dac91ee05de34d7c861ec3c74f2b57c635ba73eee96312144075ab5dbde4e3e2

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-12_7e43d7865f4998fe7d36694a3b10e6ac_bkransomware.exe
Size

1017KB
MD5

7e43d7865f4998fe7d36694a3b10e6ac
SHA1

4647db8231c4beb79146798a37198d68837ffaa5
SHA256

dac91ee05de34d7c861ec3c74f2b57c635ba73eee96312144075ab5dbde4e3e2
SHA512

59730845667c7d0a10367cdc30c4fca0963cd77108338a0aee9860aaff1b5653a672e7330dbfc71086a42cd5613ade705538fab054a4f9e69f3ff465be5cc855
SSDEEP

24576:J2lmh4RTSRQ5UOOU62FBnO+E222YJbNEUQKGOb:J2Mh4RR5UbU62FAQ228QKl

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
4760	alg.exe
2448	elevation_service.exe
4668	elevation_service.exe
2452	maintenanceservice.exe
1640	OSE.EXE
4840	DiagnosticsHub.StandardCollector.Service.exe
2260	fxssvc.exe
1220	msdtc.exe
4360	PerceptionSimulationService.exe
3208	perfhost.exe
1936	locator.exe
1828	SensorDataService.exe
2544	snmptrap.exe
3568	spectrum.exe
4300	ssh-agent.exe
964	TieringEngineService.exe
3132	AgentService.exe
4316	vds.exe
1384	vssvc.exe
764	wbengine.exe
1616	WmiApSrv.exe
1452	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\e72fd3c0293b476c.bin	alg.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-05-12_7e43d7865f4998fe7d36694a3b10e6ac_bkransomware.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	2024-05-12_7e43d7865f4998fe7d36694a3b10e6ac_bkransomware.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\java.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration"	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007837797781a4da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4802 = "VBScript Script File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration"	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000eaea4b7781a4da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21825 = "3D Objects"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a45c9f7781a4da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9923 = "Windows Media playlist"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000024d8387781a4da01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d29c3d7781a4da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e45f617781a4da01	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2448	elevation_service.exe
2448	elevation_service.exe
2448	elevation_service.exe
2448	elevation_service.exe
2448	elevation_service.exe
2448	elevation_service.exe
2448	elevation_service.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3144	2024-05-12_7e43d7865f4998fe7d36694a3b10e6ac_bkransomware.exe
Token: SeDebugPrivilege	4760	alg.exe
Token: SeDebugPrivilege	4760	alg.exe
Token: SeDebugPrivilege	4760	alg.exe
Token: SeTakeOwnershipPrivilege	2448	elevation_service.exe
Token: SeAuditPrivilege	2260	fxssvc.exe
Token: SeRestorePrivilege	964	TieringEngineService.exe
Token: SeManageVolumePrivilege	964	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	3132	AgentService.exe
Token: SeBackupPrivilege	1384	vssvc.exe
Token: SeRestorePrivilege	1384	vssvc.exe
Token: SeAuditPrivilege	1384	vssvc.exe
Token: SeBackupPrivilege	764	wbengine.exe
Token: SeRestorePrivilege	764	wbengine.exe
Token: SeSecurityPrivilege	764	wbengine.exe
Token: 33	1452	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1452	SearchIndexer.exe
Token: SeDebugPrivilege	2448	elevation_service.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3144	2024-05-12_7e43d7865f4998fe7d36694a3b10e6ac_bkransomware.exe
3144	2024-05-12_7e43d7865f4998fe7d36694a3b10e6ac_bkransomware.exe
3144	2024-05-12_7e43d7865f4998fe7d36694a3b10e6ac_bkransomware.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 400	1452	SearchIndexer.exe	116
PID 1452 wrote to memory of 400	1452	SearchIndexer.exe	116
PID 1452 wrote to memory of 2104	1452	SearchIndexer.exe	117
PID 1452 wrote to memory of 2104	1452	SearchIndexer.exe	117

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-05-12_7e43d7865f4998fe7d36694a3b10e6ac_bkransomware.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-12_7e43d7865f4998fe7d36694a3b10e6ac_bkransomware.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3144

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4760

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4668

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2452

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1640

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:4840

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3724

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2260

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1220

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4360

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3208

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1936

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1828

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2544

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3568

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:4300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2664

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:964

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3132

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:4316

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1384

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:764

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:1616

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:400
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
e1a22106e7648fbcf741c7f74a1fb7e5

SHA1
626f1097bad5ce7df8c3fa104aba69b019210dcf

SHA256
276b03ee65e92660750d75685eeecf50b370c439a31275d5fcb192197d49fd58

SHA512
28be19d3d44c284859eaf15868d1a177aa688c8c46eff5688e450296b3f04d626aa7e17119e8bdaef90f5b07a5d48305d2a65355c3c2ef08fc9dd572d0ebe927

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
22a14dad7d8573fcc7fa451d30d92587

SHA1
8630cc5a4a7e91376e0cc545df63c1ec68140ac5

SHA256
5f4b5d6615755d662a6245afed340778bd947c6be5efab56d78de4ad4ec057e7

SHA512
ed585dbfe8d09ad94f8904de43c83a2b88c89ea656467a5ca527bafc883a0bdf0ddd2f685dd791acd3cf0137f41326223aab8203a713a61779839a923684a163

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
55ab6d4fd21f35bee4e56a99a84c1b8f

SHA1
c5692b5da80a5f7a57ed4555694f9e4ce0e50bb2

SHA256
5e0c3b8342fb27edaceade1c3444ccc8b1ae2a81f3ebe79469ecd2a1e292cbe4

SHA512
a8d0b6d4024974af56f40cd2002f45eb5233d0a4a92c31214c400e0fe591884c3be68575e3e4a099d24982049191d07955c3975ac17976f40c660b704c39d91b

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
5eae405c1a327fe6e9570bea5e99bf19

SHA1
7155fb89b73e0afd360f9242a1ed1f68481d1dea

SHA256
366ad56dd82c612dc6597dd8f3533c466f7a686ba7510cd09dcba9db21c1f72e

SHA512
c8faab417de603139ccff355ba539362d2d04ec15922d86940290fe6fe4fa8d00cee7c01457ddbd73edd9a69e173778bec0420b2ad4660a48e18a652093eed0f

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
841ca89167c1118d0e6470eb34a3fb7b

SHA1
91949ba292ddae25e2020f366233f5799dd1a622

SHA256
a4301807016c1fcada02a6e88c26219b8f7e3896d853b512a065717ae5a1dd56

SHA512
253954f7efa5dd883b36d648f95f7b421c8d6cfeb02ff1650c5c3036055f288cb397f2e09fac67ec460ecc20397bfb678e964532d4d062d9f412a50994cf3efc

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
89333a3b809d2c2491ca4d5265fbab1e

SHA1
94bc9e44503f7aaa17554e00601d66f59226b594

SHA256
1951b3af10b3cbda3ac7476a883803390c94f43ca6f6d6c7e41e73fb12891c51

SHA512
81c32aee6e576a78af11833cc14ad938d8c4d3ab1790b4b5f34027e572de5f69e5d8426b130e688829f43108c99ea92d5e8d7b33965d57447fa77caa4c4c6656

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
89bc259062c2a0301c39197dec074c01

SHA1
2347debf55f43d63c40f9d08ea48ca92ae062391

SHA256
1f61fd26c6dd829a8d39e357ad813d563720b9a11213de1b148551d7dcdc6cdf

SHA512
5390dfad9efb2a2186db8df956ec7c6efe6e0f5315ad498f5de3c2c01f1ff5d4e88482d683dd28798a8231c67efac20af6af957c953bfd4b79f110d36e4df29a

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
8383283b8be716aa440dbf28b425a5da

SHA1
6318e4d33dceadf5f312027677d34b29c5c370fa

SHA256
cc2010a9cc8379d2f967f5361008e2a675148eae8c4af4161ce47bc281f4e24b

SHA512
d45d219b776d28ee293cb333ac86e7fa22459ea684b564c48303942c801d121bfa232678ee8029bc92b2975db4e9acea5c726ef540ee3ae1f778b4d3241d70ea

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
465601aa8b92dbfdfb879b6098ea4642

SHA1
2463843d6593289181c552f215c39eea664a6798

SHA256
a03b2e7988a7c6813572ae969c132e72574eb0341b933403d44c62f30434529f

SHA512
b01e61aa1adffe4ed16b6a614faa2610f91711db23630105ed656ce30f0a44c60c708160f0db878c403003d3b7954e0cc90ab6c73782e61d6a726ddd6f9038be

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
4088eb32e26832cee352943b768429d0

SHA1
52615cdf215d74ebc67ae1cdda9c32241c41ca5e

SHA256
8ea1fafe30b24861bc9bc29387f5c72055d6b127e91fa733281c582ca0893990

SHA512
3cc0d00164cde1b258314b17b6dcbd1c5fcfa8db15763897c5925d102e4f7a13c26e42d6e2fee8b68d016c32c13b2f6f77d6cc22f3dce708c88f732dca866516

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
286f362e41a8438b9751d9e898da8119

SHA1
b748c9b9a3074d0f745505c9d1ca280d67384be7

SHA256
825e93bccf8d54e95f08c4037a71afa54f4735147c076dcc1fac221a61ff450d

SHA512
418d013a9040e12de11a959200dc754395f85d3c0d6eb00f623dce540ded83a1144a6832f5c708c2fb13865d44f712f338c7134b971c70d341bf0977713ac9e2

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
537401a6b130da3bf18288eaf1afe490

SHA1
66ba03238c3597da0ffac74359b7d13002401b62

SHA256
c190e7371634643d83e789de0b556eb24f3a4c3830ed9c47cdbc59208328cb9b

SHA512
292f8885e4215ab4c6ff3458a6fbbd455f83079bb675a7468a30ad319215012264080add2515fd0671435268ef7105bede80e27f2ec37bc0d2c29d6615f188e1

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
aada3e5351c8435c3062b42b255ed030

SHA1
ab6132fbea27f562ecd028eb9dcd5036691cf5fe

SHA256
d628a8857507d09d117ed639f65b10aaeb8fddb775d3fd6d0db239c281512208

SHA512
7bcfbb32901988300966233fc5fbdbc341a58e38f12d97eab7bbe02297c83a0ad0fc2c2b898e1c94947d328ce91f5c3f3ad8d53499c5ab5bf50e717801231c96

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
6c450ebefe9e0bf35d7f2e976d06ac91

SHA1
20dd6187650e3526e44afb19a90d9e0308fa18e2

SHA256
016575c7f4e2b0691252414cebf4c1785e065db185c5db5039510429f681212f

SHA512
d6fe2717fe24efce84a8a86b16bd2123a544375a54d8ea4fe107c85214107d0332cf6086573759be6a1fefa90f6c1d86adf2d165a580bddffee6a16affc2df8b

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
7323cddf58031d79a086d058fd659425

SHA1
ce840d8a4c7ff63acad02c7972d27c783ebaf0b3

SHA256
978d4ad133a78ad66f070cf710970b49238c06d5bc70bf62333dbd8246c5ac52

SHA512
4111ca8b8fdec14c68a73108fa48635037e24693cc79ad2bf4526aa1ce65435a8dfa442e12cb1f8c39380c27d09fae9e9fc59262ccff7539840f3eec90e14ad0

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
e4b9e7236daeba8ccf78b03a8b6eea93

SHA1
1bc2b257287cbad33b6c61189212bb364a7b5132

SHA256
80d8f5e1db2ad8479718da22fbae2bf84c1ebde65ce92391216d2173e1f961db

SHA512
ebfe2b3293f9e13148ae36bb65df7a0b6a85edee497a0a5189cf76e7b700ac9b8f61577ceebe3706c33ec1e9abbad2fbca6955da997652c4dd95a9eddc178eab

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
8f80c6ddf97c1fa85fe2f6939f37f1f9

SHA1
56c760ea8e9976e032d72ff623a30f3535579110

SHA256
0169d02f57f595a772ba6cd5a384a913c7d46316f1b1dab3fb87391b3f94a699

SHA512
217228aa9fe7cc995c285e397ddf892ddde1ac7e43ce6737d3621c1d5f20538bdbff6d599e10e7c3df22fd7870f0ad71ce75d69afb7b874a5134b5b461fe8b9a

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
3d186976cad58dafaa91ab5acd64398b

SHA1
092d7e83a70b3805c9e2082d3039435bc2430b06

SHA256
e8750529dd3b9325d3bb6656dd8dcff7e13c88c083a255a5b7c244e13a8fbd74

SHA512
55d64fe21a375fcf1a9feff858ee1a62c9dbb91f78d561daccca682c8a6a0e40f43009aa29c234be4eda9c889ca69f9ebf471abd9a83a7aa092fc7ca1b6a6d5e

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
e9668fefbad444a84a4533c9623bfa20

SHA1
569b5aad57be0cc768927ea3de55111c2fae7d7b

SHA256
4d163da8c4b4c82f54cd35d41d03332b29d1fc29ea416d892e7a272c758a6f11

SHA512
d1de8b60c0919c0ea9471088b45c99757e9359d83db861c3ca4627af96a7425204f1813b0bd8fc176744862b56e5274e993e12ea6847236c7ea72dcd50d14399

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
19ac0a9a1b03a152c66305807d593025

SHA1
ac23d3837da1fd01026938f4caf694d72221d4ee

SHA256
e487d40f858af8c1880a229e264641ab49130d85ff8a03a481206d032f27b662

SHA512
07b3057db6dc3e9a199ffd27cd7e2d66382c9dad39b167141a5f3d9d22155ef6100332d23414bcb37e24c3275c4779d67a81c4d963a48584024284a2d4f8f0bb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
0b6d4dbcc205ed73fdcef3bf25fbf69b

SHA1
3f323e2006f640afbafc5bcb40b9679d2a492b48

SHA256
6e693af18870f58815133d8914346f4bc34222451065999ccb9b3cf360445f72

SHA512
f713efd93301a40c96d6d443cc563c916048085944a2ddbe8446cbf6162f4fce50ff6b3ee73adf78f0c46857323a1194a5c9a67aedba396e5eabfddd28ffd0a1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
abbf653c74fd60024fe0a4354beb5316

SHA1
4e406bcdbdd159cec0a0f85ca563ec56dd1a66c4

SHA256
1d7a0849eb54a64a09f10ccdb06d946639ee28ea91762e9331b31b9986244d43

SHA512
65e5d5471f16a70201920b54cc850d17a03ef3f534261b32592b2720c8fe4d7f623f9940125b42e3c8b7bae909016a08f07b0eee9c6cee824baa86f5eeef18f8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
bc6ae9b4440c3abbfd562c64b0b49138

SHA1
767b048ea1028372c1d62bcd2d829d8111d8364a

SHA256
dff03feef4ccca4bb3fb10b3ceddb6db1d089cba03b53f6a9dc6a80e5b031a39

SHA512
c4a428654f94f47c5b4972b925b5587741dcf599083c58466fd5f8c9a8bfea00a717c30aed260bb97b792fb67be40f42e7be9e3b2c0cb3416ac275b5d3279882

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
b28d676c6234475d968bb5ed0f27df4c

SHA1
ceb87eeaa6e83f11efaece9fac298502eb91cd06

SHA256
3e71b7362d1fb153550f9cb65569690f720f28813d981aa1ad0840b9de708819

SHA512
48bfd5753094fb5d37b9095f4bbe196937e39fa2451d61f057c9a20102b346ca5193a44e62934b8526fa0108d7dd42432ad9912dcfe94cb514e14eb370bffa0b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
e4cb44cfc0d9f5862faa281745289610

SHA1
95706f75a14ad6d1f6b79d68a0d71e56691fbd54

SHA256
e4f65076cfe3b2055e83c0593ecb1e36a83932e2e775e1bf629765ed6ae8682e

SHA512
53deadfa51ce6426cf44c1fce7585bf2853c6ba67a7ef85fe82c9dd4e749df9b164760e040b904c9dc23e5c830703df0c3dfe9f0e4c3615ae04c84494d37f4a9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
c381e87a0f5f937fac0c0148dea70985

SHA1
8b758c83fc5cf198020a9c9523c35b2d5990434a

SHA256
5bc5491963ce46890f1aa207523aa1f8ad53ca0d7742740bd80b5c22b8fa86d1

SHA512
41a6559d2770ff5d3b4d4b858362fd391c6845c995f8ac9056d4c514f31511fc5e017d6356b42f6dd40ebbd936b098c4f50912d48af00bd00fd938270bb18fbd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
6f187d6b8a86060f1b16837c1017cabb

SHA1
ec990b9be15a7625de02975e200fe131da1a6036

SHA256
ade182b2da75f066eb1587e61c32f8eb81a4d82e775251f3a2d03a0cfcd95fca

SHA512
865d2f8f613b2f12c44e30b7c0ed37b2bf3728ab0878de71ae3a6af7229064adeabfc63696217701dad1dabe5d00980c61369a6e66e2836f5ae68fd6d90cc511

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
73d14834b046d8329d30dac3611ec504

SHA1
93a8519da64f946a604455b7ab17d303f8f02a70

SHA256
f01c7ecb81006ad102ca0d4f4c30d77750068e1e6a0b582a078d8a77a88ae381

SHA512
cd5d786d5a8a23f0dd03b6825dd250f78a615fb4f53b0f2305b4b5ea518f600a48447bea13fbe3f52dd5584ea862d7dc4a0912fca69a1b0a4d1f2175c6a1a610

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
c152496022255263dc6c76c57df0a453

SHA1
8892ec2b43cd839fa781e0810721ec41d118df8d

SHA256
6c1d100a90882e953a9ac8626d6a143f80f989fcdcf9d1d61f9085fe4d643bd0

SHA512
6dd56260eb1b26a909111ea05b7f44b520e570ee8269bb6939ee7144077056d1fb7ea63f23d9e20a0ee8782736e30ad8fb64652bf1bb17ca2006a99f76436b9e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
760703e362c838bcc2953b6b0b3eeb2c

SHA1
b4228804c4e619b9dacdc3fd29e0318c78c4d0c5

SHA256
9c9f51530027dce856656bd3a28e3a473168c74f371527e0be9f509530bb7ea0

SHA512
1e2ce7caab5a88b5651a1892a132ed116bb3d74c257e165d80c1deb7eed383f7e038cc0c769e4cfa4e8e7e4eadb2f48d195e6a7368951477ae2972c2307e8ecb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
f338f41e9886c43a6e675b0e48b2dd13

SHA1
def85261dd5bf80f244a0381df5bed7fbc2350ea

SHA256
e42bb4420b6b873fab3fed099d6c24a5e181a8b55815f5b625745704d4d07246

SHA512
7c43781f33410cf8ed5c8c3cf66db0006fc30394144a5da203f452c31c5fc8727af03d8ccff518e1e49c3dc37832ef4de8e28b2bcbbdc98ba8022571475d5a72

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
75c5d2d5fe7db8113cac407ebbc1d6b3

SHA1
62ce94e037919b272ef8a289df8a46a48f8c92ad

SHA256
3847b5b9ad047c36b159e57c60b9e2be8ebb02fe76e1a7c452ae965c268aeccb

SHA512
67740a5a53791b0822452cdc1a8ceac8f595f3ac01412058bcdef8198029792fb01c1535e115004298af7f8485ba8f6d70d281f9c129200f33ca8e1ab7b590a7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
b72157ecabb0dedef8b64501f800ec50

SHA1
08809375ca645572f5567cc4fb69f2d29916aecb

SHA256
092dcba3b1c125c79ee115ee484dae74d03b3f02a443519ec7a050ea8c317aff

SHA512
f41c3383b77f2a162e118bfad870e8640f0cca9fe28f04b92b67b3b4e12f1d0b02e0c493db1d396d980a26a4e9350261b0754f09f4c7b7f67c4f72bb3155eb0a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
5e2527cb5904678be6e7ffefee8f4467

SHA1
6ea3f9d028b1313d0f51e1598840cca25eca91b2

SHA256
7f9a85ee4ef8151c89f496c5e69fdec14127e0a685275273c3c24705a52d2a30

SHA512
badb7bfc0eb036e9d8888188a09f8e588f4c7be6d7fa671b97ae588565c3c85fbe90f6115e8f2cc8b348e296822e4b0a709d8cb28e7ebea16650da28af1ecec2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
1a270ce5f172bb7a13ec2f7428848d64

SHA1
98b37e986864adb6bda195df2e29d2b2e5657e48

SHA256
610bcd96d4e8af6a506d6181ca2b341083e0bb1e503a5480b206c732bf92c81b

SHA512
801af2002c08f45a95bfc4340882f8086674450d2d61c2153d015af7ac89805be6716603da61d8727b9fc797a277eae3b14e3370330bdec1973d4d298a334326

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
fbabdf255e74b9b1a7bd6a0892a6c35e

SHA1
bd314e2631543dbf5a62bbdab6b6ade65b61cf75

SHA256
35bbeecae47605417e466dcf2467217b71b052c0675f5919630da93bc52b1346

SHA512
8b395c2719c4332e2c8c14dd6a4ee4996a57ba77e8fee9f5b45ba8bc884dcaab0de871840bb397db56178100df6850bc73e44580daf0e91bcdd149a503c236c4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
254f7acc6f72dd369a18423737b3e157

SHA1
7080298ddcc92d4ca72ab7021046197b8ef13b1e

SHA256
d4b21f252ddc438ff89327f1a554d10e2a8a8c132d7974240448ab7d2f13640f

SHA512
4eb70ecd5656cb3a2f3e5ae3fe577cd6c35f295f52fdd2d74f7f47782f34e0609862cf33a17ae8b8851f8cd8a47c08020da7adc30a3e783cbd02eb669921f923

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
94c7e1538bb450160c676b04acfa403b

SHA1
7dfa5835159068eb86603cc1d1a41c826f3056e6

SHA256
3c8049ba4c53ee62d2cea8fe202dab016802ad7523ec13b5587478be1f721170

SHA512
f9388a0b7eb884026d0f891cb79d315ffb517a3058f216c142718fe979edb642367361b808e91b491a14360624aab4301e8ec99b6474862807d6e3b6f6a9ed7e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
cdba146b748da25aaa2d27d4a5f6ba61

SHA1
7fe41a36c708df0322b75f6a889f27550b4db8bb

SHA256
7335cecce713d8b1c7d1bbca21320e7784ccac742c4de33fdc11967ca72d44fb

SHA512
c23d3c25cdc40538d0494d507608a091d8dc61837c7c657e0e00a57c440b0cb1f918c53c446ec7e0d1d221b53da476a279acd9812a39b9bc8bf61096a540b5cb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
a9893b065a879928dc1c39adb5c5439f

SHA1
f2023378f95ddc71458ad958b1532e00b7796613

SHA256
1ba0f2d3b0ab88d2644b990d27d9a37d3ad10d75ab537df6c4d948247b79a780

SHA512
828fab35c6e68e62e57c04cb1fe4ca4bd50805cba2bedfc3634d9dacb61b83f237cabfda796736c7b862ef9031cefe8321ce1962df47cd9065ef7f6a6441d78d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
3292e96ed414ab034d66554ce35db465

SHA1
d850ac684bc276eebf61391ca9a588f077851b4d

SHA256
95be888d797e1ee98992b908a9e87a900051402cb5c9589e1e9bc38a419df676

SHA512
9aa37239e69cdbff38477e49f006c38c8de06438d24f8857a5c2c3aa453e9c085cec7bc02d93495333ac5fed4272bc88333e1a46433c2cae2b74b2a264f71dfc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
fe47f0cdd6c6ab65e79911220c3d6957

SHA1
3f199ce11e5750cccebfa085d22e1097ae04e796

SHA256
273d82a7f6131f0e7b70b88d2c63b3edebf704bb5bf19fbdabf4537389fa9e25

SHA512
526a3a9d7bcde7ef3d8ca572848f93814441786688632ed3503418fbe8e8c1ed2c36261b30cb38e90dfb92fd36be0df9afc70f2f264bc26b0005706a1d89d364

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
1cced6cc3cc14d8a53b93fce74592517

SHA1
6cb935e57bffe560f118be3e4d28a3afc4275ad1

SHA256
8b19e56e71ddea277faff27a37ef8ba1b689506dd8fe9804be101badcbd49136

SHA512
f4691f50327dfa06d785863fd59f0217c37e245c191f94caf9231772c5e610cfade2a56e95f8f637585719f1a40cc104b4ab722080908de3053d4821055a9ac8

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
404756b241a4d2cbf8b46bfacf237e7d

SHA1
39c66e27f66af0f4dd7fb9b3f359a2d11daebac4

SHA256
7a8aa363a91a8f5976de5467acfd1e33dd0dd6f2a4a118d38b2033945a56c2a2

SHA512
a10002d3eba4112776c94618887c7b572cb6d2ea3d952acc787848e3c6d9272b9788b72ab74215d968a4aa49dd490af2a9c57e9a0d7ff9e98abc00611da25a4f

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
6ec5060cc7afa118a0078431ff472513

SHA1
5db5d05114e489b77e4e9e0b3029602f1e92ca74

SHA256
edc0a65f08f9d270fd76dd6e7cd8e943cab99d424fb2c1d0a19b264f4e065daa

SHA512
04e4991f29ecb3f36bc3816d11409e009bd3a30df2637315ff9632f76c41e20f953b933ce9dca722a18bd099b8f21bee6febffc268846211de71fdb26a125368

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
2c7dbabd157d27569f7f60d9b36abb41

SHA1
2b58fc1f0bbedba2d0fa46401a650304279bc295

SHA256
4c26c5a5c45fb7b4d12b1461211068043637f7c9be4d994bad403e1b54c07f2d

SHA512
22efd9c5cd75551e13b58b9f3f9ad9f8bcd7c9838987dc99de1317de366165e5d0c8530d4fbe92064aec7617fc82a58dfe68b5b6f2379c03dd1256bff21fc94f

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
92899b6e4db3bb58a517f25c297e9c6d

SHA1
f98f489938bd1a1cd1b5dd9b7926b3046b9c4963

SHA256
5770b5ea2c69e2b87e08f072e0a1f2779dacca8c23bd02c8a76b6266a2f79a6b

SHA512
8ba8b389cf1b181a2db54860d455ceb96228a9d8444f5a5edaa86fd76a76a4ffe9068049ae78239871c00d8eae360bcfd35218fe3f6c3631dde47f3622e92548

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
bac1aa4ea52a62cd350eed0ec5be3fbd

SHA1
eca1fb0f0f4b5d01fbf670c51fa456068246a577

SHA256
251febee7ddad7a3c4cbfc73faeaea4f57e4a4f4ef219b62ddb2a941d1cd7d9b

SHA512
966b2bb728e2947c27351a036b3e52bc5c66a1031bae3a4fe3a2fff58d97bea7b245b0d5ff282df2ad6d12802e4e8d8064a83dc85aa2decdb02ee5cb8469e282

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
64dbcc03b085ab4e3f1bb30c8ba9f30b

SHA1
e4626b8ed2730b76be722c639125550536d81b2e

SHA256
4b7ebc29e81298acd3d6eb68d0a014d405b4166c2dc18ba89f4a40099e1250be

SHA512
eaa77c37c50a7dc626aa72b43e1c67fd830021e3647e685aeab6afd1b943f389a55cee6344e177e2c90a543009cc8a4c88ca908a4d6b5176fe596621593c7ec3

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
8a1ec307de74e0606d9182d81ea97082

SHA1
474552143c7245eca56adef9870ad65ddf069fcf

SHA256
9f15d82a1b5384d6379d6d0f527897290de5c2a76e7dc7ea9b1c8a2b191996fc

SHA512
8f3c2a6c3fb7cb87ece2a0a2eff40900761d0ec7f9ed206d1446f9382d3a0d1058b4ae469caebee7ef4a098c1e973d2e16e6f9f64ac0bb14241a6d0bf4598e30

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
9b967753a2d89bb7afe6d07d1a95ccb0

SHA1
721961cd8f4c5f2be0461d2b1e34551865d23fcf

SHA256
c10ae8ae3cebead2e81a57e58bc530021db550ea2625730297fed0494e616fae

SHA512
5773a1876298679550b098fa6c31707ad28aec4e0b38534abf73e7988f213ad8444cd1271a6f6ac0c3149de5a9be6d640c2d841157e2ecae12eae3fcf8ac0e96

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
bc2b5e538405ccd7554cc09589851578

SHA1
ac3cbc3f3c4fbc2e49260afaa1fb6e90913a483b

SHA256
cf92b052301be8c5a86f9ed2fc3c521e2aeb296c7835b2cc447c92be281857d5

SHA512
2dddb48c02c4c62b2a04d244604c2ebfe0f60fd2f5d76074b11ad832a5d0e31206ececf900d4c380d38ee01a24cf377db6c5a92183b16671d4d0761eb8ea78ad

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
c62228479215fcdea29a8f2fe5b097e7

SHA1
a9dfc890b5b3f5ab0931b621ac67148327605589

SHA256
c1230340e56636c8b1b795458ad1f003167102ff6ffa7ebe221c24f2d7ae8420

SHA512
136861159ab17fbf0d1fe9f94ae0e8af246c8518c3b404dd649b9e265fc2d3b1016a6bfa1194623fdc424b1bc031050b36fef716360ed2fc0ee3724bc54e136d

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
ec63921f1aaae6564f14eed5edea8a85

SHA1
18d0145cb180abf2cb7ef5bf0ede4e5a03939b60

SHA256
50f80f6303ce46f06b71d3b949a97be4b1403c56981b88c994c20744e2964d74

SHA512
43f1342fd2e45861a3f8abff630c704202d9aa44826b686890b0475ea841527971db71c5e752189dca23a39ba377317938d245a88ef336ea40700de90b1fc4e6

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
e7964cfa3db52f7360539bda0f0fc813

SHA1
76b8fd4839e42f31e0495b6c964f23d08f5ca488

SHA256
27c14a4bf650fef6d7185238767e5ef71a9be934ff7174efffae34345b053d73

SHA512
3739ae46c8411a179c1941a603308e3119e90f09d41e66b3a1a26cceb830e0f2b67b8ce2334ac319cc6b8a4c0ef783cc420924d4f937427db84b29c35af821c4

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
ffeffb8cb22260abfe41ecdf70e8b19c

SHA1
1e066ec2c957e9dc807684ba7933a5c9fdcc6624

SHA256
6480b37c1f1dc1cb8062ba110599e0cd8649d6b5ac5c1164a050a28d8d18a211

SHA512
3e52aa1e0f027a4e9f512c68cad4392bf4a2eb574bb660377e681fa3bf6379fcc3e6f5634a2278ab8d78edde4c6d312bc7f07f2226e2927fb8603f499af5c61e

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
882e37f4154d7c02862effe6bafe0955

SHA1
8b5fc0f5ecb5e66e89bd8853710ed4f075ba85b3

SHA256
1f467ff6154dea2290b2c0e66c58e36f338b5c44c9ecc43e12770cea79527fd1

SHA512
6514307a9d1f545ebf47cabb08a9b6b971c766e9486baba64d5c2871afa66cf4b9491b3094cfc78c5d220ac25a18ac10c05c8f3140e5517c4739a619fb9e4ae5

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
2232f27ebd7d34478ba7dc747d91a064

SHA1
56e42f4a90ee6863bf50e465fce12a9d70fd4043

SHA256
91254523eedde469701775bbe493f804788beec1494bb1e9ca7243d277a657e4

SHA512
74d06ca70c13a9ab23275b5ddf519f821f3fa0e1a397fe00eac000e7033363cbb9b599d3f5de94e963cde81e80073d333da7e25bf4c60b796bf90647f2e97422

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
80cb4e792362864585c64872f9946fe6

SHA1
fd2efa32b738d2e5cfa0e7c546b828bed878a6e2

SHA256
1db3fe008cea9b537a1fae038c8bdc1f4d717c86ab59fe52c327762f29540409

SHA512
8e195bf99025000d6ad1b50e7f318c557950298c5d30912ee1591284f3f5863ac87b07b27a26eee85f74ddbf06e940cffc480ca8039f737b80f284d05d49765a

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
1268668ed78ae88abdb1855ac456c4e5

SHA1
9f004ad99a105c88e8baf0d1d11cb26db609cb8c

SHA256
241304efb019bd8db2e98cb50a5e7045d1646d8e2edaf96d87885d8fef953215

SHA512
ff6d054ae2d3867b56c544f2e3b99d39c9e8aabf12742cc36863669c1027a7f571f0d82c2e58f900623a2509a12f64651e331f15bb0530e719e2737eca97bdb0

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
016c0d4eb9fa0809c080b9cd48f32ccd

SHA1
a83b2f54987819f745442f162a4bee3476ca32a2

SHA256
a69fc9bd0d2bd0b9f1733108076fd401d7780054a6f12800255aee6d0f709877

SHA512
6615a53d8d9bcc65de2d642c7360ea3e1e665c2ee4a4bb4977bdae032647086743727d2273d16cf30b34232758886ad1fcf41a83cd49463ef1ad28235dbdabda

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
87cb75e8800e94bea79225cab68a271c

SHA1
898ec61fd70617ce430d22410069457a91aab23a

SHA256
aa60d5c198c2d2dab92e8bd8c1c254db737b6e8bc7294882b28bf531618bbe22

SHA512
30a3e98fbb65fdeb397e154dc15adbc801e5266e128746c40ac44b5c28a6a9372133a52eb18f50fb25adfa9b187b11c5efa72f36e3b167da6b35538044a0c77d

Download Submit
memory/764-619-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/764-411-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/964-614-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/964-353-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/1220-378-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1220-266-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1384-391-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1384-618-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1452-621-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1452-436-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1616-620-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/1616-415-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/1640-73-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1640-71-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/1828-306-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1828-611-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1828-433-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1936-414-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1936-295-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2260-264-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2260-252-0x0000000000E80000-0x0000000000EE0000-memory.dmp

Filesize
384KB

Download
memory/2260-251-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2448-27-0x0000000000DB0000-0x0000000000E10000-memory.dmp

Filesize
384KB

Download
memory/2448-233-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/2448-36-0x0000000000DB0000-0x0000000000E10000-memory.dmp

Filesize
384KB

Download
memory/2448-35-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/2452-61-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/2452-57-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/2452-63-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2452-51-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/2452-50-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2544-318-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2544-514-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/3132-366-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3132-376-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3144-6-0x00000000007A0000-0x0000000000807000-memory.dmp

Filesize
412KB

Download
memory/3144-0-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/3144-2-0x00000000007A0000-0x0000000000807000-memory.dmp

Filesize
412KB

Download
memory/3144-24-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/3208-402-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3208-292-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3568-329-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3568-612-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4300-613-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4300-347-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4316-617-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4316-379-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4360-390-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4360-278-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4668-236-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4668-40-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4668-46-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4668-39-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4760-12-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/4760-18-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/4760-11-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4760-232-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4840-352-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4840-241-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/4840-247-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/4840-240-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download