02ef8de31bcd8129718d43fcff6e6eae76b3dc26d20a1962c73a908f11bcf548

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-30_ef2951372d36eac6eb7b9e06d2c43643_avoslocker.exe
Size

1.3MB
MD5

ef2951372d36eac6eb7b9e06d2c43643
SHA1

d219ae3d3c50aa303fb6ad111f0dde8991cb53be
SHA256

02ef8de31bcd8129718d43fcff6e6eae76b3dc26d20a1962c73a908f11bcf548
SHA512

844516aa5321ee8029d119ad1e93a16ddc558e97eb0c41bcfa6fdb790e4bd847172d465f5e89b3836438ce2111eccaeba645066b4e22c0b49f241339f8858d72
SSDEEP

24576:u2zEYytjjqNSlhvpfQiIhKPtehfQ7r9qySkbged41SwPHU8X31PfU17DhZy0lxHI:uPtjtQiIhUyQd1SkFdhw/3FPfUNDZ4

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
1572	alg.exe
2712	elevation_service.exe
3744	elevation_service.exe
1344	maintenanceservice.exe
868	OSE.EXE
4708	DiagnosticsHub.StandardCollector.Service.exe
4772	fxssvc.exe
4920	msdtc.exe
2904	PerceptionSimulationService.exe
264	perfhost.exe
4588	locator.exe
4840	SensorDataService.exe
2356	snmptrap.exe
2968	spectrum.exe
4576	ssh-agent.exe
1836	TieringEngineService.exe
3248	AgentService.exe
3024	vds.exe
3136	vssvc.exe
3712	wbengine.exe
3760	WmiApSrv.exe
2116	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\2eb72122ad45b396.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-04-30_ef2951372d36eac6eb7b9e06d2c43643_avoslocker.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_99140\java.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.106\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{C1566D4E-90C3-4D8D-8731-8398B4F79F34}\chrome_installer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	elevation_service.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000023a41e00e89ada01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\regedit.exe,-309 = "Registration Entries"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000049dede01e89ada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-194 = "Microsoft Excel Add-In"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e6b55000e89ada01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000dd656100e89ada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9923 = "Windows Media playlist"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a9de3800e89ada01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{80009818-F38F-4AF1-87B5-EADAB9433E58} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c0787400e89ada01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000c544e00e89ada01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SBE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000070db7600e89ada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E46787A1-4629-4423-A693-BE1F003B2742} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007f40e101e89ada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9908 = "Wave Sound"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c4019d00e89ada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000005deca800e89ada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2712	elevation_service.exe
2712	elevation_service.exe
2712	elevation_service.exe
2712	elevation_service.exe
2712	elevation_service.exe
2712	elevation_service.exe
2712	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3796	2024-04-30_ef2951372d36eac6eb7b9e06d2c43643_avoslocker.exe
Token: SeDebugPrivilege	1572	alg.exe
Token: SeDebugPrivilege	1572	alg.exe
Token: SeDebugPrivilege	1572	alg.exe
Token: SeTakeOwnershipPrivilege	2712	elevation_service.exe
Token: SeAuditPrivilege	4772	fxssvc.exe
Token: SeRestorePrivilege	1836	TieringEngineService.exe
Token: SeManageVolumePrivilege	1836	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	3248	AgentService.exe
Token: SeBackupPrivilege	3136	vssvc.exe
Token: SeRestorePrivilege	3136	vssvc.exe
Token: SeAuditPrivilege	3136	vssvc.exe
Token: SeBackupPrivilege	3712	wbengine.exe
Token: SeRestorePrivilege	3712	wbengine.exe
Token: SeSecurityPrivilege	3712	wbengine.exe
Token: 33	2116	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2116	SearchIndexer.exe
Token: SeDebugPrivilege	2712	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 464	2116	SearchIndexer.exe	123
PID 2116 wrote to memory of 464	2116	SearchIndexer.exe	123
PID 2116 wrote to memory of 884	2116	SearchIndexer.exe	124
PID 2116 wrote to memory of 884	2116	SearchIndexer.exe	124

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-04-30_ef2951372d36eac6eb7b9e06d2c43643_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-30_ef2951372d36eac6eb7b9e06d2c43643_avoslocker.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3796

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1572

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3744

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1344

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:868

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:4708

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4564

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4772

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4920

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2904

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:264

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4588

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4840

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2356

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2968

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:4576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:3688

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1836

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3248

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3024

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3136

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3712

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:3760

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:464
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
3e6337f77e8d5759be6d72f8e042c48d

SHA1
b3480d4d589a0dd70858907e61a1e03117d4b3f6

SHA256
60b744726a2da99be3271f6f2b5524a47bb3cecc793b4857aa27581d7d36132e

SHA512
4738480bbc4b8e47abee0678d8d03214e6caa4c68363bb915e4962b8f70e86ba7709dfb0f5e1e860c0790d373801d1a2f6f9ae444c60e71d111f062a87558caa

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
789KB

MD5
e57388d03228e1bd69696326841f2951

SHA1
79ad40d2ee16cf82eab5403dff30d7fd4fc1685e

SHA256
b6340bbff3041845e943e53de9bd29766f519e3631970350106b1816826a8cf1

SHA512
8b4955c50e213b0ee657c53dd330a77fff0a6e4b89ce38871b7005ddb4cd396d6b344ea294db319bdeddf12de7d2077138649e8232dae83532d9e7becf0c1ec3

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
a3fc13270348d09882a68254b92188d5

SHA1
100537ca2df9b85202b01c7d6702ecc9f79d0791

SHA256
8e0c41e8fe5537c3559f606decf1ebebcd2cc3dcd3d4acc1da5da506e1e5be21

SHA512
4b1ae6efbf96407818aa57ea2a1660a6520676ebf0d4980d46ab564781e0f81b3b2d68556b101e38bfba14f012423c98ea26d423d082e944c357d9a2a7880151

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
9173ab539a03cc3ac7add733b96ba20b

SHA1
1032a4a304a991fc11e24dc4d12fcfcff85e4466

SHA256
9d614ed22bdde737ddbbf6093193c1e2522e5b076fb92e2f7a67d746ddf4a686

SHA512
7b29b8ccdba020ac593370672b004a413885b43ddc012a77b8553f6d241e451640b615e81703b4afc25e12eb7084ca02a73b37dbd1f50f85c8672c13b1a3ad6f

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
a9e7b30bcf592ee7530e32b2e67f8813

SHA1
445f9b56d0bd7aeef6189d7bc1f6cca24d01bc28

SHA256
d9e151829ae60abc7b2a425c7601b2e27b7f8bdfb9d5d5ef9b3f2a7b3a529d00

SHA512
d4324775b0bbbbf0839c300b4db3faa733ff5da1356f7470ce63724c00f3afb4b06b52a4ce2db81fcd74140199135e2ea7dc5b3f006bb0b4b3098acf59caba34

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
f97db2ddc6b3b664eef76eb4abcd82d9

SHA1
b668bca5a5b9b9191e106aa77b895d8d4afedd26

SHA256
0845c1710941bb692e8327e8d0eab429c12b30e058d51c89f8bd8caf76c900bd

SHA512
a7fc1afa1cb720b1c65e73f05306514a21f9fed9e723f030f3ceda29b0495562f9f4f67de9d24809953c5e109a010c63320b3baf257485941e15f77dd1190f4c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
bccd31722992d5dc8b1032d4fcc3a758

SHA1
4aa0d14abd69b44fb862222c3604e228c52c5e5b

SHA256
4a784a991363e12384b378c7e5f9690ddabeee9f409f63be765e5a10ae776e7b

SHA512
2c671a9b4a5e20ca5b1df7b77cdeb91b51b5f77fcc3219fd3aea5c73e54fc14e36e4e0a40a40ebd289dd82573c4f8d91c0db6cbe77834ffde24b247c7b4fd63b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
e1da279730e431ab76c4af4e71c50e54

SHA1
758b1156cf5eb5e325918dc810b5028f4a9db704

SHA256
4543199955c73a9af7da9b64b3aae38e09fa63ce4fc154f63b6d4f6723a158e2

SHA512
2bde6d1b325bb1a8bb63670c81ccc4ce7813c80e3f9f46a3cbc44274b789664af3ea7e79bf9c4a28850c4a41c58067bfe532e07d9585c96889e5be15eb26af9d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
463d3b2346d1515544b63fa2ae3fd032

SHA1
da73f83087c9dd2833a53484b2ce6108680e40a4

SHA256
dd107c2fc6c335417dd2052c710711eef21c7ad8c70b22287da4427c56c1a2dd

SHA512
e03949d90caa605a4a0b9d099513716718e4f44f414b6fa5da8f5ff0381bf2d1a429ebdb50603dbc3053a370bce7c8a021b93c14534474190698a13614c63ca0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
3373550338856065b2e1b7b363d41385

SHA1
08619408321ae28c12ac94a644eaf0f3a98372ad

SHA256
82c192dfadc3287ca381ff03d3954e292b27e2b17af516972e1497fa7d6c12f1

SHA512
dda1a72d6f4db263bcdba2cd34db4e3620e70359afc2692b04b3375fdf70c951ac49d34de5320aaff8219aafb47e3c7e81f6d1cbb966f06681b37f1751ff67a6

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
ee09192170b3e167e1bad5497daa9497

SHA1
311936007d5f011daf2b3f16f4b8569d7d589d8d

SHA256
f7c45ab258a9796440ab6cb2854513f4515effc8aadfd83d2023b9b79e5be9b4

SHA512
76294e7c85d2eed1cdcba2f84b3af2d4ba834751f603db53f2a3fd9051912e52754c95f61fa9766a6faff8969c78eb1cd93437febc2ae6a67446cca698eb1339

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
f1217aa9bbce84075b3104390f8aa929

SHA1
3e3175dae7d2b3c4034e0e5ab042a1ad8e00faa0

SHA256
72d1f7b8a1a553536f86476cf1e211e313b3872043e1b0e8e6cd8f9353d2bf03

SHA512
aee5241d90785708c0b9c635a095398d042cda4e8defc1bae8314f99d6e7958b97fef66b692dff455cc9452fbb0705032c96733568c7e3c3d18120ef53bdf486

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
a870bdbbd8c55c934fbc0741286bd6c3

SHA1
65f7bdb762fe35f7ed893d344c556583520b5e82

SHA256
55424d6c862e3162493c651f5fa98bb683ae928dd018dc10e8fa58945331082f

SHA512
26b6883c4a4fd370d8492e345918e76ab7ee6ecff089b06bcf222f9fd0b3efb33d18966b186708227bee0cdefcaf42403b29a9ed7f7655a218d5e63fa00139c9

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
0b2d429c09eac9d2b43a912a81d104a0

SHA1
dba411e0870a3459b8f83c1b4d07ad55bdc22470

SHA256
7ea0a23f09f9979153f5741aefaed644dbeacbc143da9e22a9f04b53ff872ecc

SHA512
c5d9bf1643d16a7158d325c24a722eade4cb27abc39231458b0ef41afd3dc10847e6c03b412fb9f02cd45fb2e4514ea8c42da0da638d75067f543fac66e096ba

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe

Filesize
4.6MB

MD5
eaff974c65363babd9c1b55dc757857b

SHA1
5cce90c0b3f45deb08f3262924fe9ce172fd9c2d

SHA256
826fb23a28421d9bcf62d2d7fab4f4c7048a89fccb7940325b577e86e20c789d

SHA512
370c531618c2d0a94717707dc4ac01c97758ee535231f5e3025711e39c616be53495be20cc95133fa780c92134c09caff876ea84b1db7bb8f6497a212382315f

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe

Filesize
4.6MB

MD5
a11dcef0269ed84e69f0d855c56bcb91

SHA1
25ef70a445bba23ec72ece054ef45d54f33273c2

SHA256
8892840889f6879f8d7b8e57579900d51c1bedbdc4c3ab41cf85355705f33882

SHA512
859a885abf682846f54c0cb9238bd973bbbe78a973a595a72860264fa2f0f13d343132f143e01444ce8d666dcbad2c0460a35b48323c3a3c1d63039f06089e67

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe

Filesize
1.9MB

MD5
516091b315e72bdc2059aee5120db99e

SHA1
be590b0a2312d9f0e7764b0a90ee5dd3e963d631

SHA256
fcb5697e399f710cdbadfdee48bef45d2769a1b9f8b1c7430d6431753bad94c4

SHA512
095ad4085106e09424aac52f7e5fe9cc2a41dc3748ceed7a4a35e7e7a7f420516bc6eba7d547337e2834807d3ecd84ca5ad5358af1991be55c54aa5b69f53c3a

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

Filesize
2.1MB

MD5
28d02179491f0b11836efba3a28744e5

SHA1
72fa54f5287e77bccacf61751b4199aca96249ad

SHA256
294ef32eb5c35b662bbf38a26e27b9cca62a0682e68b0a79e1e2661693622dda

SHA512
03ec986ba09a7ae7b1a92fb4da968e1d5d92f4d7076a67335709ee5acbdbf3fddd996ff9e697af34430ef923a6ff87c5a19645ebd4ca0c91572ce91309c5eab1

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe

Filesize
1.8MB

MD5
ab8e36c889f87314b716599b43a3d6b5

SHA1
39ece0b10156358cd9916a4b576421229b81d96b

SHA256
19acd0ce4c2c2ad720f0fde7c8d6b9409fdfe8827ac3c2c181767911c02e67c7

SHA512
670b7a1e451917c8224f237c85e21ea12d1ef2b3400aa130dadff778f92a2335e1e5a2d026debeb92966f1dd5c4dfade646b67f24609c9e037e4cc58f176ea08

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.6MB

MD5
b8edd4f38dcc4e93972646e39dc29a37

SHA1
6056b61f60c37c6b64c27670984c0c8a674e320a

SHA256
0c6087febfef8a7b4f7b2eadcca62cb0b76862a181ae00c5779420b049b4c09b

SHA512
2da1d0ce5bbdd45953a7c90990488de9766c84233758777ce0480c7b40cbc27938395bca151b952b36488c908297fe6c4f2ddf60e497a4d2da1557936a039452

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
27d93a4ac68f483a9e09cf42a9e3f44f

SHA1
bcb63f7552ea086d1bc371fd8270c93cbb96a1c5

SHA256
a49417e5987132b0b5d7735f1e895d93af17e150cbc7a3f08b306557da7bf1dc

SHA512
097add11c2fff86d234ace3bdd1aed80a3daff612227c3c6089d67c07de2b2a939af5b617726ad831ab65e4d2bcd208b6825a451a31cc3110f027afeb89ecd70

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
e67fd15964a68cb27dd0adad94731f7d

SHA1
f61081999c6695226a475e1c5a6eb8e250610b53

SHA256
411bc64abe296479e666690d7e324eb748a301e4d6bf6c700619ff15616aff32

SHA512
54e06a269ad6679b4e44d4c239de7bfbdef85ac88031d25c725f14d487770722238a9d5c8af1341f8008b9da6a777dc4b81499b3d5304469186ecda2ebde26d4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
007419f6b77385b76e913e1b548641d5

SHA1
b55b370991650117fe86aca07cdce7102dd5dbac

SHA256
120e6e920ae1d98a91fa82c730179539f53dbea1c4e4cbaf83f21531661fd1a7

SHA512
2ef0f55c9f2a574afdd5e6c687edde559c0096e48d673fef7b1155f71cf69f4896089de9777820ed16a6788fb09b220640f53a7b77598326c227955ea881c466

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
ff71f0fd702c696b675975f2e1ee251f

SHA1
2ebbbda1712136b6f16bcd25d6a9b1b81ff7d6b2

SHA256
1d1a06497b749dbc265b71c870144c82e14e150b53dfab99768b4add2d73f4ac

SHA512
b5a2ca951dc3e4931847667927ed96af05d6c1489632fd49d7d1617defa3dbf5725cd2c7ad8e55c620b4763c984a2f5a9f1edc0651b9705feb5408afb468927f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
d31fba0377626d281296f273e3c4f190

SHA1
44ec34d17479c2e8dd64ceb92be0ff3b9592a0b5

SHA256
313a6c4dff5aa3a8c57c28c5f58c8eae74e77ab0f49373734e5e507e4c3fbe8a

SHA512
534040b668f7e16f76e43fdb6c487e66035336079466fd9ef0758ddbe430889c51408cfe971adc744b5ca911c91e0099276c1f6b615f98c10953a9ecc7d66c8e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
e6a76b0cf3b1b3821c1d1606eebfe610

SHA1
b201e1ad7595847ceb9a4aea5abbfbda1eb94479

SHA256
612bb585e69fb327f1a322a4da8e981996b638d0e5c56a50bf3af705c81b6cd6

SHA512
29185d4f22cb7dbf4dba34e181c50591b1780f8b6d7c9b91909cfd1d3013d185766d240b7a0a5819dd71bb617810c636ec6c7b4f5067374a5bcfcbbb67420339

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
fca35b1c8eb0c5927fcb8246df630e20

SHA1
c0bfff80085d81441c99f9efdd34c4c93f3ad830

SHA256
a33e90e4d028ce723b96c1004f1c483a767de20f8eebb28e5674297786742891

SHA512
bc2fcf48fad0a925a9beb693eb4a2918ffc6cd4ec9764912bac62a3ac2197955efa79900669814b0394ff3a24984ef4199d40be88e09841cbeb21e553b1f851e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
b210f5fe63f078e7aadc2e4b7b4b6946

SHA1
1402aee12756d3553ef73a6da609c385ee31aa81

SHA256
e3e9c281a9122a584191af12e71cec4691886ec9f5918e0c51a719f4114e6fab

SHA512
2b60566ac6e8b89a5c363752d613857c799e6bad931fe886eb06d92d3d22694bd9e122939f0c00727afb5131cf67b07757d8516ea3e24f1bebd9626ec256b743

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
5fde285985ead24d35f9cada4d56d88d

SHA1
169b5969e2518c6c324870838dce366e0375911b

SHA256
ce7402d99ee12b57353b03bd378f7710025b67f942eaa77a300b89d341786871

SHA512
37856f63f639a236ac46f1ceec571dcddbc388edb6257a88a51116ecabe2f9273e554f579724d462ade21e48c2deec03dbac9396decf03373e14233974dd9e4f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
20a44add46a75042aa7fc255a6ee73b4

SHA1
170889c3d7169a1886cbf7cc9a94d4f24a4989d5

SHA256
f121e1a89d9beacb549a6f387bedcc26aa8f2426928dd936edd605d6fc7df7bc

SHA512
842771850674ef30093b9b4b9397fb62ff782f65b6a317529d242b9b58633bac976e957b6521ee5c8f5612fcd492e671205d1c41129c1ebfeae599b622280084

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
0b856779e05c1bb0e4603bcabfe03d73

SHA1
7c328201c049afe43cc3d82ef0155ffb94d254c6

SHA256
e68745aabd7af1214a60243fed65b41f6538616e0f5d2dbd7a85948fbbea2ad9

SHA512
6e168b8c57065e042d17907666684d05736d5f9cc42449232dc19745131ff0e2a31b7d780fe8ec589a50cfb05b4cb12597bc8763ea0bb70cb3e0ac891e7a6307

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
15ba6d39846aea6c518a67aac9b4be8d

SHA1
24036110424e1cd0a297f5cd2d7138aea45168d5

SHA256
2137067b6d42937324fcf057f12d5e92d6f544f688b33be7a8a65eb403e2964a

SHA512
3d494b47841ee0fc0d5d818c2f76d8088d9a91212e98beae988caec98e04f63c3e00e80bf023dedd5ab1de952c6948a1c97cdf982cf44fbc64d37c8926c1031c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
8cceeecf7336a0f05bd8e85099fe5e87

SHA1
75844eb02050ab44776fe619d86d8009b3b44c05

SHA256
121de7cc3fa5d31600de4cf20762369ca62bdd5741dfbbba3fb9d9402157ef65

SHA512
6c6b39c22167d3bab4b7a6cd75812df38542d5cfcbd8e0980a851f193279152e2f5af50e35f4a726d49fb2b8bca483fa615533d482906f85fcfffab7cc5be0be

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
587437466ae6b5eb01e01b005a10c28b

SHA1
25e48ce988e8c1bf453b3195de388c729ed4bbbb

SHA256
1bf13e4084e810c076f390040d30d4cec48d239bdc3ed4cd96a818b59aee90be

SHA512
2b22e5573c5f06b64da377a90be14b34127a8e95d47c212be02096d1b4750381c0d0243bff20c809c655d939325b41c39868b530a32408b00df22a52f56480d4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
20163d81798648d992ac104cfeaa7a25

SHA1
e86ad5256b17009b80a1bf7dc4f68b6378508e93

SHA256
771d9276a31c7a2303ba5a3348458c9a347f519f4ee283726c8f22431449dc5b

SHA512
63f8df10208a76b26fc1c9df888689d008c275733b489cfc3c0db2dcc5cb37838101aa6acc13255ef96201c6d0f89d36cc7104a3554e1898c9c7aa8058143092

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
6749b9b842defa933b3d98dd4cef8a31

SHA1
beb2f040741c206345e3e524f694bb859f12afd0

SHA256
f0709a4da24203d84355eec7e2deac6a16b5aeff91cd9cb4309cb51b6b04c1a9

SHA512
11c33d7264706b2add3eb58309c66d71f8c97120578e811ed5d02f35897ca4a9a7181f5b2f313ba9eb7e0f3ffac961ddcf7153b02f084d6745ba7e9854f02548

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
dd6d20a71809367358a241c6904e8ebf

SHA1
302eb31ed0f8c3ee06030710dbaed7ba03af2faf

SHA256
d95d9f8a4c79f9b6e5093bbfc39f98b08d4ce1c5e8280b890cf71ebca20bf3bd

SHA512
34fc0cf07e96a30873c688f4ea8343a45dff9298d6d626bb744caf51b24576991ada06425cb87769f7908af863e9495867240e152f0b5ba70fbc9d8396442175

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
5af1585fe081b842397051c8d5000edd

SHA1
a90b10b6ebae607c4da310219076973f284d225f

SHA256
0481d45f36fbf84f4fa4392253812015aee7bfaf74557ec2279ff761e7c1274c

SHA512
e7c00f6f87b152f90110d22a6875e1c05330942ad8f9cc060c10ae308fa1aaafe7be1963f46a9c7a08c76dc9e1898876600274bd9f8221ba1e668bd2db9da708

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
d43f7e09d29339dd6efef7a6a19fca7f

SHA1
28f8ebed90b0115fd7793b8e194571c8a7507316

SHA256
1cb60dabc79ff7866dd77ac1374625224943acb72def8175010969e72ef27985

SHA512
a664c237e113a1d17f69256728af268f3bf57dea1bfe5a412f46c79ea676bf9d410fac878eeb3d37d81ec61dc9109b007921e6ca48145f24fcc0f23e15935eca

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
99c4e7940209c66b19b8a5070f4ea902

SHA1
05c41d33f8f4a74c225fced68f6277dd8f595ec4

SHA256
d46d4e9e7299943169e5a79272191d5839cc02ea107f0942f22f1e56e52dcdaa

SHA512
87d6fc0df0eecc467cc397dbe4511766e153db26e783101e4721272f41c21851b80746caffa6e14d74f903215c673160ed83ea0129e6624f472bd95b6d7e3573

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
fb42e740d5730d34703de2a59e2208ab

SHA1
e5ed03547e9f2af6fdaba74432535a2b1222d7e9

SHA256
169bb3224516abebadff05308e3b5806ff1b9943e791e8ad25c50bb0ae182067

SHA512
ec87e8e542644190005db07efc1c2561efdd33dfde70be6a876300004cc1659b409e45ab3e70d5aff959d725222c315c5feab93ec16b5ebd77f876adc37f2021

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
529a952f57cf044a008518e3efb2b9c5

SHA1
14a1181e3310b1bbaba2baa6526fd7178c251b6e

SHA256
e2c1259d4ce1be03c1e6dbf499ba603698e88e1b3f84b8a5a27555449fca2e86

SHA512
9d4edc2d47d3d52f353a6923076fdad707ddd174c481f3d82db897e2cb427946f1f2efc393405dec0eba519ca1807d248b55dd122ad23930dda3a1ea83ebc465

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
dfa8bc9f093186cd32a8fb2466a8e1be

SHA1
be575136e003116960e549bf24c45045819d2aaf

SHA256
b1a54083a1ca58b6cfb670265e8542301abc160cac70efe1069217711bdbb26d

SHA512
7cf8cd3d42341bcd8ca3f0ef944075f245391f9dc8e0a084148a0bc72a84eba4bc796747a0ea2006e7f041752894d30c627d4f35d2072d84cc3ef445ea95f165

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
f7f73c83bc63fd3ea2e61152345c9138

SHA1
7dec4c2d57285b1c545d716892d98d31bf485388

SHA256
938b800f9274d7d719cb04dea3003c8745cef198ab8999c92f49aa649d90b205

SHA512
4aa8d3f9f04eebf53157bb2b75f76cfbdc78e47bc301b3fee4d1da3f444b21468a04d2099ebfa6fb559638a8c81f9bafb143b918bcb282988bbc1203f1f808e5

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
91e2801f613597aa1e6f157a7f0ddb85

SHA1
26f6adec4b03076712a9ec9fde1aa0601bec3137

SHA256
1ccedea04aaddd65d1348ad90e5a6ff1a58f8266aea3b3ee76f876460d94c60c

SHA512
40e7e6feefd033c2dd30da1b18b7ff0926c79e8dd554106707c3b35b2324c7336978f7193ec722857062300b9b0e149feb4ebb0beabd4a0fa5f8a15a5274eb32

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
6dada8bc999fef8fd6115a5f5a73ecf0

SHA1
0445f2d703e62998eabebecf0b0268eb75c846a5

SHA256
abbccd82038553f145e2dc0ca8d743948ff1a1afac85bc879f536fd365237def

SHA512
0a1450ede7621ad5aa173294edb701289b34a241bcf735d8997eafeaa5060f9082cc83cc763d7aebf78e6ea8df6f903aa558cdf3b637f99b790be7c0547c52b5

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
31acf4c6366f613dd081762de7806f27

SHA1
b1eae5fe9d9dd9e6492002209fad66d29aae9d0f

SHA256
0c9b9db835c680a35791f3b7b7bec8c83d1910332e92f8afde67cbf04cbf8429

SHA512
521c8356912518ec3574d3514cd270bbb26ea7c694314dc2defd45035efb2ac5b3bda5391ec989926faa07caf1f04101a336fc585f5cf826e9c353f451e11b7c

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
46bf45b1cb2c0047613636e25a0de7b5

SHA1
036c8d8fe6a56fec31d3c70e50bce856f2bd3da5

SHA256
4da43d7b29b69c74eaa324654a168be40f8544ad4d7d50f8170944b33fbfae07

SHA512
fe18f849a524ce88014235f099d751421e513fe0319f1dfe0931c12d37ca48a3188b1d1105f390a3d8b49119f44632e144fcb397e97c11c3516c82ae8eeb2824

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
a0bb4916342f98870624314608378a79

SHA1
eb513a6b6c185a9f266bde759f13ace2e3849675

SHA256
0481ff34f4bf74fed46e45483694c4eeeaeba0d27d5ca02d9027a7cd9adb3cce

SHA512
e63d25466c3fc900bd9475a810c3b0667ffcc73157b77f144c3da50616f17c6c5f8fbfc287dc7265a9f3031a0aa8b474cf2a93987b795de6aeae2dd87e57c856

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
3e3199b8fa94b7321e5aa65812b00ff8

SHA1
2cb52696d1216c8a6cd8673d884167159b21bd0c

SHA256
b47e5da5af36f7e8ca13a80c14ba8feda0b59d88af38479514e709ed85b71751

SHA512
6c9c5b491096ea429589c48767fb5fda82cfe8599683ea3f965a1258bdda4f6166ff3c4e306d4bb07349da08944aee48b08c8c1acfd8a3c0091c81f5056678a7

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
b1a0b54db13749548d50f3f112fdf727

SHA1
cb9986f5b2a3399b906519e440a6c3ad9e8585cb

SHA256
71730a82f5eb991a5bc5c39f90221544a9826174206b1f812ff4b9e86cc3a711

SHA512
2de2c7b59c5106a033448717e939d3b77556f2f493519e784088218d58e594e735d7a6088276f933f8ea3d6fb727f15193b055b1583c994c15e2a5ce6a59f482

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
b75cd51dd296f74267fc19dab1f66121

SHA1
24d36f91a402b7353de68ae7cb432ca399d9f3c5

SHA256
33a4046abe000c32d988cb068fd8734013661a5b0ccb8de0a657c29735fd8506

SHA512
951eb6be152938fa60cddaf90600e279dae949acf6d8f310e8627d15b72f7fc899a3ca669459e07de9f9cb12667573aeed94eeb590901b4e1f8b95c135604968

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
06fa850dd06c1bef74f284c6c7213e9a

SHA1
9664cb803b4c0b13f7dc8fa560e9fb7df6c80345

SHA256
de158c37b1353946e9708e6e6020a1eac710b89ce3c22231bc889649a9c010e1

SHA512
0b0617633bf9e8a146ba8b4afab78ed4e442a7b21f48205794053e7bbe75190c5dc7e1af1a3e60b798ec412bc59aa32233e7fcc23eb9c53b559722ebbfec4025

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
59021607672c468e222f80a8a549b02d

SHA1
919a42dbc064517372c185ee4f4f01d407e0e25d

SHA256
b6ca892ffb1856c96a2204d38b4b576f62d87cb47ac945cef4682dff134fb438

SHA512
449dd2d7e0d437ed12c63d33191badaedd173295afdf0e92461f8248e5a72916f021699d37f200d571f1ffddf6394f32cba30aa3eb31f14089613545ee074d71

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
b0326b3688636956fd9e4bf60cc3b380

SHA1
4c5339b9e5a616f4e2ffaa11f16c2ef31293f2f9

SHA256
7a60fb582ec9e4347697c1718b7bd10b22c1e26f9f05208873916d7760f7cc15

SHA512
1935a4f1180826e14d9ad4ebe9a71bad00d1f2f10d0cf1670f93407d7b722b4c62f5d37073f804fdede7a10aef16139f8634315cab418fa14ffd581769e97d2b

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
3ac1d9db45d082b3b33b8e20082c31c7

SHA1
ada56476ac52cffb78f20d973583e02471a7e04f

SHA256
fd0b7fe4213a2e7c85e0f30df7d037ea5fec88d5ae978cce7bac2e106842a78e

SHA512
29363591de0b1b5fe9175ef11b5c9680bcbb31f1d686aa785ffe3666b3975d72e0a72a44a1cc9ed0b7172a75a53034c8d4014290d2a07e36f5b2473e170a84a3

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
bb573de50456748506e1bc37ce2f6c8d

SHA1
f04c3984d9998a384249cd768231bf07b24f270f

SHA256
3729c123388b7af1c13090fd20d437b37d71495ffee3343c4da2503325f5bcb1

SHA512
588f4f9b0fb176b5176b281296ac47b887028f92ab86768d2af287a262576991ac02194ba5724491a00c4dcdccc42776cb530e7fded5a7de46023ab1ad80dcdf

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
1ca9938c4b28bd87dec84d7f2b57b533

SHA1
f0bb50e59d4523247d48ff0bbd47aaed4b02cc6c

SHA256
c1bcbb221ffbd847f21eaf808cbbf39139553a59063beb9b18e9085f41e723c7

SHA512
d7ca3dd01f6eeb8bb65ab583d5f8b1e0fdc18c9da1e8cb20b110a697cfff70cb65936d4d0fc347ffb297cf54e01ccab709d126c647cc9bc3a7f0e7dce2300046

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
78ead834133651327828cc4688e78a1e

SHA1
2602c23a86b96474a3a3f6a36a09edd4f40914b9

SHA256
043a19dab458d503c5013f499d9aba2fbb3b7bd77a141734f211bfa523200140

SHA512
1f82871c2fde6c8068ff2b473afa5e757b77493fe832c71bbd7f372a8936e543ca28bf6c42b99cda023c3d9b235ee10bf4e5cd6f27c3ef58624fbcd57ebd49a3

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
9c1c723737928e6fe7fd10bfa4a657a9

SHA1
04d5343ff03edc204c0d3d31cbaae7491d3946c1

SHA256
85b8871f6c44a1e4f4bfac8aef48db229298be7a6bc076d9f8088a8dc884d0bf

SHA512
670231ee4f59abe0ac2dc04aaac86ad7a1396079bac6d14b38697edf5b34518eceac44f59f0f48c4ed2457aeef4a71ce7e9bedac076bbd9420f6f26113c34748

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
789330efac5e44e6f8062087f39edf04

SHA1
b98acfa95b1e6ade45f7ea0d72b0d4b4a536dd2c

SHA256
6cc1a09c34984a69ab1ce4cbaa2108bd8cb1cfc4c73d298e120f555f0fb5f402

SHA512
6da71d638ceb44ec3714769d6b6be6ee78c03fd6f4617d8b6f86ccaeaf74aa42b9e9aefd02c26a73a39b561256c62df9c86fab0731261a406b0e027b9df0efee

Download Submit
memory/264-298-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/264-407-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/868-241-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/868-71-0x00000000007C0000-0x0000000000820000-memory.dmp

Filesize
384KB

Download
memory/868-77-0x00000000007C0000-0x0000000000820000-memory.dmp

Filesize
384KB

Download
memory/868-70-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1344-56-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download
memory/1344-69-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1344-66-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download
memory/1344-62-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download
memory/1344-55-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1572-16-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1572-19-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/1572-28-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/1572-236-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1836-358-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/1836-637-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2116-433-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/2116-645-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/2356-324-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2356-582-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2712-40-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/2712-32-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2712-237-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/2712-38-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2904-395-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2904-287-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2968-631-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2968-335-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3024-640-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3024-384-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3136-641-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3136-396-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3248-381-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3248-369-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3712-408-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/3712-642-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/3744-238-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3744-52-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3744-51-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3744-43-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3760-644-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/3760-420-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/3796-27-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3796-1-0x0000000000A00000-0x0000000000A67000-memory.dmp

Filesize
412KB

Download
memory/3796-0-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3796-8-0x0000000000A00000-0x0000000000A67000-memory.dmp

Filesize
412KB

Download
memory/4576-347-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4576-635-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4588-419-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4588-301-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4708-254-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4708-252-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/4708-246-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/4772-282-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4772-257-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4772-258-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/4840-634-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4840-432-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4840-312-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4920-269-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4920-383-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download