3ed19735f246f9834914d4672acfd2ed063e34310d54f42c602c45c57805c5c2

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-27_07758d86dec31784b4f57d6bc7c36831_avoslocker.exe
Size

1.3MB
MD5

07758d86dec31784b4f57d6bc7c36831
SHA1

24f8a6bcd4eef86ca04f525a32a94bd360159a91
SHA256

3ed19735f246f9834914d4672acfd2ed063e34310d54f42c602c45c57805c5c2
SHA512

6407f1b9568a9397d267b6f71608eee95e6a8aa74e6e23794e11eafacb22a79b3b6ea038342dc763d3aed093dd0e3d0debab377731f458a6785dc8493346275c
SSDEEP

24576:72zEYytjjqNSlhvpfQiIhKPtehfQ7r9qySkbgeds7ozX0j52pMkuLoiSJVlIL290:7PtjtQiIhUyQd1SkFdJ70jIpM3kiSBM8

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
2568	alg.exe
3052	elevation_service.exe
3716	elevation_service.exe
2852	maintenanceservice.exe
3128	OSE.EXE
1412	DiagnosticsHub.StandardCollector.Service.exe
436	fxssvc.exe
2432	msdtc.exe
2552	PerceptionSimulationService.exe
4900	perfhost.exe
4300	locator.exe
400	SensorDataService.exe
3952	snmptrap.exe
2128	spectrum.exe
1204	ssh-agent.exe
2816	TieringEngineService.exe
4804	AgentService.exe
1212	vds.exe
2796	vssvc.exe
628	wbengine.exe
3024	WmiApSrv.exe
2308	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-04-27_07758d86dec31784b4f57d6bc7c36831_avoslocker.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\830433eaad45b396.bin	alg.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateComRegisterShell64.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-2 = "Microsoft Script Detection"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21825 = "3D Objects"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d1155b61c898da01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000008eda5f61c898da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9923 = "Windows Media playlist"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007c7a1f61c898da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine"	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000005ad79d61c898da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9910 = "Windows Media Audio/Video playlist"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006fdd2161c898da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b9add461c898da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file"	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3052	elevation_service.exe
3052	elevation_service.exe
3052	elevation_service.exe
3052	elevation_service.exe
3052	elevation_service.exe
3052	elevation_service.exe
3052	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4604	2024-04-27_07758d86dec31784b4f57d6bc7c36831_avoslocker.exe
Token: SeDebugPrivilege	2568	alg.exe
Token: SeDebugPrivilege	2568	alg.exe
Token: SeDebugPrivilege	2568	alg.exe
Token: SeTakeOwnershipPrivilege	3052	elevation_service.exe
Token: SeAuditPrivilege	436	fxssvc.exe
Token: SeRestorePrivilege	2816	TieringEngineService.exe
Token: SeManageVolumePrivilege	2816	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	4804	AgentService.exe
Token: SeBackupPrivilege	2796	vssvc.exe
Token: SeRestorePrivilege	2796	vssvc.exe
Token: SeAuditPrivilege	2796	vssvc.exe
Token: SeBackupPrivilege	628	wbengine.exe
Token: SeRestorePrivilege	628	wbengine.exe
Token: SeSecurityPrivilege	628	wbengine.exe
Token: 33	2308	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2308	SearchIndexer.exe
Token: SeDebugPrivilege	3052	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 3812	2308	SearchIndexer.exe	123
PID 2308 wrote to memory of 3812	2308	SearchIndexer.exe	123
PID 2308 wrote to memory of 3548	2308	SearchIndexer.exe	124
PID 2308 wrote to memory of 3548	2308	SearchIndexer.exe	124

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-04-27_07758d86dec31784b4f57d6bc7c36831_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-27_07758d86dec31784b4f57d6bc7c36831_avoslocker.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:4604

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2568

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3052

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3716

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2852

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3128

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:1412

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3848

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:436

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2432

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2552

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4900

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4300

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:400

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3952

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2128

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:1204

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4688

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2816

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4804

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:1212

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2796

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:628

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:3024

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:3812
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
e1e64c4bcc95a1c36fc50a0413e0c767

SHA1
222398386761b19cf60139aba377007bc0f8d410

SHA256
3e003eea0f1874a01c3d4058299fd392ddb8084dc8eda63752600d769033a1ad

SHA512
cb915169705811a857796db1b724750e1d69ff992ab0bdfcc66d119ef9139647b0b04fca82e704cad01dd240fef9c058da0dd97a7d9959aba27f8aaba50944df

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
789KB

MD5
094186b53e260a34b486da656323a1e7

SHA1
cee42adb80cd423948e7adc3a6ee7772e5aafdd1

SHA256
90403c5a94deb28af6b4d91171822aae95b377a30a4b20d0f942785274881663

SHA512
1051d7793816a435f5300d6ce23ee63113edcb0fe51dc9aae783dbe0acb306494fa186bea6f88f42dc13dcda73324d491306a293f3023e8e6c47b858b554b6ec

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
1b0b51a02e1966f9da1b10eece7ee3bf

SHA1
c1ac3c8c8e1dc5d5bd6b482fcf4e70fdb6f10a88

SHA256
a5a45afd49352b016e44a7d7a1696d7b6a34604eae098859795bc8d7f926eb1c

SHA512
e75b24195f268cb2639d07c65ef90f14cca1d1d157c235029247056c1cd4384f852f77f8b12bd5734fbef42841a6fce65812b111e8c372269add8170f7dbd304

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
0f91e56c0fdfe65d9d8ceddb13e2c4ea

SHA1
36591523c73e34bb32930b576d23d5443c4ff53c

SHA256
6acf7a79c80870b651dc84e12512f3f337163a8e2bd8d7f06cacc270c9ec6269

SHA512
7cdf3ae3e31a9c20bef1441211fffdd33a7ec55ad44b77d8a435aa3452103356319bbfa32bf1e54b4c30ca90998c04980619f1bc23956f5049b048f7d3fc9ece

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
ca771f6e4e9b89746e5e6800f177d3b1

SHA1
384b5b763ab0a29b7696cefb11b6f15786033cfe

SHA256
a206ddffc5a37beb800cac93525c86b0f00ea824f6b6419195a780255778cf3b

SHA512
a7bd2ef23816c723a89493acbe368cac3a47b75a3444e65b31baf4188252ebcc0200e973be76ec16af3a74db7b9c182ea43db245d42871ce88f2ad32f67c3760

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
98710399a4162e29eb2285844c7e130d

SHA1
0b1cfb74a3459368996def03de84a0987c616481

SHA256
ab5a031d325598f142ea21e025aedc136b36cb372d60ad8586aad672ed891eb9

SHA512
39f79cfd933919cdce1f9a99a84a403f1b05332d785270e928edb4ad5a8e2ad0c5c00027767fe7f297c8be0175dc955e01fd79bd54b7c350bc2b31d8971e3b54

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
3c12a046566ff8be41a1647f2699e85c

SHA1
9cb640e2db79aee862040f34574a47d9e0eac691

SHA256
68d02b7f883cbd1f408e84d547ee59b79e3f0a61f3356c7d3bf4b0545559fdba

SHA512
c108c390b56ce37dc354c4aa0f29aab3bd9eb53cf6856da5d3f3c0dc732f9c7700c7e2b55cb74c0b2eeccee0e7bf3b9be8ed69193429f9a6d1216099f19c5eb9

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
1798dd183003fb905bca629830608952

SHA1
82fa384171183788a5363792d91acf65c6428115

SHA256
6ca5a622c405bec346076b2d35b64981474d04f2674a25496cf235bd8cbf891f

SHA512
382b23c94d387e43803c6a57e3e09748d462e35f2156c453354767537baa8614390615af706d02c0a146ccc8161fc70ca47f0efd10772c035e41431928e4fee0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
83f53e81b91803b170a619ff1335f028

SHA1
0b587d7b878806d2406fe630aa07c9e159bb09ef

SHA256
63780be5e07b3b9bd3040b66ba8e78f7e6e4e07c9a1e929b142269112516cacf

SHA512
1f8d145ed5d256fe1853d87c341d7c06b1c1d8eb3d6a507bcf1f66ca3d4cf6452fdccf6a90503887f1235be25059b2f02cd656ea9b0fe456df417638ea76cd9d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
d0657954baedbee11824798d50620a47

SHA1
7004ac0479e5473fe767ea75bdbb0046a812be2a

SHA256
598b2708e7e273f45d7124b9d7b44451e30b68bcfcc80c7adc826c646059df78

SHA512
720ab4c88004a277a2b931e1d1813b23eee9a5ead0d7757ba807464b46a48416b5624083ff16cda1698bf9368e8e6056ec2e60d0bf401d4eb72b1277b83d6ae0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
de8fde724ff814649258eeed9934644b

SHA1
b690406134d79de3d44201bbc8ff1e88b1008345

SHA256
39c97b973628d2d0397af6343d16906bba717697b65999b0d29229e4910dff8a

SHA512
154be656b4c467fcef2fcd19279bf04ff1c9ae717c075869f260b41b78133bf99c08754b73b35ae6e3d8038e72e342293ee74e4dc6776343b39cb1bce3618846

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
104f936e0d635e26f1a5c1593517ecce

SHA1
652ce6419bf47ccafca06571f88ab11775c59a74

SHA256
f3db72474bafe1b646c8ddef6638ecaf87c6192ff081d823ed3ec7a075e3e1a2

SHA512
c375f826abaf3d1e0943f76a38edb2084c2e9e77c25ca0d3925b55db894879e6fc856acc506d924ebc64ab834c8b682b4b7ebf0a48c13b2fb79cd54c470bfbac

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
6b1562959b0dc0db4a9545ffa2036cfa

SHA1
da09d18c54702f6f807a66d641b69b79bc3a98a8

SHA256
a46d0290c0b08855aa2375a812d340ae13a19c8494a0562ff602f4d2c55406e0

SHA512
5695fea3b9f68c3646028f0fc7f85fc74b8a83761fb7a850a0b95d61fca9fcbc47e121d109ab7e713f3f6f57dabf9e69d683b6e7bd4104682eceac99e36e5d04

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
42211b7828170b22b84a9c9afa4e042a

SHA1
778057444f00e19c02aa0fe17c5cd482b55300ba

SHA256
02fff0ce9a71b5d61cfebec1beea4353720d245f40b5b3c360dee3b6d8d2313c

SHA512
85b6d581943c46536a79d9a87392fd4fe8fe7371e4637943987c113642bb72b3e0d7edbb82f1eccbb9b43053282b4684e29926affff9dba36d1417b16bbbb93a

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe

Filesize
4.6MB

MD5
f75c4779739ddd811464fe1b8e0b0d38

SHA1
d28fc6026cd751fac9364d3395aa48ae110deaf6

SHA256
b7dde6118e0df5e84864ebaebab1645ade20b7fbe36e1f6f876e674fb6b1371e

SHA512
2755d2a0f885bbcb3b79e35b401141b11460d646bf8276b41661865cc48a3c9455782adf9357a36149273d3e38f94f75cc0f687ebf4be81808a01c4f272ea80d

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe

Filesize
4.6MB

MD5
7397538b2d242f5bf0293d9aa251b78e

SHA1
63dfd57878ed5564322dcb7feca6a7df98bf8ecd

SHA256
a52c622998bf46196aea77535513e9202a2092412e12076b20efbb39d097f84d

SHA512
35ab4a091340fe9faa0850b65ad7f76123d6ed97d29e2e9407bcca47f640b406ed08264778364d5d7aeb8e3b230e534b1e8cb7d649070d2943a83f08aa3e99ca

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe

Filesize
1.9MB

MD5
9666234fe0715f234b839064f67cccba

SHA1
8afed0a02b51ea8583019d6030a854384f88500e

SHA256
bba88a66011b0d06580bc984511df7630bd6b7323ef0f6417e346c7704ab95f3

SHA512
008d9a7cc5b2dbaf845258d7800d5449c042678605c30983ba3c4cb26fca9ccbb8d96ea1780f5416cd6177a408bc26ac1601d5a114edb368236ce32317091194

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

Filesize
2.1MB

MD5
24822d2ca5bf7e3bafc6038c580016dd

SHA1
5c904cee99d396e0a31039a0ea0e764586db12c5

SHA256
28f423cf782fdb238eab438d97455c7c9895e1bcb608b437a9c2033e5a6f904c

SHA512
ad98ef7161f18bdc529f8ef7342301f38429ee5ded8ce08dcf2ca48abbe5044fa81316b3edd97a5f827c278a131ecaf51ee73ddf9dcf9c5f701a969f12c9fefd

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe

Filesize
1.8MB

MD5
fb1f86a27fe9b238b459762336a5b7a7

SHA1
30f164db95f9a38297d3c7b917693f74d3b2c4e0

SHA256
b15d3693ff6fe1a6ac1e79d0964d03f62b9bfa2fc7b0a97983b935082369930d

SHA512
f5a6569efdc857b19e7f1b33fb2e299edc95b7807c4e5e9e5f0c2956eaf45dfee9195b80dad06e6753fb7ec374ff10bb3de72d5a32b1db25dce2bdf28b56187a

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.6MB

MD5
035cdab556416916f57b7def7a70002f

SHA1
51f6b0b8a5679dc94cecb5ade0a8124acc04ab7a

SHA256
89062b94ddff55a450a2242070637bab8e62d221bfc19a88e35eddb8c59a3a7b

SHA512
12cb441e7a06850b1e4b1b12c0273620a10469263e315b942d13b375e1ffc0ae43321ee8322e0958a6a2fddb046a7107ce083b783ef9070d496b5824d69103a2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
145b21fc0b713320c31837513be16d8c

SHA1
43cd4b7367f8662159da2787fda8245b11a4e73a

SHA256
ea75d97f290e33903597c6034aed2f748408a5cef1db06460afe550e9526bfff

SHA512
b3642df2fef6e1371d19caa489b4c855ddb3fb084afdf001b80914894b1ff75624922ba63958f6b0d25fbde5c019941138ea36c7d532e20639a511adc7a88826

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
bf3e31dc7c329df74f1d04f95c3380ff

SHA1
5c067b8bcd200bec1ab5d8489e067b3b3be823b4

SHA256
b0584759b3d7716d2161ad5a0e16412b994861d93f7d7cafd713aa8f11b0f68d

SHA512
bda3b7a1f7c29c2c8f589a47c284516e9d85717fb63932206c4b7f9ae254f1efeed933cce2f653bc89219ee4cafe1e29fd940c1013afe466fe28c51aa0b35c13

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
1a08c1d426b301f79fefe83da3544289

SHA1
4e191ee37c3522936ea6115f5dece4333e80a3e6

SHA256
dd2df1deea64ce705174cc60a6c46b7c5e6b68e22022a1a8a347a5231f31d817

SHA512
c4637bc7f663e5804989cc8348ce44d894c0d09772c99478b4c51944fee7c8f1d95de170f63feb7164db7c5464f188124bdbb94a97fd320bcce354183286d3ca

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
86074a94d13fea4edd8b930073b7d4db

SHA1
ebe0b337600db6b6ffb0fbfdcc15f2fc28087207

SHA256
0f7979f59a74177ba77c101aa196b0d4554b7b9ae1819feb0aa3e8763a66638b

SHA512
dc34c7037b17881f8bac1158ab521544c8bc65b67ed7e3c36ebb4509a50acd91b091f380a4bbbc8286ef5edcbd49d5be6c637e84f38ab0426bbae4e1113b1e84

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
c7f7d69a671d542607568b1d4707242e

SHA1
d320a5604b592f59bcbc71aa8e1344c92d36892e

SHA256
087c87c8539751b06dd7725301ebef50b5f7b04d9e3ccbb22cc3dfdb1cf98e7a

SHA512
b01d18adba1349c6ab6ff47a6caafb3ee5b0e4859d261cd125fc95a8f2859952c397ba760155e5fc03bf644e1cc6c66404a331f59e11189ff36a8e174b566a5d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
8b00a2faac6f15a761ec9696a14c72f6

SHA1
ed7a8ebcf4a2a46f99abdde861019da83a55a40a

SHA256
663f207c858fb2645d2c879d0139363e15dd64f723b2d9931ae7263f27d13a6a

SHA512
e71892b65bcc3290cbaa7d2dd41cd9a948d5b9fea8da190aae7583d971913c5f9bd6009bda87c30ee25a103a619724715f82bf50d36de530acfda315b71b9653

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
27c98925a6c1407eab356685b7c7dc1e

SHA1
32f26d5b793500a3c995966eaa7e91e36b47c57e

SHA256
abe89afc0c3406bc5d9ddcc67adef67b89dff779772c1ac613b0ca9fb4ec8f53

SHA512
54a9dddda3d04cc79e6f4f84de8a9cd7fa34bac11579894a755594399af6ff251fa1c327579557f427b1af19d59ff30d9494837dd798bd3a566d4b24c9d6ef3c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
cdb9d0eff2920d05a62ef121e0e90f24

SHA1
b5c7e4b694490d4cf3995d68064729b633e85ed8

SHA256
254c45d6d16df6744230645bbb3bbdfaea0a8436a6fe9d33f3e5196c80a4f868

SHA512
22d0c44f83c1b16f89a2c27a790d38530d5b528984b90b9ff37d782a6ac1605969428fa530ff76a73b1d029dbf0796115cfddd5bda5e31121ead5a359c274ab4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
b39a9e7e6e05bf03e24513300d052842

SHA1
8f5e52dc1e984d8a2e3067f79ab54a0de07c8a21

SHA256
ed4f917221807f8d981677ace4dafb9e3bfc0a22ef272d4ec79a1feea139786b

SHA512
98023447f816fb81e4458644b21f1e0febda730d64be435da907c0264fa7343d9cd1a7dca73491aef510cdf9c3d54a4bede3fc241bc515b52979e9634eeb2821

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
254659a9d4997e618650be9aaa98a262

SHA1
aea02a0c57ab9c0064a4529790d0d579d999b64b

SHA256
f9d256fd43fd8e46f980bb68008126284e4361628d83e454a7f7f14ca80acfc9

SHA512
4ea17b2375c5330b18ff84667a2fa40e084219a6055315e53f411200da358ce452839b60e41ceaaa23307042ad391544586b58847502c544b861dd58085ee214

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
66d94c6249ae1a40c6246cc6b3eff9f0

SHA1
c826d9ba89e62d62e90f048631fafd223b8023ec

SHA256
127c2b3fafd1dafc76a687a192c159e3780766454a3bedcda7e77ce2d11da5d0

SHA512
af3d7e83c176d60a1d1cf38c2c33eab12a8ae7d765fe2ad2da5b7276baaea857f84e6d02d90540578264beb8fb6e927c5c1b14e44c15d5f81738f3ac1fdb9adc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
97516a71c71487626a17b7b07daa4094

SHA1
eae0dfa48c0ac2e4719ad4c6ee2501eb98f97bd2

SHA256
9749564d74be1a67cbd274cff9cc84ba32cfe84167f24231969e1cd1eba0f5cb

SHA512
23e9adbc2ad9f22c658b0780ec7b0cab91009775fb8cb4d86b30bf4f083957b27ca7f64729b50dc498718ec985d950a27852a2615da01616c2f5230e7be50163

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
fde92bf585c0186d445a754862133abf

SHA1
65af9086b7005b55e3ed2a2462a6d950f545cbce

SHA256
5845a00823a88efd833190ece90d5fb5b4e68c968b021e610181a09844b672e8

SHA512
be692dfe62bb06f6dde77ac9de0286b8bf459da83074a101733a2a4bd779e964af758da3a65597d85049fc5faf28ebdfe56438a0fb976f1e9edb628a0e5d108c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
f9cf97fbb3d0b2be78786949a0437def

SHA1
fc3d0b750a8dc3ac109c80bf8fbf5b1e1af7729b

SHA256
4d2f59eef432a68893dd6ca65fc7388c7baa8a89df9b569e3355e0285d7ebfe6

SHA512
3a3ca7821b6bfee640961a0422256b34a63415e08ff53909560d1e28bcbf2d831138edeef5f22011b30f85659aa137a2e68c3fa7ea9ecebab3b50b7d64f9ded3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
0687487794fb59c5845765f50ce1d9e8

SHA1
7d233df7fd2b9c710bf4e4594beed9a2787b3c85

SHA256
7447691f2524828ab9a6bdd2821598c00baa837f5d5e3809f7dbf23b0a83bc5e

SHA512
3d1411c038b32ca0480c6128b3f6173c85f83bc4dd36bde304252a636947080a086b85960b355e7031acd30d76f25a4a8c29438c84b1df6eaaf4ac40baf2ccf2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
f2005cfcaa594bbd9039567e551e8f7a

SHA1
1096b3449fcad4578d3d8e598baed52e45573af0

SHA256
eecddf60d2ede2d50589eeb758e57df8f88685791010e692a5cbd506baedcf1e

SHA512
9f40a4977a570660c5f7dc3349399abb80982e595f9f049987d67ffdebd9542fb5f97dc3c49d4f0fd107521837c06d4c191fb4bd8ad5b77d96c6f538fc3536de

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
837febcdd3d0dbd71b95478a91c534cf

SHA1
eb17da57033dfbb9b94a38901e97b4c7b0eff7bc

SHA256
77b1f044cd99e223e1719fd7860f9727ad26d6ce87cd837435213998c4e5eb3c

SHA512
24415c8802b19499d431c4f90f8eb282e2a4452310f772302bf5f4b80f05d71227def280a2f59c08bf6adc7facec3cdfb45a0c7d06edb816d5c6b2416d4e820d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
5cae6dd04fce0cd30c0841c8a794f6dd

SHA1
5f522f721f3797fe823f5e49c7bcf90f4e4d6ebb

SHA256
0862b481c9cce3318c3c7e09be169a4236bde434175085392b124ade344f965b

SHA512
cd4efcedc54e6f8980efa42c48257e062dde2c737b1c38d1a171fc03d6d52ccd849496b4d3148891da72fb20c56a17c1dcda5539ec0d2197034a991615c2d7cb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
83040c1b502c43e6142bfd245128a333

SHA1
c8c29cd8d067b08cadcac5e2cf84d98ed0cf8ac4

SHA256
71c6322538d8baccee193ad9fefedc21cdc457204957684283f22026aea32a0e

SHA512
75b4ac7a3c986a2e6e029c13369d6a842a6fc2a59f937b3f86b2c3e424f686ca91fac2def2b7859f9f920160fe6466cfcf3c6373852cc59166b4a2ba008e345a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
21490a611947de640e1eb71e3c6bc92e

SHA1
860684482318b8c22c47221748a7390759dd81cb

SHA256
95d02d6621cc0f8b4ca487174fd7e524ba3185228764b397d684cf966bb852e4

SHA512
8eb428a007c238cf0766bca9826c74059ce2ff8863a5a7e4cfb9290b657d291418efde90f2bbf22f40217251dca09dac1700789b8b2d8623d97aa11b61c4880b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
44219ff535a22d9f2f338223b17119b2

SHA1
18387321842f54fc04d4e28d040293e4dd7bc18a

SHA256
7334bf0df378d23f43c3c2d8d6e41494aed162e53667c5d751183db29f6fb21b

SHA512
194b4b6f45279a1bc8cee3b516135058ba15c3fa7a4a365561aaa372d4c9915a57eb40ad5a7a82ec26fcdbeb1dd69278d911886c01372cab82f742fbe335c600

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
ce01479f54c6896e138a168554058a56

SHA1
1c4b9a4161d212bca8138da1234733b8da4e887a

SHA256
a8eb9ee552d0f8b74a0af9a0e86b958656fa41bc3d063b95add852a711888ff1

SHA512
9dde0e2866f108b757b66f37c4052e35b2c65d3204f308ed6c8f3c9e9aeca51e1c47b341fc82d6c7b1752ce27d4cae56b5aedb5dba23b0f3edb5e64364f60fc3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
5febf9b152bd433b4ccd03cc3d867086

SHA1
a202e5381356bbc74289f67d952c07c9d1817a06

SHA256
a3593ee38d840937928f3bbe0508c9dd7a0647b01649b0a1f208a4cda35b1f89

SHA512
8917eaf06278d05d7d131237e2bb6437e2781f2eb26b50e1ed85ffc1837ecd0db9a46118b6424d6be9a7d17261d299e161cc275f4956d3ae14f6b8d447c88651

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
c44238200430fed77d801d2f3c52d226

SHA1
b178a8992a3d71e8fc6574e01a26cda845993fc7

SHA256
64c3fbd9026156e5df7ab6382313650577b7eb7eca7d33cef8560cd0bd7a5f7a

SHA512
a41370eaf6ea8b67589a4fc012bb4ba25ce2d3416eec1ed3221b3d3138cc222532192bfbf9e13357984bbca82f675e3589ac1a631e1fd55c3209a8985ad24f95

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
62a38df8e9c173899ea6cb68f317407e

SHA1
98d865b784b894d337f8f125a008d4f79f4e3d87

SHA256
755da7f398faf3ca70e5a8be0a1c86c91a07591798442f8befbdd59fc0d1c2cd

SHA512
ccc97d4c70198df72e98c7db0594c55870b070765869c2bb5c9b160fb21ac95ae16485ef91e4e9c48c7ec424ea285d58351b18880c8268ce0eb40a802808006c

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
af115b4fc7b84fb8aef995efd8c48e97

SHA1
95c807cf0122f6f819982219402046b5a9fa3f95

SHA256
9e691e4f54eb7ef5a6de8d7ae3f8ded32b3a763c668bafa892ae7350da071961

SHA512
648f77efacb6469063fc312df2aec834cf5b4a00ff128e4c6a9b07c96b70af8f75ad8f48906be9ff19d3541990f15af62e675ea29e62ddb6fe9f46d979d35a3e

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
a28e8ce7f4ffaf66ef3e02e14301e08f

SHA1
db4409a1ead45427d67ee4ded299df38080dd718

SHA256
9e4a9b771f85f623c6e5f3ccd79a60a1d8bb1a232531c77ea10c132f6db56804

SHA512
25f66ac9ce02513695b46905b029528f968a80a6fa98cb74eacf9bce1525f7e8ba91405f500245471ccf95b2e2a83c3035e9212f588ebcb79286e0e4d338b1bd

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
88c45baf9c6ca84c94b0d6bc65a0c67c

SHA1
fe258e23225003a59a00b32be40f07debbc6b739

SHA256
6081d450f28d6af96d94e8d65b0bb493961030bbee1bf7726321ed24871e449f

SHA512
d11fcdaa6e77c4941f14978f77a79927de9a624912d4219d01b293b6c575cdd6dbecb2ef69913a1e5776c84eda7710ea1755f408a4b9e1007847af065aa730ad

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
39dabe172b399b70ca6f0cf4eae1884e

SHA1
b606c88fd6da56d4878693477424e6a04e385bcb

SHA256
544ac23bb67cbb73ecc8c73503327acd03880d9d6332c282f2bec3ed16b4f12c

SHA512
823482badf71623866c6be1fe1619a7319be4e6e56270ed54997fda694814a9c802437bcc20c8c24b8206fca0c281f5788e87059459ed128d59ce4f3293a8168

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
84b2edf90480409d90d99cd1bb47e117

SHA1
fa65d2d4b507fd840cec615778556fa42ee388f6

SHA256
32fab60eb2eccabdac0427db4c86fadce818809b09562c5eaccf823aff1224d7

SHA512
d5c182efe4e4ea0cfe27914de3e36129e3225bef611f60f37785e081d7d331b60667e65b9353cfcc3e6e9d728621368dca8ea50b135ce8ed39837bf20da31987

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
2ac7ad089b253b7c4331951a2014a212

SHA1
f56fba69ed821eade373aff9d4a1a8f373c7cffb

SHA256
c2cf3cfff1d2eac3d90eeadfeb58be7306cc6206cae60efbead290bed3988ce8

SHA512
247942d3784da49e8951d3398acd3f094fc41a0768adcdd610dd7e69023b9a91b8b7fb2eea2d8f9e69984ec21ac4b75cb0af4d1ebc0348d65863c76eaa35fcc4

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
8e7707ae9b5cc24bae3b9da075499ea1

SHA1
62c9f018884ef8b2b87691fe4b05209835bc73c8

SHA256
d053cb8ca1cd7d264357fc3dcacca787111ba99e48a6205dceff86c46b9a11b6

SHA512
37836051b7e572532c4837ab9d2538d1b57a3c4376f6bc141ff5bc2a8ecc5e8fc11e188b4de056810a7d0a443a778c238d44b612a59d25c03a018040e5c4a3a8

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
05570fbb45fc76ed0164106a7b2040f7

SHA1
4f9a3eb348dab601e4585d38a85321d825193924

SHA256
fabeb669ebaf24e373584efe515f9482d9f4b3672964540c2fb78ce822322281

SHA512
06a9b2186760ebcc79849a39fb32271eb8633b82df25389787994084a557b0837048dd95a0d48d48fb1a7e2e467e96634fa48b4d61ffc28d4b045f76ba2ccf4b

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
af8646543b2c0684d25ca43c811f26da

SHA1
b34b67e7014dfeeb347b42a87ddbbabb38516809

SHA256
02af5c7a24ffe6b0838693f57621c1d687bbaf4fd971385f524f19eb62a46cc8

SHA512
11e8569949652046475d5803fe0a1b583f8397ade0eed1a07558cd1c31a10355541e0e89d61b398f35a145c269e041611572f7efb4b89dc2b11e61f4ef4c748a

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
9be225d3cf92fb7663c1c044d562451f

SHA1
f3a3cfa7687fe26f49465b4b4cf3db201a5c760a

SHA256
a25c72c718305b2589d259a64578a0af74d96117b6120772c436d159a701e3a0

SHA512
b6e5e5bb68ae58699f7889dc0b2a8998f95850e392d4747aea6358093ece7132f8a41df33153e043cff8313cb952d758135d97bd52692843f47b9f5324527355

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
897a609068b11e7f0adcff0e8eaac559

SHA1
b081cc653cd871fa9035cc9558b92b5caa43ad52

SHA256
c0ea270b47d5624842b3453bcb6e45ccfc5da454b93fb1e44c11dc8b82d0c7e8

SHA512
a94ac7a8f17384904bc44892b4d79d27811df1f3785515745c5f51c9dc18c523ca3461b5bfbcf5a5af8163493e3f87cbc3859f7a9e2a463bfff80fa68b0e158d

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
268ff80b7357ed154a9186cbe5d0d118

SHA1
e33fc866a2e25ccf3103b06b250f80378f4a7d40

SHA256
61f8281bf0765d089bb8f81e11669fb173b35ce7478607262f1ac89bbe18cea6

SHA512
a014481da24bebd8f796f28796142f98e9a10a4cfdcaa25f460ee0677bd6d21bb3bcb4c4716336b351de79ec572c0a77652a3ab052cf6c595df42c6ef8348e52

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
7e33989b6ba0d13292546e61f85e2d53

SHA1
215cb1761e9bb92688b1d68bf64e4f315537594d

SHA256
dba7cfaebbedc567ed1422527392be7a824e1721e6a6a6d59e1b1add36793273

SHA512
9d898fa7635f1641708d28172bcce2eef82b718e235316dfc12b3b7a04953f5bc83401020ce6096d152a0a448226fe1f335bb2e1d8072a911d9dd9ed41831d95

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
fbd5409e57c837bdeffacc31f239b8a3

SHA1
4fca8ea55fa5967e15200b1e48e9e2587f0b8000

SHA256
4d2b28fec75d71e32ede80e2c433d429b5d9a8e7ce73c4a4d79c1a5793e1eed0

SHA512
70eb90fa6850b9c90d03f81a3244c5fd42fd0617f02a6800304ef1ef7538cb5ab359b0849ace23b9b7fa77ca9af3b17dcbfbfa7a814d523d7873301d8e632b29

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
3862a3dffe2b406863e46a4ad2e03399

SHA1
b9d34aca5e3fc666372067d636af81e1e0f186d7

SHA256
c57b1def53dca79e15c862bf8807af314b4a64fc71609ddb7fa5fde9c016a223

SHA512
9adfb8aa826e8437f8c3c88d6ffb8dd163ebe14e68ca7d0f6a19282012ee8df4bd9b462648ddd1fb0e67ddd61cd5ed52ae5c92a3cd6656784b44f5d20fe27b84

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
c20e382fe7fe597c20bd79953deb9176

SHA1
9b40f38f34914b65e1a81a49f45212171f6ab70b

SHA256
59e9fedb19fa926326cae5d1d431434712e05d2f8f60d4e7083fc72e44160519

SHA512
fdf160c6168be55ddebc60b3fbf12c91956863652160ecf21d073ab5a4b8fa1d1c713821dc2b44435d2b5241325d866d903f1c28313db42ae128e03352f745fd

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
36c6666cbd6a0b7c0c99ee8025f9f7f2

SHA1
d67d28d74b31629cf7cdefd5f695ac4d216fa5e9

SHA256
a824a69539e1d2e4c301deab5b1de821099ce9a079ec55e29aee3192d8e98b50

SHA512
51a05b387b87e53e9341e4811c121044d3d83a760750f954d6f1a619d1c221051cb5c38d56405912d7e14b3f0ec46eca4a13d4af4aa852907408abb542a5a8d1

Download Submit
memory/400-649-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/400-431-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/400-319-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/436-256-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/436-257-0x0000000000900000-0x0000000000960000-memory.dmp

Filesize
384KB

Download
memory/436-269-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/628-407-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/628-656-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1204-346-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/1204-650-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/1212-384-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/1212-654-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/1412-245-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1412-246-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/1412-252-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/1412-357-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2128-646-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2128-334-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2308-432-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/2308-658-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/2432-271-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2432-383-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2552-395-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2552-283-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2568-26-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/2568-17-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/2568-25-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2568-235-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2796-396-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2796-655-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2816-651-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2816-358-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2852-63-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2852-54-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/2852-60-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/2852-65-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/2852-67-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3024-424-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/3024-657-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/3052-39-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/3052-40-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/3052-31-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/3052-236-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/3128-70-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/3128-69-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3128-76-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/3128-240-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3716-51-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3716-43-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3716-49-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3716-239-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3952-523-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/3952-323-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4300-300-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4300-418-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4604-27-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/4604-6-0x0000000000A40000-0x0000000000AA7000-memory.dmp

Filesize
412KB

Download
memory/4604-1-0x0000000000A40000-0x0000000000AA7000-memory.dmp

Filesize
412KB

Download
memory/4604-0-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/4804-369-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4804-381-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4900-298-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download