d93a44fc4cb46b6087924f0f01e26c4d70c9a84d1516e0938a6a0dfc1c40a8da

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-10_af91db89c31451701cf486010bc7f7af_avoslocker.exe
Size

1.3MB
MD5

af91db89c31451701cf486010bc7f7af
SHA1

37a68e0e0698e4c2cac9b9de6b1ad51f243c2cd6
SHA256

d93a44fc4cb46b6087924f0f01e26c4d70c9a84d1516e0938a6a0dfc1c40a8da
SHA512

73adc3feab4737239defade669da074e7658910eb46b117d3acb09cb631e875a4bf1fe58ce96efe7abb09f558287550913582403a39d4ca0222cc77e245bf596
SSDEEP

24576:e2zEYytjjqNSlhvpfQiIhKPtehfQ7r9qySkbgedct/sBlDqgZQd6XKtiMJYiPUr:ePtjtQiIhUyQd1SkFdG/snji6attJM

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
2132	alg.exe
4456	elevation_service.exe
4936	elevation_service.exe
4784	maintenanceservice.exe
400	OSE.EXE
3180	DiagnosticsHub.StandardCollector.Service.exe
4392	fxssvc.exe
4100	msdtc.exe
5104	PerceptionSimulationService.exe
4312	perfhost.exe
1788	locator.exe
1860	SensorDataService.exe
1848	snmptrap.exe
4592	spectrum.exe
2404	ssh-agent.exe
2776	TieringEngineService.exe
2064	AgentService.exe
2072	vds.exe
4276	vssvc.exe
2880	wbengine.exe
4468	WmiApSrv.exe
2744	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-05-10_af91db89c31451701cf486010bc7f7af_avoslocker.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\4bcf0f39c3136770.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000caed602ddfa2da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9937 = "3GPP Audio/Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002af3032ddfa2da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\wmphoto.dll,-500 = "Windows Media Photo"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007e31a22cdfa2da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f3b6082ddfa2da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000272eff2cdfa2da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9908 = "Wave Sound"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-194 = "Microsoft Excel Add-In"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\acppage.dll,-6002 = "Windows Batch File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007f13872ddfa2da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\msinfo32.exe,-10001 = "System Information File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-105 = "Windows PowerShell XML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9911 = "Windows Media Audio shortcut"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21825 = "3D Objects"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4456	elevation_service.exe
4456	elevation_service.exe
4456	elevation_service.exe
4456	elevation_service.exe
4456	elevation_service.exe
4456	elevation_service.exe
4456	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1756	2024-05-10_af91db89c31451701cf486010bc7f7af_avoslocker.exe
Token: SeDebugPrivilege	2132	alg.exe
Token: SeDebugPrivilege	2132	alg.exe
Token: SeDebugPrivilege	2132	alg.exe
Token: SeTakeOwnershipPrivilege	4456	elevation_service.exe
Token: SeAuditPrivilege	4392	fxssvc.exe
Token: SeRestorePrivilege	2776	TieringEngineService.exe
Token: SeManageVolumePrivilege	2776	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	2064	AgentService.exe
Token: SeBackupPrivilege	4276	vssvc.exe
Token: SeRestorePrivilege	4276	vssvc.exe
Token: SeAuditPrivilege	4276	vssvc.exe
Token: SeBackupPrivilege	2880	wbengine.exe
Token: SeRestorePrivilege	2880	wbengine.exe
Token: SeSecurityPrivilege	2880	wbengine.exe
Token: 33	2744	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2744	SearchIndexer.exe
Token: SeDebugPrivilege	4456	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 1220	2744	SearchIndexer.exe	115
PID 2744 wrote to memory of 1220	2744	SearchIndexer.exe	115
PID 2744 wrote to memory of 1232	2744	SearchIndexer.exe	116
PID 2744 wrote to memory of 1232	2744	SearchIndexer.exe	116

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-05-10_af91db89c31451701cf486010bc7f7af_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-10_af91db89c31451701cf486010bc7f7af_avoslocker.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1756

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2132

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4936

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4784

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:400

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:3180

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:216

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4392

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4100

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:5104

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4312

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1788

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1860

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1848

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4592

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2868

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2776

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2064

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:2072

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4276

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2880

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:4468

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:1220
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:1232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
80f08aec0768a553a49499b481314c25

SHA1
79ff868772860b5418670db8edc74bcf336645eb

SHA256
af4b0df1e88bed5c1c3dc275b4d8325b06b07fe58c194c60d523a3ee9a017e02

SHA512
110c5c94df399001f8840a8866f9abcf19d3acd318b6851c03c853732d3774c614ca6d916b9944a111fc77dd823e21019ebc20178bec15129e78e4cf508b555d

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
b06976823c1450a15ec43e99e41a4721

SHA1
ae8f0221ee5cc924c0768eebd71994329d57ae1e

SHA256
8fcd1c2edff317389a4dd4d2cfadff3de67e7ca79339cce22ff75681d1fba5b0

SHA512
d68e11288bdb401bb7ac71afbe2b62c02dddb9a4cff8be20f3857676d9694230b1fb11bf0d6c714d300b085be693a676c5ba04f2ea476dca1183850c4f3cf420

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
43ef7f56d7957f9568923ed3df350524

SHA1
c7a519b4b49745998d3394ac50a1baac611a7c81

SHA256
118b6d148c89fa6863d95a11f0fa6ec4765061557e5b015bedbf6b63ec324c12

SHA512
a457fb8368f38c1be6d1e2f63d1ffcb66936e7051084b24ba067ac83eb735b40b3254272bc2fa55b8a071d2c9dcd0dda3eb80dc66bcddc4639145046bbcc53d4

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
4dc9c6e7347ec67fc269f84160e2ac10

SHA1
91e9069448294463c8916fd01e8ebc37e55ffd7f

SHA256
c992df531eb46d066f2d040fb28ee33a83a71f592bd4c4f3f21afbaba6d042d2

SHA512
b3d9d533f595833e93d7bae01152530a554cf0a488e944db91c01f473b2ae75076e720ce4da48da5254be7ffc330435b3583846c3aa5a33afcbf52ab1746107d

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
7c0835b8a8e3adcf195073e2b5d8e883

SHA1
e8349b81c690d69ea9da5d967c5678b5e9f51144

SHA256
d5ab9fb2b4aba4d9ea85cbc2d2214b03fb8c2898ab17ca242d682ee2ad60e5a7

SHA512
457722879e7b35b23feb5ff606185c32337d856a158e97e966efa74d1dffbe2eb283152c986d7e59afea5f97f36ac7c06b62e30166bcfc3ae11d9c2e9f3ee312

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
814c9d3c58d4be77ca48a34b8b061480

SHA1
c652fe32a3c68df74d285ceccd80ba4749956b41

SHA256
5420a6082a539298e714cb20e6373a945821b2d55a57109330b2e6a7da8fa794

SHA512
aae3ad402c1ef52ba6b6bc994c819c60d5a799319713affef0d0d3a78cff8494b28d5c0c4f20d3706e544aafebb9cc4e1b0903d4b6ad023b76a6e4121c80b140

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
a6e4a982a02f54028c8cafc15678de9e

SHA1
2a826788f61d0aabaa1b14554de879c615b0d565

SHA256
5bd3e68c7eca8573139ba06faa9d346c928e2b3e95d3b6f1dab246e2033969e8

SHA512
d04050f3baaf49e1e7760bf5b3a8c32f08a6a156047ab2899042573fbb5b2f1b9736db0d9eab7d515703593eb293a10ecb331d158f848075521970e5540d3289

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
f50cb63a05b4474c10902a9f309cdaac

SHA1
4b6c210255a14402227cdf027fb9fc94af510a86

SHA256
2eaab17926cf0499d8a32489137a13999fd0ed0474249ae2e17017a25b92a752

SHA512
c72e5d18e3c1ba4c6c6740dee0d7aaa07047a87800ddd9e67bfde029ad357ccb3b2cfe2aba81ad8c96c2f51a19e6fe5ffee5f19deb6adbcd3b36f77e71857e78

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
654af54f9722f099932f9771ce285972

SHA1
4abd064305fb8f92c2c2ccbe146faa29fe9b328d

SHA256
36fb8e54516452b90f665e9a7d78c4315d291dc35f4c1957e64cab28bc20c5a4

SHA512
f9610318a8705117c2023723aebb4eebec18c42882e3679cd5ed89ea4dde18ebfe1af741f8f7f2f8ac0d37e59f73431538a62acdc80726f813d2ddabfcf1999d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
8985998a3b4106ac5bb09426ba9fa74b

SHA1
c8946e0f618fcc154b6928ad94c6e943fa5bdb86

SHA256
810c27bbf27915f6ecdbfb4b47589858cf6657f0933f01029b07f8b267c2b4b3

SHA512
b581348bb8fbffe3ff828d058f25d47e15910dbdc977110f6f2f49f932186f8397b0ebc7166683fc7bdefc2ee42fb101ba43806832545af27e33d3fda2715313

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
4789a91a7863ddcd647cf55197b39336

SHA1
8e71a160966d4f424bdd737350cbacf4ccee963d

SHA256
58d8e2260e83bb75426267c5924ccecaa78f549e786988b47ed9ec26c2085f23

SHA512
1696bea5bee0844746f82b081cba33d100679fa94823b96cfe07d45e8eba9b637520529bbd5d107c80ecdff1845fba0054b2c4034cbae1da4ddf65b5466cdba3

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
c5545d39a7ed274b4ff9dadbd5527eff

SHA1
3c26c682f4bd10d17854653479feb122a0d962e2

SHA256
391ddc55dd90a77b1402b39d89c0e08ecf49aef8272828bb4d69192e26dd01ff

SHA512
8fb0f360de6e62c0fe6394a5b16d69418a011db31b49133c4b3045643ff5d1486764be571209bbc46cadcdb2bb82f0deb02fae8de308f9e8b376f5b5459b8720

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
6aeef941931fae52046b353a16060860

SHA1
d72a50ad555706887cba86b893793e93a7a337fe

SHA256
f3744d0946b6cda9b7e0af70e1652bb733ce1d12bd960ef6ea890cb4cb17b65f

SHA512
0de40cf1c087f7910456926db5a8b0a35a96b8dcdc097d91b0de580e8db5c6b825259b912051482e63c0147bb88fc6b4eb92b631e77010f0ecc90a87b297868a

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
e91075f931b3ebed3ea290ac318b05dd

SHA1
09f232c912ca2618fca48cb28da6549098d036c7

SHA256
fe02267db55a80b46f85b61848f14570f4cbad1c980971c929067eaa3f67dc36

SHA512
c00e642d81a92940e7c5135e63718cb2fb99d64987c1031e25e02df313a93a89f761a435dc37abbde4a0de4e59910870436fca0b070ade15f3268f78558d17e2

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
7f674dba9a3ad9cd744b68497f0029c2

SHA1
f5acc62fe893291179a8fd70bc0cee427ef8b214

SHA256
57114cbd4b8a5b22b47c97214a4a7d65c4a6bd3001a7d6f2fbd5e0354f6a04dd

SHA512
f4ea07f25e714d6f58ac579d45808cebd3cdd31adc114ca00d5394cfa778dba06884a7949022bcabc7b4e0e68539f5e94c0b763e338baec30e75a76baeae389f

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
b406917d4bdfbf75238b63845370d64e

SHA1
f4542305952dd4aae335a35e7a939abbd1a866ae

SHA256
692e30f06e32fe88e1a551dc7441984a80bd925a3858054e0b1b46cc6cdb902d

SHA512
017c970c20ceb7f7bf07bd8b8f708470075dab86c8a3eec2c8b4519cc5c24a307ee9cb6ba300a2f65399707a8a1f2b4a37854a2a7804ac020c5177e2a685999c

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
2a1dd3d80cb1c9f3d94bea2d266de12b

SHA1
ae5ec6f24bff58cecb20b3fc4e3edef643907e4a

SHA256
722225d33188f24a50a9af48410edaf72c7fddd782bd29080db345aa6fa16add

SHA512
b5a37cc9d20f887b818e352e34e752f5ea8967ad2c4e0657b2f068dcb9bdc2ae812fa489d095f44633ea669051150e53f3dbe93d7406d76572193de760aeb2ec

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
2bd15d6f15c4466af0b8161b0370de05

SHA1
ca11ec1f3aba86ac5754d918728213d780fd7177

SHA256
a1cc1fd2f07d7dc07d6947f522594b6bb548f00a183f2ad4d7a228068d0828d1

SHA512
844ba4ed8d19ff7102e52541e64f9f9d97909fcd4c7b8e5a2117ef0f45e4ceed8f0939f93048ddba1542dd177d5017455eaa1850b3ab8aa1fccb8614d5b6fcaa

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
fe46f9a4651affd743b0d8b61bb7b488

SHA1
09fc99576d1d4bea5a5ac5bdd5b101ad1e9e1a52

SHA256
505d88706014cacfc9d7236f2f3ff5ece6bd7aa195365c2260bfe51dc58999c5

SHA512
adce9ab1259fcc8d3402fe2feb65c491fd3a5d04133a8dcbfd38662696c2bbb48f0b486b1e1842b2eeee4be20e5a8f6441c74d487e4ac6b800852f3eed939255

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
99a9dcb05edd662185205945a0988648

SHA1
e95b535cda921b2f72e0f96b25e631a89496748d

SHA256
859b4c4f0619ed2c3f6f92c9acc883f3f0c8a21c39fa26f46f70331bbf6ba95e

SHA512
bcb670afe3d34a6c6d86009f97cfd1b97feb4342b7e11266e76064ecc604311d16d526c6cfb34fb4d2711ff550b8d2cf9be027fa76d06d9bb9aab7b48aeaa314

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
93efa0709106472be64ef482c1d61d8f

SHA1
8925412d7467fd620b7bc01d838bc7590ecbb43d

SHA256
77de4652c530abdfc097b66dc5c45237ae0253be6f69f04d415f71d129fa025a

SHA512
2f21c85e3deeb56f9212e90d102118c3ad376c3b21c69d4161ed5202af58b2e130c972ac4ca20c3f464a25da4d3a0734eeb501ca61e98a42d0ef15a029d11eaf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
9d271888aa3d25801386d5de34e4ae8c

SHA1
0b8a166ec5de1076d9bc19eaa1f58fa7affbdb24

SHA256
bfc02913f81267ef4319664e7f9169e617391bc4352431672513c74d39ca2514

SHA512
7ab6893fff3857cbbe256d32942c0c308459ae482dca28277904b0a697b8cbc35b7efcf02d29df59d29033004698cbd13bd57a673388cb1695a1194b74483005

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
8503b8d72efedf7e94949268713d7ddd

SHA1
c7fb54f7290e6d7a7be289509dc67dab787fea91

SHA256
b882034717f836d0869975710b1ba10393151de42e12108815399bc3f371a07f

SHA512
90081e13d2ba41d0a461769f60b15aaa62d18b932c694339146a28e3144161d4fc56b5ab385431e4a025edbbc4b98a2b1133dc95b05af98ce2f6def109e05eea

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
4193f3d39d0cb3377487ef0f50a37bc9

SHA1
b3a0b0da4c6aa09ccd857561e97dd9fafc8e2873

SHA256
d9eea989493bf46cf149c7a697b0c09fb21d8d9dd3b3ef6b06a30783aad72fb5

SHA512
2a62106d70233ae0bdcc507110ab83cbcb508db04f5afaf799195014f24e711def92dd9da4380aa278a3a87aa0d44b7a13c04fb71aac47f512a1cac2b150208e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
76da24a403aeabb231420be8508a891c

SHA1
cf4980de981ba5e185f9a4e323890066df4c3e38

SHA256
f1854b5ef94bcdaf38d35ec32bac0324936860d2b3c8e4658e62cd25f16dc1af

SHA512
d7e3ea3547ae8328815828693f699c1e663e6823af5c9ab854210d29e68958cd33ed62d2085e74b9e48b9596b9446519dca4fed86a723d6801a6510c40fef531

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
a0a7cc4aa2367f5f4ff6c26fef28a4cc

SHA1
847a0a4084edc7864789f2813afeac0ecf4baaef

SHA256
8a44a5962e9999798629c44e56d271bfe2ee0b097f50bef7ca0c1cae8ee50337

SHA512
d09a475038f0cfefee4aef6009eae232836362a571e4b1093bc1e4e59aeb2fa8a10a4627d00d49efc96cd68c9b952bf601a8d28f144108a5e9ee5d34b8af0e5a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
8d6dfdffc85c137c1429062136080358

SHA1
b4d085c4f6efc37b6dd8ff5000ce801dc9d46c34

SHA256
7b2dca7c500d02c57abecab00c5ba780e1cff33d1ce4c7ab680ce3914e000058

SHA512
c473c514cbed8d0d3bbd726aade217ee734fd1581d9e834504b1f35074f44d3a08e30099f13ecbb7985ba9cd5c9159740d57755d67372b73be8a76a3d5abab58

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
d61e229b1a234561d0f946f839e5731a

SHA1
457d950c78e1b215e8d199359444b28b193737af

SHA256
f79100d062abd1e4f8f7466970d9808aeb8bd035f443d205dd4b1a5558bc91be

SHA512
51708248f318c922daf0434d36edcb8a3a480d72f29a29d8a3a6966cd830dc882803a9ec8caa84fc546e1dd434dd87d23d7c267d453d5476f12f6f27f61a0fcf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
410c5c9faac408ad8cb400599e210d29

SHA1
5f0d01f3cd73b7180cb06346a647b92bf9159177

SHA256
1c0a964acd7d14c272c455ab919540d56edacc86e4c88ffe92ba0c6f531be3b2

SHA512
8961664ac6a31f0b626f9b11a8bb6bff28ee3f7871f1abfa4b4cf33418bd44001e04ba03843bf4ce8eb887ca8b3ce50e289cfcc0007a151ad9e58c7079459d5b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
ec1ad3fb79c4219cf4dd1fbc13e0b471

SHA1
835b22dd3d544f64bc269a67c75d2c6063579908

SHA256
ab1e35d9435c8d5f0e25e647bd9772fa270835d022ad12504c71d9a1a0235cb5

SHA512
7e9a50b3f0b3a0d8f7521e5bd93b7c04f263325a44a3e7468b088aadebbaa743a28bd87377b3191d030e0cfa721ae05f65462247caaa5450a313b7f3450a0d60

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
01cf3e796b32c4b0d7a4800d1511f674

SHA1
f0bf20e1ffcb5860ad8a5aa448453a21accbe1fe

SHA256
a83b9f2e826d81353b142a7888d32f0b052730f30ca9c0f208333e2848074007

SHA512
e4a53f178272ee5bf1ef3b4e3d3e9733ab505f9dd2648719aec215ef9dc7a7338c35afe858945bf3236771f011d0870b20686fbdf386d6162d85d1653af3d959

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
d430ed11b0ecd8400a64d897a916ac33

SHA1
22c952e5df6836d94de777eb4cbe39306b824251

SHA256
ea308fe14aeb7285ec771d1c3463ef9d1c3b618410ad8449415d2a95ec2ea066

SHA512
89186000d829a7e1780c3fe0a5a7a9716818804fc917a72696a2266edb08ca4bd8a5aa0c68957710bab01638843873448ae213ee05ce0d6b1f55b978ee9e5ccc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
529f2943f0f1d59ba81f961831bdc230

SHA1
5f01bb9e1155ff1ac32ecb9c687acbda8e1d6d52

SHA256
910406ed7b3a8b5aed576bc6c1d89a58d75c464f1af84ea320d57881fdeaa7b5

SHA512
a8f6ac260a5086c98bb8c96794e2393f622b5cf9650c140cb1c8560dda975cd3a7ac5c88bcce3c56dce6a3e0d9dcc9f193f97425121c581250e5ce1ec4698936

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
a08614d7f09f1c900039c44a9757e37b

SHA1
94ee436d7df3a8da5a26ed5950a57420dc7ee0cb

SHA256
a497903ed3541d501644a9435bda3298222668337b68ba500381476da61f4e99

SHA512
e0e480f3d78fefdbf4846c675475b9da485a0657bbe14eca54c3d7595c8d2485e6d254894572a6a345e27984b1c5af16ab83a6f6c02ae73dba6a12825d9375e7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
a3ce5f843d7d2880884d4d05c46e8241

SHA1
8d6ba7fc4a6a6e38699677a94a82909755a1fff4

SHA256
7b347d9d496a581972372e7fc81bbd43e07fdf43f817da27ba81f67dee288fec

SHA512
8c38b9598176240944dfbe5da32896be3c43eef3919634457dccdfdcf8c644a5418bd080af8be5013111c29c543abb38cffd65562718984f2fc1c20e44d419ea

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
943413b5045223eb33ce8da3c8d0723c

SHA1
8b5705aaf9fc00a84fda74cba5c603e5831d553d

SHA256
9c09816f1fe563c00f920cad02861d4a911a5b19f2ec9ed602315ff64557e7c4

SHA512
681b54469dcd7a5901e4e8749652a9fbb06795f8b57d80750dfa90766bd23de97c0362582de94913c1697fc3c36fb13039a5bc81e585b5de085ce7563af8a255

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
e6d5b6699c6bc0f51bdd7ccd23911a8b

SHA1
29d998f5a59a2ac5fc7ef9aa31f7186c6edd3c66

SHA256
11c34920954a74898ad8037d19a3388885c167110d56caa6a4d1826455e4b51b

SHA512
fb4148713f312eb9fb7f8874d0ad26a79eeb2612ab70972cace9b4e3c7e543decc3950838ce30c533d34909645968fe62ac2e98150956341837d3ec4dab995e8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
08b5c3081e2e1da42d9795947c34ce79

SHA1
5bff63ac425ea73320f56d525db5141e51e8ec95

SHA256
3418ee1f2e13274951dcc26e1359e8787c3bf4169fe9bb7cd953ad29d5cf47f8

SHA512
c5364f0f6adff5be547ae884a5a9e9289b7e6d9913371787ac2544f3364aa33b8f1b9d55ea097d912462f19d9f9ab55eb48def17ba6d85027ee2b6b8f4931050

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
ed1d1ac2408e6d67567c07d5f7ff0a4b

SHA1
6e64bdcf3f79f03e499af874de32690c27f2c1b7

SHA256
9eeb664ff3138df8a646be9d66319e5415f0a9b8c477c6a484c65c30f9345508

SHA512
5fb8590d0b2604f35a24e4a5cb7b81bfa3e5f63563361bb1f68a659122adaf2576ef723944ac343043f0a50102b3ad73e48720bfa130c4eed9dbbec562a060c9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
28f77a56cddc3831f6d1611f3088b1c3

SHA1
2f12611e22ffd2fd63aaac98a5302227334881cb

SHA256
350ce795ab6e4fdd25780c78c2c1dc0c904b2cc076c2990f3a7f989e0cca52b0

SHA512
f39053293f81e72704f1e08adbab08ba44f15b938844a12701c3070615e489f8503c881e2341074d810ac9d972d9b8fb61c97987755f1e107a18ec48124c5dc7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
9b090beeddad9d9a9b092c738abde6b1

SHA1
c6ec4c0c55d29ef2ac551ba48e6ccbff17507f35

SHA256
b1146d7ecbffdf274248222f9c06b8092f954b65c3f8b92fe0bb4644eba2057d

SHA512
6d469ae54aafb7e26fcf8202e2f6d0b0ce4b30e1e3ce5a2ad35508516180f897791e304cedd5af7f6db7980d005a393b58670a8ae09c347fdb19d3445f988d4a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
ad7bd37836432a4e97bfb840a6de9d94

SHA1
cb7086d285a13d57178f8128796de46fd0fe95fb

SHA256
364e612a493d4da0bf01cf05af8adf4fc0f88888e5fa1bbad1d6474b1ab03db4

SHA512
2ead2015a2156f773851b402b8211a8b01f987ca59714ebb4b3bfe95db53a39febc47da90937103c83814e7d0b93c2a9f7de3e2a4e60e817e80c5168e7927ae8

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
bf4516e94e95e2159cd99980004b5e70

SHA1
15551556f2fb2780503998836a99e2b56548f630

SHA256
6bbf7fc88084980c320d7b56ea52eeba76674258f07b662b199a4e5a510225a6

SHA512
9e89d521fde8b1cd165a33ba6825d6d31ee2096295a7569987846b81f88eb134ed776ec729f40c86b19ff4c65b96d5d2cfd51f8e800b7e1d798eb5e9c5af10dd

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
8e47a05ce9763b4915743a8b5fcb6536

SHA1
e5a0778b89e12b2305d7a30ad73ef0334b969d60

SHA256
33842ff973760878fa2743329672da1408168048ebf7c25013b456edefaf44c7

SHA512
b1af6f5951fdee6a8ef5bb5d1bedb9dde4f3960fedeebab8bf8feaa6c119c976727e01acc40fb2251fc7f42be098eee925f695a824e8365471b09a1b3440fec4

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
ebbb760b18a23fe138fdea423e88a1b7

SHA1
e84db2e40b728f36a48d96844f17264cf2e59205

SHA256
37e3984a2a12d2304a9c731248611817ca6471e9804148f3170be34c1383ed82

SHA512
2b2e077093a984332fdd8f020c26e22966bcf4fd8965a6624da63a8ac98de173b5e501c3b554a76c1a93993dc08928810cdb3c5896f7de4857d56f62c2d38d26

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
20053cf0161a717862dafe753d633567

SHA1
51bd7cbe4a07418b8182988d26bb9d25494119c0

SHA256
20a317c76520c80c628d1902148c2184b3f4d7845eca4be5a6a0d0ace0e437c4

SHA512
7b3535e2fa20ebe5fd2d2e7aa9b6349c2e6c2d0edfa139da1ca8c983a124b15a213d00cef82af107d2fffaca7e0cd77933beee0e1f0d739f358dd74c63c33287

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
0a119427b55233b11c9e4c8371c173ca

SHA1
63d61b4e27c2c57fe745236ed23bca9010a2861d

SHA256
804310f2987b8b958ece98ad5e6ef1583f1d4617602e335e4525187f43e3569c

SHA512
4ff9e1ca29fd8186ca90cd9b11dfacdb34aa635390037db7c92c514486f1c8bc8b77f7565993738928c976f0bab01f2c7bc8001a4866bf52bd909783c3e1ac29

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
e09de18a7a88c2855996101ee4dd044c

SHA1
c9d207fbff20161f7a3f3d6df2c2ab6e3681dc9a

SHA256
9fdc98081341f0daacfd2d0fb7e4980ca4d7085f61b76ca2208f2ffee3f228c0

SHA512
5746fab3344be7f35fc009f51cfecf7117c96c454d98ce4265cc11d4bf45d8c8d0aacf89110a764c627fdd8fa4522ac64fa1f5004371cc86a41e372c82af0115

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
0d3e77336c8cae2e2f4bb1136e03ba6b

SHA1
f094da38847a8a24d7732cdc527eba712779ea07

SHA256
c15d403af3f5fde62e14600397e221d7a029c3623d8a3530860bc04f23af96ad

SHA512
afcecbe956d34c8fc284cb44cf310ea833bc336626f185ec01ea0f558a5f91257b1fd14700015c9040db5072fc867b70d2222c204568f14af3e9dad55d818500

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
f89de99dfa9f057d033299b25a86c51f

SHA1
373553a4fca0fe0519c4f80200a899de57a39ab9

SHA256
54cad84a3807d74123cd0d1c66f3d95f2356146082accf15d80027d91715774a

SHA512
89c3172f833e60aef473ed7e3ea3a9b503ef442c64a3c7490127efbf3ce2b169726b98fb1ad238064bbbb73d80a5efb3f20a666048906eb0448a31d8b06d6dbf

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
93e2a09dcd002a29fd89cf12f145cd5d

SHA1
a26e738e32a6d2f6f168e052633d6b05a514d663

SHA256
d7beadee1c95d2e1af365b8824ba244ee518dbf6987d8bcc86146748f2535332

SHA512
9638cc31aaef48bd3ad0956ab0ff9e718b4eb58ecdfa222f2fde354eb1b1895856a44cc6819e0c9b220ca31194e2a49d82d1e70ef625e0c06981f1db679332ea

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
e87ab56ee71729a299b3a7307ef8887a

SHA1
0c5aa8ba2593902897c9b63780b2d5302568b80b

SHA256
7e1c82a912e1d919559281f3b4a704f4f48962e9f6df81cd1eeb562cdf6cb80c

SHA512
6cbf66ebba6d136f31db9ee7366e853c49e8729a46740b4290aa78bd9656c417daf92f79e0c9b3491dc4b8124f7a797bc78c370bbd61a58ef2bc5756903db8fe

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
3bde73050fb1236f437bcf3c8e39ace1

SHA1
0fc49f2b9cf6bf3e3f82d076c32a650d2b7a59f8

SHA256
2de9da73b6d9c4acf623b6c53f68634e389e503f3cde9c53273b6ec0ef389175

SHA512
fdd22a52f0c9595bb4cdd432f97d06a408fbbe40c667db292c1a36e3159f143c1693c1ac35dc5e72183817cdd61d1c425942e0129a665570a3830878fc1115f1

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
adb3aff33d8f9995150b4776c593e428

SHA1
f78635d25fabb6b892d34e8b626c9603ddceb050

SHA256
937137f3b20622bbd5f46173cc32af2fc3b58269f6a492c593bbdf9185415c3f

SHA512
7e6cfa689ddd8542f25b3c1b38fc7528bf96dbc19899736409e964d92835c2e0ce2ab07aaf02781e0dbb471e15387df3f9f51b5bc4b72cb907ba552df37c9624

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
631f284a2334d130d110ee073a27c614

SHA1
193ad27664047b9a73dfb82fd9ff4e66da76c6bc

SHA256
1141edfc753098470c4216e1dbde3e2e55035f1545d92d43fad1cdcfa3ce991a

SHA512
828e2c72893a173a788db2c112f5a78be7e66e93d0f2d1f441b8645a06f816d858783d601db3345915305442050a5173270d05f829e61091c1d4879b6db29e2d

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
01567a0cad09ffd49f0b83b2dc313681

SHA1
20acd9544bd7544a43fb107448f11ae7109f9826

SHA256
6752413333225d4b224724b013f52efc06d0328cc6ad1cb17cdb322faae7e025

SHA512
aad13ad91d067c8ff67e13b55cfb7146e3e9b2198cf5ebe98c560e3772a0a96d78c5df61ea0af76419f483a6fe0558c11b9ac4dcad42ad9f84005aef20e66d81

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
a2747c8433d067bc3347f1a2b6b460cc

SHA1
22a59ba3ff118329b39e3e1702d822c9cf2dd968

SHA256
717c951ca4987100495a459a03ecda8e63f8a7ec45c577455b53b37491956a1d

SHA512
1525d18d40e984ea499a26a2f7c5d351402c1a4b4281da9b15dcb4a0d858c96457d015a0d359bdb8ff7216b68c27652339e1805e49339a3e7b3158811286eaa0

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
8a73cbb29b96cb8b1313e6717968f7f1

SHA1
2dcbf251784d1032c44575d076184d3eab41e528

SHA256
13b72b5ea9efa124dbaef3bdc6c38aabca8916f432fa875b1c2c150fc6e77a77

SHA512
0e0d3935cd564633d54cd63e1212ead4a6bb9f3620f40df43bde970089ba9478f40d1cdbe8ad209d8e53a65f29372cac661eeb338570ee38c402ab5e9e8add4e

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
aadcb3514d9651a35cd51f2188ee00a6

SHA1
bdb043a0e53104b863151897e5fa18937f6d0e0d

SHA256
7ba40431dfee69831296d193f2f8e30c9b0cbd7dd600b21f7534c0980d732fb1

SHA512
fb5a60f85647e969f5f2025096653b391ec6afdc44c81f6953fd011fc7325917be4b34b4249fc01d877a0d06df60e3907ead2226214467e29c3345683822e7c4

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
190ffa76ac00615319dd027b51d82adc

SHA1
65a3d70b776828b778f8e7ec4412e10c25fc31f3

SHA256
305411951d9e3f486b28025016c3d1f801351d800f502ab6187591ddbf243424

SHA512
ffda43989adffb456710852ce0a35c74abed4610a6372d00c61509cb3c6aeb22df319d3c1be5fb0c0e1b117f36ddbe6af364a38a5592de27de30334a76a2ba89

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
529aef62b81348df7ba461d1d6da2427

SHA1
0699c444895aeef57a9fa198993b2e9948ac6671

SHA256
c0d06794af08a4ae7dcb448e7cdbb670b6c78913ce5a8808fc61fd97e7c49d0a

SHA512
4d2aa2af858f6e0f3a443248f9db7ba59d398653fbc9e35541b3639276ed3853c325f1b94dcaf711ffeef588475feface2fa054c3ccd7596404b7b9eb9cdfd39

Download Submit
memory/400-242-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/400-76-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/400-70-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/400-77-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/1756-1-0x0000000002290000-0x00000000022F7000-memory.dmp

Filesize
412KB

Download
memory/1756-6-0x0000000002290000-0x00000000022F7000-memory.dmp

Filesize
412KB

Download
memory/1756-0-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/1756-28-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/1788-309-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1788-427-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1848-341-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/1848-542-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/1860-440-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1860-642-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1860-326-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2064-377-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/2064-389-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/2072-392-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/2072-649-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/2132-237-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2132-19-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/2132-18-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/2132-17-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2132-11-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/2404-355-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2404-645-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2744-653-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/2744-441-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/2776-646-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2776-366-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2880-416-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/2880-651-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/3180-255-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/3180-253-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/3180-247-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/4100-391-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4100-273-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4276-650-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4276-404-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4312-299-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4312-415-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4392-258-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4392-259-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/4392-271-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4456-238-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4456-31-0x0000000000D80000-0x0000000000DE0000-memory.dmp

Filesize
384KB

Download
memory/4456-40-0x0000000000D80000-0x0000000000DE0000-memory.dmp

Filesize
384KB

Download
memory/4456-39-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4468-428-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/4468-652-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/4592-639-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4592-343-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4784-66-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4784-62-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4784-55-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4784-56-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4784-68-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4936-43-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4936-52-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4936-51-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4936-239-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/5104-403-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/5104-285-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download