
ea404636671e22a564b593489a075aed8ae51e2a

SHA256
e38175066356d8fba7f9ca6adbf6e23e149ce727d845c1d04a601c8a15f13f89

SHA512
3f74a69553b48dba5919ac923e9f429776151fe8eb724a8c63796e5f993344be832ad33231713afa3077ba9aa8e0d1f15151b40ac0125ad0cdecda2d2cccc697

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
1.2MB

MD5
b44181a24b717f1e497be169feb2faf4

SHA1
fa69f175ec8eee7a9378f9495b258a84ca65ef76

SHA256
7b62219a3a845dca0ce34a5b17004ee129fcad2e2d46cd21be12e1aed8850de1

SHA512
f7ec16d4f89afb8c582cd7f28c7e49b3b027dcec89a88453964b25a37bb57694cdd927ac3b1cb1a86e96c507e0652e2b8d82da8974b936389f160d187203ef69

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
4eec499599850b3f9316f9a6632e978f

SHA1
68cd955dc6b6822e67b4801a998fff6364660b20

SHA256
07b6d588fafe29dcddf007d175226a394adbbf3dfa2a77e53ae4fca64d7751c5

SHA512
813e0a641c4a04c1e6334f2f81e8abf4fe8c387f00508e3ae0bf1b5f26af1f782fafe6d6671c6a0bce95011f34e8e3fc1fd8bf635b75e8e9c3be6f5dddb59855

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
67a67e78fd88ab7c497dd17316bf6b71

SHA1
d76e1c796cb974ca8321a4267cbd929f13fd98ca

SHA256
30dd4229d88ca6f5a477cd051c82b49b2c4956f8d4807ee59c36878b61a1d039

SHA512
f1a36224d1b013cb07ec252ce870e7b54c57a723507e3dcbd106a3eff76f636d8d3739aaff660c32f4bf4d37592b0dcb9fd0f1e28337228d35b51f7f2a191515

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
0c2e2a3f45eeb43e4ea46bb3a911c09c

SHA1
53094cefdefcbba24de0cd14cb4272658e4a9683

SHA256
f06babb796f92c458f2dc879e82b4ebd8a883d6895a07ef2457e60b65ead17a4

SHA512
47da6129885fc94fd5b0f825a192a38060bf3671d75e595ea2af11035287020590918529a65eb8c2e832cf53ce2a50db9326c2a8f29d66e9c6030857ffad14f9

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
78c48dd81e9098a9e047fe145c5f4fff

SHA1
93e0824c356816385595700ecedc248422a7662d

SHA256
6c0e144475f0f13bd10b300a8e446052f7d67903ea262104b7cc29d39b580669

SHA512
135112d5a025a4c4dc5b7f849347202d815e0abe690c83e0a17836dc9722de6eed4a1c108b20a5820183757ba53912894232740eec721b358127e8265260e993

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
8e4c33d8eb2bbb654302fad65a9093a3

SHA1
9239bfb6605c34d7c5a3f7ae17dfcb3d48d4b8ae

SHA256
a3d24225f2cf5f7cf9e6d8d59f0a28dfd7fca4331a26c178186f9c2a7387cbc9

SHA512
e3d7261d55b797cb0bb95b6e68e83e7638e1be0daf070a5bf3f71885b4503b45282227940da073dba258d8eb82fa61b4a49271063d30e69dddd3e15fd880dffe

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
2258e546ecc3bf62bee8746e7211b1da

SHA1
118b17bbffd9648181ea933e27dba5b7bc51045a

SHA256
cd544aeea863a9c6019afb3054085504a2541af283d345a1f4d2f572152caf48

SHA512
0c3ca36be95e710765f394bebe552f71d3bc7853d91ad2fd55df92f687f69c43fc217d3581e60f83134963608b3663d4558097fe95bfdb5e2f7e98711259df82

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
1a1510309f5062c93194c7cbfb46dd2a

SHA1
17b35312dad1e9651cb9279fb15f4f0234761593

SHA256
ae697d34050e1bdcd925f4fc9d5fe98a65645af3638a8a4a82b775d6f4bab3de

SHA512
b983d878d6c775477c5cee53b62b1b46e998496bf43f8b70b11edd1df13b77034e08dc6a817edc78d2e809f6e6afad1a7341c0c73dc68e325651fc16bc2eed83

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
9e958bcfe479185c21341494829c0354

SHA1
17791a7d2401546d20c5445bba281e1c43400251

SHA256
8699cc90f253c18b6b32431006d7240a13e842d30590204cb34a1b87dd971014

SHA512
54d497f34fa09354b10cadecc6a29854d74546b8f481c8af5ad20519978e9932335ff00d3d36ba9845eabe37fb5245ff1d3243537f497880944f658cc373a9a4

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
088ba48b5d1f40c01c4329f84b9eca1e

SHA1
30fa6482ffaf717eb4dbfe6a227cb41882349465

SHA256
fe7879c2fb0bde80d9e5dc87c0b015aff5bf9dc8bdc19b535ace4fba70259329

SHA512
f37fb78a99ddeb9fdc6edc5c54291997a44b85e8342594fa668f7eefbb24e01e42528ffa12fd1c5e49d466c2a58a2e5db9458da319878244f3c7f103c81d14b9

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
4685e7435ff587827b09638c79939676

SHA1
fb92412226a5bd642eb07afdc73c85d741da83e2

SHA256
0eb1c8d38bc9aa61fc665e13b20a643872932a929599ac71541fddfd9d6d733a

SHA512
c98aa63424bdcd115e67f443094c4a914545a0446289b8989faf9edced6ce764ded5fce98d00ce159ff256749940d0314ebb061022858128c3efec855bfa52e1

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
d934b502ee7fcdf6bd584e0a5c73f48f

SHA1
e5f86db26bb2d3402250178f62de17647ff0aaec

SHA256
a044f22e6bb1814a25004376889577f84a2c2e5faaa6ff98f4c4fbe334c34543

SHA512
b0778cf32ac319067b7924f43544bfc8ee5fe1dc59125cc8e86441e9b39ad277f7981796a5b2c39c0f87eb2ceaf2e3913810998d667a876c293d8c45ccaa7921

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.5MB

MD5
64c5d6c49b9517b082daf061595f9251

SHA1
a2270027f91789ea15c4db7f55c7a1f4dc8a261c

SHA256
563287a93d55af9613b377b3c34b58c155ee84f87100a71867210c401d63d5a7

SHA512
b29a9b332696ad3d26f003343338cf863ed7646f8f94ed78e8809e044aacfcc6159540029bf1228edaddae6302e97c31af673555f669c0fa2e1af8ed4552bf93

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.3MB

MD5
93c192777679dd2275f945f1b5c488fe

SHA1
a15490681f5cff7aa3266a69b59aa5c29fdd4492

SHA256
ab6eb0c97515c63a5f4f87e258ede37625afdbebb914ade861f6e34cca55f807

SHA512
ba4f3fcb7568cf7027f0c42118d6699c1a73e07f8919f925aaf335c8c5c8f21e997e2e39593fb198cd902c5ae0fa936757c1db4e470f11223ddab4daf49dfeb6

Download Submit
C:\Windows\system32\spectrum.exe

Filesize
1.4MB

MD5
9faac4724e383ba4ec350dcff9e83fdb

SHA1
3d7e00ee0a9afbe74d5859a3c082e29c972649e9

SHA256
6ad70246be48fdbe9a4b2b3ce5c14ee1e352fdf7d13d1382281db49fa220d14b

SHA512
7083e68584f32705c7a70ea402928d3207e7b330c01dc99ec3c9a907f870b20320bc42ad3c85b4d2451f7c975bdd9c3281ea66a17b974cac1db1cae3905ae599

Download Submit
C:\odt\office2016setup.exe

Filesize
5.1MB

MD5
1c4bdd20a3d9909974457a6fdcbe4133

SHA1
b44000a257ef2b5f16b0f2a7d5d955da6be6409d

SHA256
e5020e3b2d2c4786c014aee4d7ce801154956298710181023d6bb0a6248a11f7

SHA512
58a03bbeabfed09f28d81e52f3093be851614c758a36df312d1363ca71ce87901e94712ba83432e63e5cb0e9c80f18c02239c137618bba25b7ea86e6e038c83c

Download Submit
memory/400-117-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/400-115-0x0000000000E80000-0x0000000000EE0000-memory.dmp

Filesize
384KB

Download
memory/400-104-0x0000000000E80000-0x0000000000EE0000-memory.dmp

Filesize
384KB

Download
memory/400-98-0x0000000000E80000-0x0000000000EE0000-memory.dmp

Filesize
384KB

Download
memory/400-73-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1108-317-0x0000000000400000-0x00000000005CD000-memory.dmp

Filesize
1.8MB

Download
memory/1108-1-0x0000000000B70000-0x0000000000BD7000-memory.dmp

Filesize
412KB

Download
memory/1108-6-0x0000000000B70000-0x0000000000BD7000-memory.dmp

Filesize
412KB

Download
memory/1108-106-0x0000000000400000-0x00000000005CD000-memory.dmp

Filesize
1.8MB

Download
memory/1108-0-0x0000000000400000-0x00000000005CD000-memory.dmp

Filesize
1.8MB

Download
memory/1256-11-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/1256-12-0x00000000005F0000-0x0000000000650000-memory.dmp

Filesize
384KB

Download
memory/1256-20-0x00000000005F0000-0x0000000000650000-memory.dmp

Filesize
384KB

Download
memory/1256-169-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/1520-192-0x0000000140000000-0x00000001401EE000-memory.dmp

Filesize
1.9MB

Download
memory/1520-426-0x0000000140000000-0x00000001401EE000-memory.dmp

Filesize
1.9MB

Download
memory/2696-408-0x0000000140000000-0x0000000140212000-memory.dmp

Filesize
2.1MB

Download
memory/2696-178-0x0000000140000000-0x0000000140212000-memory.dmp

Filesize
2.1MB

Download
memory/3404-127-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/3404-120-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3404-319-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3404-121-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/3520-454-0x0000000140000000-0x00000001401D9000-memory.dmp

Filesize
1.8MB

Download
memory/3520-292-0x0000000140000000-0x00000001401D9000-memory.dmp

Filesize
1.8MB

Download
memory/3572-25-0x0000000140000000-0x00000001401EC000-memory.dmp

Filesize
1.9MB

Download
memory/3572-195-0x0000000140000000-0x00000001401EC000-memory.dmp

Filesize
1.9MB

Download
memory/3572-26-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/3572-34-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/3584-439-0x0000000140000000-0x00000001401D8000-memory.dmp

Filesize
1.8MB

Download
memory/3584-199-0x0000000140000000-0x00000001401D8000-memory.dmp

Filesize
1.8MB

Download
memory/3832-391-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3832-210-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3920-400-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3920-157-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4888-142-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/4888-148-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/4888-150-0x0000000140000000-0x000000014020D000-memory.dmp

Filesize
2.1MB

Download
memory/4888-152-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/4888-155-0x0000000140000000-0x000000014020D000-memory.dmp

Filesize
2.1MB

Download
memory/5008-131-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/5008-132-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/5008-138-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/5008-325-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/5012-436-0x0000000000400000-0x00000000005DA000-memory.dmp

Filesize
1.9MB

Download
memory/5012-196-0x0000000000400000-0x00000000005DA000-memory.dmp

Filesize
1.9MB

Download