fd69c095062c776b6debc7666af0b45aa16735f4d34e8e90a7ce40cf09a00475

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 16:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-06-01_81f62fcd487daa2eaad11a6f531069b5_bkransomware_karagany.exe
Size

1.4MB
MD5

81f62fcd487daa2eaad11a6f531069b5
SHA1

b8227a36889ffb6ab06b746f0741143c063f7e5f
SHA256

fd69c095062c776b6debc7666af0b45aa16735f4d34e8e90a7ce40cf09a00475
SHA512

62759f0ed354f4450565acdcb8a7286a3a1db1a1c5cd200191892a8b4fe8c31abc1b2663aafa81e67d7241dc644762c1a7b2ad92d061620bb3226b43bdbd4397
SSDEEP

12288:JvXk1mvSbwoqg0fitGbna8dQcLk/+cb1q86pJDlAF44bE2cSX:Rk1mabl0fitGbna8FLk2m1X2D4brr

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
4416	alg.exe
4304	elevation_service.exe
1156	elevation_service.exe
928	maintenanceservice.exe
3808	OSE.EXE
5008	DiagnosticsHub.StandardCollector.Service.exe
1420	fxssvc.exe
4880	msdtc.exe
5044	PerceptionSimulationService.exe
2632	perfhost.exe
3748	locator.exe
4412	SensorDataService.exe
4508	snmptrap.exe
852	spectrum.exe
320	ssh-agent.exe
4532	TieringEngineService.exe
5048	AgentService.exe
1196	vds.exe
3116	vssvc.exe
4808	wbengine.exe
1580	WmiApSrv.exe
3916	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-06-01_81f62fcd487daa2eaad11a6f531069b5_bkransomware_karagany.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\12ebcedf92be0f3e.bin	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{4B7946F8-973F-4AF9-AEA7-D50B80611631}\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_91015\java.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{4B7946F8-973F-4AF9-AEA7-D50B80611631}\chrome_installer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_91015\java.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	elevation_service.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21825 = "3D Objects"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-2 = "Microsoft Script Detection"	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007dd8e30a45b4da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000004ec5d00a45b4da01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000c1cea0b45b4da01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006f46940b45b4da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\regedit.exe,-309 = "Registration Entries"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000004c2fde0b45b4da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000027b0fb0a45b4da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SBE	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002eedd70a45b4da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4802 = "VBScript Script File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000701f8d0b45b4da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4304	elevation_service.exe
4304	elevation_service.exe
4304	elevation_service.exe
4304	elevation_service.exe
4304	elevation_service.exe
4304	elevation_service.exe
4304	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2424	2024-06-01_81f62fcd487daa2eaad11a6f531069b5_bkransomware_karagany.exe
Token: SeDebugPrivilege	4416	alg.exe
Token: SeDebugPrivilege	4416	alg.exe
Token: SeDebugPrivilege	4416	alg.exe
Token: SeTakeOwnershipPrivilege	4304	elevation_service.exe
Token: SeAuditPrivilege	1420	fxssvc.exe
Token: SeRestorePrivilege	4532	TieringEngineService.exe
Token: SeManageVolumePrivilege	4532	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	5048	AgentService.exe
Token: SeBackupPrivilege	3116	vssvc.exe
Token: SeRestorePrivilege	3116	vssvc.exe
Token: SeAuditPrivilege	3116	vssvc.exe
Token: SeBackupPrivilege	4808	wbengine.exe
Token: SeRestorePrivilege	4808	wbengine.exe
Token: SeSecurityPrivilege	4808	wbengine.exe
Token: 33	3916	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3916	SearchIndexer.exe
Token: SeDebugPrivilege	4304	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 1476	3916	SearchIndexer.exe	119
PID 3916 wrote to memory of 1476	3916	SearchIndexer.exe	119
PID 3916 wrote to memory of 3340	3916	SearchIndexer.exe	120
PID 3916 wrote to memory of 3340	3916	SearchIndexer.exe	120

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-06-01_81f62fcd487daa2eaad11a6f531069b5_bkransomware_karagany.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-01_81f62fcd487daa2eaad11a6f531069b5_bkransomware_karagany.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2424

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4416

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1156

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:928

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3808

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:5008

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3448

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1420

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4880

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:5044

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:2632

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3748

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4412

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4508

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:852

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:1160

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4532

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5048

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:1196

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3116

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4808

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:1580

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:1476
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:3340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
f902bc8b691db7006f0f48b26d99c9e7

SHA1
3de5ed4949247fa0e72fe44d8d7fcceb9dc60dc3

SHA256
25ae45f5910de10fb1c431a8340bc1d122c417ad87ce0965f11abb4aa39e1771

SHA512
de36b550cb31e405b7121fe4fad9ae0f86981ee2d6f2c692f45b684d78dd6bb3093a2140514db04455165b75898fba45311446f69791619868850f89b2db8883

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.5MB

MD5
aebfc897f50a7a01ed30cd130d30710b

SHA1
8646da5421ca1fa11903015aebaa916170cd1ba2

SHA256
a169a122dc9fafb62832235ef127f3f4338d14e8f34f3bed3aaa679f837c1dca

SHA512
b903c94a069c6f8ef119464ed1a3497a63c953b28269094d27c69669a64e1a73f1175a2f2d9f51fe582d119622493e72800f039c476135d5aaf8efff30c5dcce

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.8MB

MD5
1070bfd18ff2a709c291546bb54cd0e0

SHA1
d144e8ac70bb61d7af2b84f97c141a7924746cb1

SHA256
b3d34c2b5e6f911f56d24efc8322a9d5ac384f087a733980517365830faeb238

SHA512
dd2cca8fb9f162940f06e5362fa45df18611316c3130f7b7b642a4bcbd7161600fba1c47a6cc73c52913b4fb48c87c0b7b65f8941e76f136191189a1bc46f439

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
e2581c9fc147b07379060b321a60fcff

SHA1
cf672a61517c6a3135e06df2c1d5b45cbab3a8b5

SHA256
c3446682f15f0fac6c5be58da33ca00083913dd546fa3f6c73de991a9885b276

SHA512
87ec9ec5bf4d7bfb5aa29cca234e5abf5a742bc73e913a15838a722b116e2f473d00c50d9937b651e717f1ec2190eecfdf546333d1e7aa16de387722dd9ef4ec

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
36ee5d9cf0fa345b2c9bf33435ef51a5

SHA1
a91ad90e4fb50dfe902643e5335201cb7fda7405

SHA256
775fa7ba1dc74c0a07d20ec0a50cade4dfddc01a1d684d01783a769df72acf5a

SHA512
d27744b0be62774014302a0bf717dee7005fe3ef814cf2ecf43d37a4040974ef8d2b6e7f39af86edc30e46b84bf7e57b2f86293a5ad19eefa013644d88a68528

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.3MB

MD5
28917c0d79ceb2e7bf576ae6705b89fb

SHA1
96110c6ed927b0ed5337fdabe419962c48d95998

SHA256
c1442233df03f8e78f232c36e00e585963896ab8d16ba389c5d71db2835eb41a

SHA512
f890482c2ad8847686d65be54e272d67c1de5b536bef4c6f881855c6956549c8beb8206696e41a0b7a21e0260d2c8dd76a34ca5367d6ef47155598cfffe50e89

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.6MB

MD5
d9ff3ca48bef96b574914b6a1e00b210

SHA1
192878d6447995c0c275d84d3e5086b3cc03b25d

SHA256
3c15d5bc1165854776f3b1b9a3f28b3f401777750ba94bc15aabd05e9a4ce75e

SHA512
32fb96df2b808f9f88e7dc480231b7ca58b41f14268608010d86fcf07d9a5ce2574621b13f48016eec77a806e9ac619cff94e5c8ec658967d803e08b7628dbcf

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
8214ed9fa2968fa6c477e6570e6ce98b

SHA1
0c5ef50be1c4f27878f556808133a807ad1273b6

SHA256
2a15ac6b0605839a24204afdfe555ae4ebd7e8211299fb407df391319681a92a

SHA512
b2922253595f213098d4e2669d35c4a03a7d828bbf32d5bdff3b3e1209a23300022b53e0c1cc28bccfd23a98b5ce0ea15a4505fec6a5dce5fe13a40d312cff40

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.6MB

MD5
4426347572de8e78c05619046d7afe8b

SHA1
77f68b1d049f33d98f56d784e8d6b669cf13850f

SHA256
05a7eb0ab037262813759ae2cf4e35319a6ab1ae49ddf8b6145dd723eadfb7b7

SHA512
f0c128283f47e3614d96520730f8379bc54471ce99ac7f6a0fa30ad9b82e8329172263fff83b20e1b97db1e2ff503c6bfc42810b44a153b1e6bddd855044bd78

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
e7d65284cae3539997a6b181c690f634

SHA1
89d42cb7f87127b8e1dc23add047b79d10912e3f

SHA256
33b1918def94d982a479f6210e45508fa067175a02978d33cd2bcc68207ce415

SHA512
82e17298ee13b7999bb29c7c9649d760b5c64a7d489d9d6aac0b138c3dee3e070a645f3cc9f31a04a44dd360acdf100190270d4be997cd9f3cd3691bc7889f3e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
8c44ebf7bec1db98990b7872885975d7

SHA1
261219eeef741eff5e907f07ff693675f403abd3

SHA256
e4d3f4af52544a95a517b689489c990c92b7a7a297ad5b7042ee080157c2ed04

SHA512
4cc70d0001ed132cf527719a0e2fa8140cda63f08f92176e43fd2e71e821258a3ad47401333801fb816e289508e54310f23ecf78bc76e731f8c44ecff23e648e

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
475ab451ae5c278dfa291ac54e7ac0d0

SHA1
ec93bab0fa4646334fa148ad6ef8525e0a69d9cf

SHA256
ad4df02b4f89aec21e8e51d307644fa305fa53e9286add8610ba01fa53869bd2

SHA512
9c6ded08b5071aafec265e8383818a057f8ceca3b59f7412ccdbf8369c68a6b17799db9dcc365d9644aca7eb2f944fa0037cc3811dea04823e9b36c1bd9282f5

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.5MB

MD5
29cb0530ace8189cc7252c8fab4cf313

SHA1
b4223130adc2d1b31ee06a142a2468df9d6d0105

SHA256
a0de3aa0c73058ba274938fc9185a45619e54ed44e6faa91efd3a8b1df3bc6cb

SHA512
1f0fe0092c28228d95da40c737f0d531e33ec56766cc75c921a6d51b2198204c3fa9e51c6ecf9f239451177b31d246c681e0baa319f606fea22f9ecaabda51c3

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.4MB

MD5
fbf40b5d355696a194712be5c924347b

SHA1
2dbc18a88a35046afcc454ca54ce5b617e4e8933

SHA256
51a53c21b4be0b70495c3a708b2a1b0b6e79263234f465a4527fbf1a5259fd4e

SHA512
064efd3f234ca21514cfbafc3edae289fcb70742002bc9a24ab89835d5eedb833f6de15c6f3ede82925cec6ea0461d369e1053cc09aa9911727d44ecadae1448

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
b461a68dccc108f2926df5529c26e9d1

SHA1
24c76c82de65fa4b76e0941c1fa907413b850bbf

SHA256
a2635223104010aff8818f5bd0b81cfa0cb45949f78da4123f47f980bb05ebc0

SHA512
fddf8cc0752ad8a2926e8af513beac2538b0f950a84d0291861ca0da62711c9d0f4fdd59a1d35a2c8d3757a16db3b2e18db90627d2013b3f0ab2d80ec015bcdf

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
f7199b4992fcc660a9422e1eb3a3109a

SHA1
8d8e5e03855c93b897319100ecbb654ca38e1a86

SHA256
c223f542a6b27e8e15f82a9f7f1fcdc659ed21874b9625ec769a9c0f005a501a

SHA512
0e1cbd8af0c2ba1adb3c4d67fe88e20e5a5b74efa1bee1e405775bee5688d1083e7a380e7bd7266a69dc710a231d455ed0460460e1c68bd44abb91f3278b061a

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
ec7c00238c4a7d114a3cc95d367b3d11

SHA1
0d9f08c82043d65134a22f0a973ace16f8fab3bd

SHA256
92de14216000bfb57501c0e16ba01e5e74128cf8ca68e38f9a9a5f6e948edf8b

SHA512
71b4f177a66b08fe87dcd27df5e786e035137f6dc4a51f512f8932000cb708ba18dbe0fbbbd673060065b933435c2b5ce414ef6a9960fe0dea55517dfe9036cf

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
97e1caa089a7a237b232b496879f4881

SHA1
0c18be286c6b1e6e0ddab86aae9bc2b433f65704

SHA256
43c8a09660494bebfd9853d46842f921a391bc0e78173f182d7530f99a718fdc

SHA512
2831ee00eb633dde9a3672ed2f057dc6567d172deeed3cb3bfaf47ee871b822e8fa33266bde86f78eb0153c447d4b91ff303d227983e49bb28302ab55a588823

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
6d56a6ecc26d370189b33cca7b930cf8

SHA1
07f70cde2f167afa7f29cf7179a1056ca27e131a

SHA256
fbf8141cc2d8c95dd1210f2e68642da66d4b75fffd4470fb07490288d5e364e6

SHA512
bebd3cf30a2dfb040fb4c5d7cbdf0ce566637affe46462b78daf8864c7073499481eb26b05e82a6b9af8b6ae976b425fb9df1499206a69a076d7a2cb17f87b0d

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
66cf0a7c3817dedc0921b49206c1d620

SHA1
72445f57a3cecf089d8703356278bfc791ed8a3d

SHA256
b770be4ef462b19bafb9ec4c097eff9959893305d5011bd036510b3ffe53a8df

SHA512
169a4b6ded5f4e6ab81f621f0d4dd7f95bae8e0e537c4f3b4e83dde06907c41cf223526a7af9ac60ce611ed1e4285b3a6a8970b5ee5774ac9a52e8fccacb6e5e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.3MB

MD5
1a61986a54131fcf3d5970b0cf860979

SHA1
db1b75cd7f34b6707fd4095559f38ad48abc4146

SHA256
3c34c50e811c065d57391f7ca4098ad2311480e372f26bdc9db9c6eb830b1efa

SHA512
3d30aef13db31e8b1f71aa76c5ea408e612d53eb98d412e8490f0e71c848980c6e5b23603ae2763bdd7a122f5604fe03cf56708f9e498ef6dd0eb4f27940c435

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.3MB

MD5
4f3f5c14bd7253e808db0cf308e2a596

SHA1
1c591d5f487c1cd8b6161466f39b52e08e73ae01

SHA256
36a819c7e46372d2a9819ccf33972cd73954cbf384813e2c26135310e2498c19

SHA512
d6a4f747992d88ecf5d1eddead4a5fe342f526e596c2526e18ac031fe5ed026b791dbaac5b21fc526b8c03ae1d3b026292d7f9f962853d2f802dddaf2516b293

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.3MB

MD5
d8eaaf619a831757bd4ca01581043783

SHA1
3f87b27f4cae98f2f1f4b6276686f9e41596ee5b

SHA256
1fa4000e2db67dcdab44742ab7e5c18b1f85228cae9e2b48deb1e71a359cb2a8

SHA512
ed5bd9ad054c387417be189452c15227f614024c5f3eec8647fadd228a94436f8c91f5bed6118ce8259572934fbb6c5453ca165aaf169268a921a05120b1608d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.3MB

MD5
9d9e84bfee5114e3b72edcd9c1d77e44

SHA1
b9ce4fd22b9dbec006c0ad85be1ed3a5f05e4e99

SHA256
8802531e8b3a1b85a752c4076df04bcd9157f367c5958a3874afbb54061b1987

SHA512
098208c5697bbf58d1c2ec8dca26e6c5a5cb7417ec7a2d8e7553e8e7a32db0affdd8f16f0ef5e54501d9eab6b3a1f4776d86a847db2102687bafba9a2678f646

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.3MB

MD5
f772bd09630185c93ccb853e61566673

SHA1
5925e6e4e61c494784829b4b41726de04176362f

SHA256
c4fba6c13e3527d8158ed699a3b191aba4728bb3b2bc1c76c25ca904f0d6b3cc

SHA512
5d1e36083260a39744952778fb073378297e9071e06688308adad01794f56423e2d938ce2a1d16fc4d2e1baa8bbdb2fd64fcc52e72d39e44c35ba02fd893d625

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.3MB

MD5
8d37cbf12fd4065a9dc22d5d64c42482

SHA1
b2d4ebfd05922a3c4bc00e953fda1b3a792584dc

SHA256
226723a0b35f135512c338944d7b933221fff8d5d5738efdf993c8f1d71dcc85

SHA512
8b65916d81a26dd68c640f743998cb8e56491c9527ab62db0e5448006a54d3b61a1d465c6342d1b73e3beeef19e32f33a85cbdb81f8a41436d7530ba28535c7c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.3MB

MD5
b0f242f7e839f361aeed29c4c430c783

SHA1
b3e34ee47adc6e07c8026caed36df6f95f36378f

SHA256
077d89e22f89c2587a5b11a915423004d10180765914cffe334b85fcd0349865

SHA512
5a78432e65d657969d2aecc148e50d6f0e7a870700828ec99594cd587a92bfdeff2160229637ec9a300fafb3ef71215b8182ca24d50b37b7ec0e568e3f8c81b0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.6MB

MD5
1807b32ce17215ad6ac0b3a6938d279d

SHA1
8b38ea5ef22bbc056d730f9ad43ddbe6d4cb17b3

SHA256
0f74fecf1ec0ea62f72f4796e5d507c7d20a51d17d80ca9b2c2cda4b1a9ed681

SHA512
3431eca2f2640389184fba486e03c5fb8d21e7622c087472a3e9a82c135c5fc685842ac98f21c69cb083fedf9536f2d88089495cfc7b3f66f90d32d46d4dd11c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.3MB

MD5
06398cf273962c938ce314d6bf16ed0d

SHA1
cd49c64b70007ce4952933d64f6627624c286d64

SHA256
6249299aa27ea41ec60cba906c77a6c8e45ffe9cfd5579d9000b9cd2a70327c9

SHA512
c6e5e65c8a496bbf548476e0b2910a246c9875ac0e4eb9ad5bebbf28a77343a09623c77c1067cf86c69926932ac34947ad038b8e6784e839c9cb55e35010eae7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.3MB

MD5
335a8950877c33c9c392300cee7c26fd

SHA1
41ec37831d9b77bab878bccda4b321530383eddc

SHA256
5fc9fbfa59afd04a94179916c78241de9461de9f66c64cb0fa69e3b2ccda2a89

SHA512
d20eb1d6e88ce6319dc737f42dab13dcd93b83a198351dd172e62381675234cfdfc3043f2137cf7634bf3c2e7832e3d60842b6b0a8cd17977265030567a78ebf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.4MB

MD5
394455a8be471435d69be73c0872c048

SHA1
0c1f8c175c39f09bd2204cb23e0b15905b3259d0

SHA256
b8641a02a07d0517a0630dd43544d682d24e8aefe69b6f6caa753dd1b1214e68

SHA512
1353865c148cf4c52bc25f1d5615da032519b88fb72845c4e3321a6babdfb0c0292c3d708e78b443064e1964a496bcdc43986c6bb12b7e9f5f784b41de58a183

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.3MB

MD5
411ce50d303358a95e0c22819fa16161

SHA1
7367f798495018b32f518872f95bbfd84519a4a6

SHA256
2ba267196ebd86632e86fb467b9f7d75b050b00e589cdc0132bb9f7861f11c48

SHA512
54188b8e80b8b0ab106403625f89dc565ed9b8d4850073b7a0bd18811dda9691cb7349335984f842a16f84a9c2fae7fa6163df9a7ea402be878378fac48270f9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.3MB

MD5
aadfa81dfc7e607945c6ebca91a72ad2

SHA1
b76effbe26a70c12419f4647dd6a1540ce88ee8b

SHA256
d42ee58c39096685b2e993b21bcba884b2f24b332e72eb66bb9a30bbbc14eebf

SHA512
43a0ff2815d8bc4720ff3a7e6ffc10dfb6995b4e1ea78cc55d3457f1bce302911ef9374cc8293e8e5e506db2e532ffb3c95c43bda222f37a7d5c1b854693b59b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.4MB

MD5
fdfa75521d23b4b0fbb44d3f81e1c048

SHA1
7bf983483383d8e3fafe2305e03f8bf046e07e86

SHA256
e0d82eeabbc653c580e33ea599ee69047a857f1de6d8decf164c8819944cfcb5

SHA512
7691ef15bf0f57d43c04b662b65516a32a54e74ca97e105a3dcb18c530311f1736856c993ae595e817645cdcfb63e7c0f463b3c450831f675e3c96074f2b5021

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.6MB

MD5
fc3192c040942bf6a0c639178a1c0770

SHA1
bf4205e4d02383651ec4eefcd85d72e609ac6d54

SHA256
b3f11e949331ab42fd5a0735808d7ec3db4180ad5536b16d910029b505440833

SHA512
95747ebe9a308bfed87f65002d047a531b11c3a1b076e0afaa8eafdd2507188026a8e3a01262e445255dda98276a9ec33f9352fcc708dacb5b58493065c70f23

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.7MB

MD5
1d1a4fa9971304f8e75c6fea1da85e03

SHA1
9c2ef43cf6f4c7865022930d2a4a9fa42f3f0f48

SHA256
833d6261a73892badb266b89be00d87ffb4380663b2facd8a3c25e1061b97d35

SHA512
8c44ee30067d04acb519a251cc38e424ed36753da4069f4bdb49a65589cc3420398beb18188f2b35e5f1f995824e9267eabc29d0c98c78cac58668268bb8e772

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.3MB

MD5
8f051c57ad48f19918ec28c644f6abd6

SHA1
51595aed68a0b14c7bea9a1e9fc39b1afbc3fd31

SHA256
4ad304f7707cbb15882bd23e08a337790b3e128f279adc636b3fb53a58da34bb

SHA512
d244d4d684767dbfce9b5457b9aa348db0e659b28b587946e83651ac390132927995cf15a92cff189843fc2176cc03fa09197a5318e67d91ac76b7283761acaa

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.3MB

MD5
c649f40ba5144540963a3fdae7e63513

SHA1
911ac33323cea25b64fd1d0040ccc133f75d65d3

SHA256
1c0760f228374a5fe1cde5e216254fdeccf30e9f639a46819bca0aedfc1f8e89

SHA512
1827068c0ffff1a91cecd9cf77b07b68d316336538289f39104f07f0e8a62d71694f770cf43f2d1fdc8576664df9ec286ba62fc4dc74bf44d06b213d030dbd50

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.3MB

MD5
be4203d6c5b4ca1198ff6b1c8c05a372

SHA1
3bff135439be2a0dfa543af18557f9bb508a45cb

SHA256
9385e2ff9a7c0d832c25047d2bb9321e8fe46c0f2d1aa701b4234f39af02c645

SHA512
6ad7bae7af6eaf31544e0efd26c2defac6702b94e49d9c2d99ac228cc2dd3476afa0d32f3b7d00ef3b10d15490d85dd5283aa4e70f80b40824d1781131549818

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.3MB

MD5
e9fef0de5c9746e1c3d60b1d54776a3f

SHA1
577ac499bfc77ca647e18cc3f72e6be71f65ae73

SHA256
41354c35f24a20f73b8f06483c7817fdd5edea14ca502280563ad966fda9d6ef

SHA512
e46bd3b6926abc2151824cde676284c4678ad146b633d21b4872040ae80fc6f4d9c41b17483ab98b169d3d7ebe7b516ab6f9bf6b77bc27608b2bd912caf63206

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.3MB

MD5
27901c8816569d25bd817224428195e0

SHA1
4aeed8eb2997e5f281d3b7da5a79c88b7aedda7d

SHA256
defce3fa68248f00d7bce75967443e3aaf2ba8305b6e8cdfbdbca2d29cfbaf85

SHA512
f03165ef73f43bbbc9bed44966d88a4e3f73476d239dc23bfcbc9637ed638b828be91c723503de231e710c7fdea1f4950aa8bb719b3e98e8e6124a84e8c2bf4f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.3MB

MD5
5b4ca01825f030f6aeb2bee8480a9ff7

SHA1
0e219b0154e2b1d174e6ad1a6f3a3df2dcd92075

SHA256
b3e95929e997f6142a76480a0deebddac7afe342b5f619213e3470f3399bf404

SHA512
7a27462f04c93a383123e0818326bbb1b97fc64e1682430a3f36fe50b2afed2cf3656f5fa3a79f9c2c91c6bbdf474945418804bd95324eb52aff65ee2a2ab64b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.3MB

MD5
c8f3b6a29023ab87df3511dab0b6fbdc

SHA1
fdc649dac04412f1cc5dbdfe6766ff7145615923

SHA256
765aac0b3a94a7cd456f0b82c759774f037c2328c05c7eabdf93c2ae25097a48

SHA512
4c96054758fad46fb8f616c4b2b6e928a290325c39d5de3ed3d27fb59aed2d404c444f3f7f821d556ea4461c5a11f9053cfb60b2ef60a1ad8f78c41e0a42da28

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.4MB

MD5
0e1f75f3c2477bfe73867a3418519784

SHA1
04126f1617abff9bbe307cff78664cd7f597d3a4

SHA256
d03f05a8b72fcc39f09ee52a62a18b2691f4ead415c6bf89af98bdad11eff62f

SHA512
395c094eac667e35fe4e1af8eb59f04e00fb54ed1b6cec37ab03af49ecd480bb5cbea7ba09106da2f935b2f083ded2ad430dbf9a50c173ebdbc4e75f7eeeddf5

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.3MB

MD5
40da38adbb2db005fc10131590b60b2e

SHA1
124a2c17964db7cd8f9515334b9f221cd0b26639

SHA256
6f7a8c9b393a0d1e1fae4bc5225d3e3733e5bbf5c80cec6bbd945b0ec548cf57

SHA512
93815e51c04a95868039f36bfb6f8642f15534e37c98f83bbf94f879d345acc637c25fa96bdd333250c8300ccb5ac3d40ba81e66ebe7fe799cbd1b8059649b05

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
75d42ebe205cef8649e242c60b002f6e

SHA1
00b5678cafa13ca53823cf3b0d5cc56ae85efbc3

SHA256
71df287c9b0f8edc3ab85bc0aa273569f2b8adb0778dbc96dcd3974958a233ff

SHA512
c453effa09ebe3428f04fc6059d93776d15c6ac48e8bd6a0a3a6af37fc0bbf444da6e3d435b4821aa17563b1aa849bc101b98b3242e9947ff04ac40fd31ebd34

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.4MB

MD5
e97d282fe11f1af0d05248915fbba123

SHA1
399e9ca2c680c611a99e12e1e9af92d0dec33fe6

SHA256
c59f9358c21bf01236349fd173bd520e9a9a20b8c49eae81398716ee2f81adf0

SHA512
62e01bc39744e7894919edec548c6df5d7c96147725176982167742dc281a67741f35a404bbd904546b848139b9797aa2892dd79a8af6419bbd78405ca7b5142

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
99ef851242145db18a496e8f63faa0de

SHA1
22a0607fb46df0d1f5727d943df1ae4bdbc2f5cd

SHA256
3930147c235ccfe346d0488080fd8db8a9f224a2b59a40c82e857507605efa32

SHA512
dfc2b7284a2264fb1dcfba5ca9a860980688f645b320b5a9e5023f7b12e1abaffb772317fca12e7d7aa450f140f7054e2790b9512bc1761c4fa580000717b5f9

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.3MB

MD5
36628a9ef269fd292556318181a97043

SHA1
1c23a0fb50b73109edfdaceb1bc9d27233452f92

SHA256
749163d912abb5676c9b8078b380455346774a81f7a684e3fb5a8c47ef0e10b7

SHA512
ed596c39b56ed2b964d688cac7cfa74c8c6c78a151bdec0b8c06fb568851c99c0d0518a2206479e81da01baf48b5973669dc4bb9724da1a5664b9fd2622cbb1d

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.7MB

MD5
0aa8f163460c3bbabb67855cfbf0e545

SHA1
9ed96da6b55a10cbef424c14d04309e47a209252

SHA256
e2674a241492741ccfe8b791a1b497b0265e5bdd6e631ed7dc97944d0b064659

SHA512
13dc55c9efede17d795d3f49ccfe367833afe17f8ea3ba2b8312e6610d4b80e8dbdfb60b2723d7e46148565ccd5b39fad1d2de8e86436c4e109ed33904c7d488

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.4MB

MD5
0322101cdf3962141bd4d2928eb0d3d1

SHA1
0d8b83a6a65042637c26565277bbafb9d06ac338

SHA256
c1aba965e29d3175949994e5118cf394ecff0de9d357e4af4d40f00b9bfe4e70

SHA512
a5d7804b6e52a1fe8df73d7bdb4a2694b2c7eb8697d258396f15bcbb08b542afb3bbdd3e82dd37f7c1293d1c49e0429fbe46bd54bf9f30bebe9812b1bfd0cf34

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
2c229ab84bcae1dea84a3b983445833a

SHA1
55c85f21fa2d326bfce8eae4331049b4e498d36a

SHA256
2976ae7a84a8b09ca09b33f38f64661d34d66f6b4d5e08909657878265bca915

SHA512
0a2dba11bed07166392f6a0039f960cb72c6f4fe037e200ea37dddf68809e3d8f2145a5854a1f70957315a88f91f3cda55c67236c59007e4843488e8da729d40

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
942d7219ba83f03c1de04639c931b9b7

SHA1
bc451ba476cd4723b79418760e50ccd399d79c4e

SHA256
2054659eba7cbb1b4ea9c29725cde120c538735247ab484e951f731b50db937d

SHA512
be4b5a29ef1e76637b2b5bb8c5f71c45d7d6cbaa0add8bfbe9a45f529de705d20900f5d0b02831c21f57231f6df44d16a79fe0526b643db899b8e2531a91894d

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
224791e3cf4f4e9fb13588460acb34e6

SHA1
8d6dc7946051d5cb3b4b86c123728b4238d1dc9c

SHA256
3ea4e27e4526c34ae351a863dacf82bc073f9007269f94a3e3ca0568b3d3f5e7

SHA512
8a5de5e82071383f1e7c61240bcb604b4a69f44d89052465da6b5557263efee7675332f459c78781b8e7cec1164be1cc05f8841ff60561297e43c9de0d522948

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.6MB

MD5
0a6df252eee2dbcb8074586719779334

SHA1
686afc03ab3d8fafc36a7607aaa12f2120c9477f

SHA256
4b574e751f091ae3fdc2bc3cb5194a2db99f67ea77c87f477768e12801a957a2

SHA512
901f7571371d16120b50f72e85d1d4628ed211e35199d922384901c03a8a102427192e17def3a9af6cead9529e8fa531cdaca42f21bed560c1ecfa82e4462a0e

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
cf694e03daff6573275bbbaad86b4740

SHA1
9f849a49a0eec084b0cf40eb4ebbbce813ea25e3

SHA256
05ec208e9179672c26dd63a88d155b0850bc48b049c228c970b8b941370df46e

SHA512
d337ec48696ac36d17284862713c889c6ee13d3fdd6915be7fdab2ac66d3fb765021009c133ec6c14f48c9d670e68202901598315d4d5504f1e6f7d7f10e6a98

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.4MB

MD5
ee42003436f3806c901d42a3316e4af6

SHA1
dfe747635543bea8a31430df27c81f4d73ca0158

SHA256
bab5c65963b0423cdc0016c4e211a1512cb4d41b00f2adc3dcdbbd3b13b1ff03

SHA512
8ad2dd67f45658040d32cc40a45d4a3be926abbacdcaeea21864b841a9faa0fba32f6ef5c29501cf6d2bf1e607f359583886f55611e96d96952a66d5e21a45a2

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.4MB

MD5
483d8b16d549769c2f7cd75c57830ae0

SHA1
47f8478028822eef2995f47306604f636ee7336f

SHA256
e881460dd857d980c2ee66e619bad55a1cccb64f8058eec5cc8d7467cf3ecf0d

SHA512
6423daaf4a668efdc2e92dbac9d43dce58d1b914a650f2d494e996958d8450efe8238c0b5e93853c23ca32b27c0e9c46f9a26dd266f4f46689c36fa2480ef13e

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.3MB

MD5
d8b03c0459ab7c4a87e9263b3e667e96

SHA1
261c036b1d449f9f41fc4f83b8d8b65656381ef6

SHA256
d2334bcbbd267b9fb2a5f3cec5c72d56dfc626d1c0b7cfe0429df534d936471c

SHA512
c957b297cb8ddb643bf7b50989b62af17ee858b7f9b71dc1bc9c5e37f9b39979636d6f07e84b83160556182a262f9a809b0ad6e10f39e45fa1c75f9506965b72

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
7034cdae8594ded6a4bcd367f7de1e73

SHA1
1ecf5f831feb1f0c9607e6aef63c6c9f27c5610c

SHA256
baeff602305eb278287fe71109025fe6a3893d83e710e0cab82e88024366cbfb

SHA512
090f22a9dc1961962d1891a578085b9a9fde6a24620f11642374ad6e6222cdaf5dd9b5a51558197d9cf2bc8a44889492ef61fbe062fa680e5e9b04ee77467815

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.5MB

MD5
c0a20f1f6f54f6f05fe7aa2c9ef98d31

SHA1
6794dda206c1c8807c4afa914c1093cfbc06e7ce

SHA256
7f7681241689bce9154c0a60140f4b1d38eb8c4211cfced7312389acaf5bacf5

SHA512
6a91560cb1ebb1e009623b56e23516fbb37e4d817e0ad568b93d1c32414772c9bce7a7b0d4ff1e40b37c7582e441cb0b7dde0a17ae52077a308b2cea12eecf1b

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
9a88a619413ceafc11151831dbe704a7

SHA1
22db8f7c93d0cf6620049201193e6b715376558d

SHA256
cd32cce6c3d90a7a0a89374b5a54d767e82d3d16d0dd873135d716d098cfa436

SHA512
2d9b73b75eb67bcb63eb7b59e346682c167b3688de70bf3d490fa5ca2898062dcc61935f26962e0555788cba1110a7f56411a296d4608937c4342e7a9e4f9395

Download Submit
memory/320-352-0x0000000140000000-0x000000014027F000-memory.dmp

Filesize
2.5MB

Download
memory/320-624-0x0000000140000000-0x000000014027F000-memory.dmp

Filesize
2.5MB

Download
memory/852-332-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/852-617-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/928-62-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/928-59-0x0000000140000000-0x000000014024C000-memory.dmp

Filesize
2.3MB

Download
memory/928-57-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/928-51-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/928-64-0x0000000140000000-0x000000014024C000-memory.dmp

Filesize
2.3MB

Download
memory/1156-235-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1156-48-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1156-45-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1156-39-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1196-382-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/1196-628-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/1420-254-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1420-267-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1420-255-0x0000000000930000-0x0000000000990000-memory.dmp

Filesize
384KB

Download
memory/1580-631-0x0000000140000000-0x0000000140243000-memory.dmp

Filesize
2.3MB

Download
memory/1580-426-0x0000000140000000-0x0000000140243000-memory.dmp

Filesize
2.3MB

Download
memory/2424-8-0x0000000002250000-0x00000000022B7000-memory.dmp

Filesize
412KB

Download
memory/2424-7-0x0000000000400000-0x000000000062D000-memory.dmp

Filesize
2.2MB

Download
memory/2424-26-0x0000000000400000-0x000000000062D000-memory.dmp

Filesize
2.2MB

Download
memory/2424-0-0x0000000002250000-0x00000000022B7000-memory.dmp

Filesize
412KB

Download
memory/2632-296-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/2632-405-0x0000000000400000-0x0000000000614000-memory.dmp

Filesize
2.1MB

Download
memory/3116-629-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3116-394-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3748-306-0x0000000140000000-0x0000000140212000-memory.dmp

Filesize
2.1MB

Download
memory/3748-417-0x0000000140000000-0x0000000140212000-memory.dmp

Filesize
2.1MB

Download
memory/3808-72-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/3808-66-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/3808-74-0x0000000140000000-0x000000014024C000-memory.dmp

Filesize
2.3MB

Download
memory/3808-238-0x0000000140000000-0x000000014024C000-memory.dmp

Filesize
2.3MB

Download
memory/3916-633-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/3916-439-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4304-234-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4304-35-0x0000000000DA0000-0x0000000000E00000-memory.dmp

Filesize
384KB

Download
memory/4304-29-0x0000000000DA0000-0x0000000000E00000-memory.dmp

Filesize
384KB

Download
memory/4304-28-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4412-430-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4412-317-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4412-623-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4416-233-0x0000000140000000-0x0000000140227000-memory.dmp

Filesize
2.2MB

Download
memory/4416-21-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/4416-20-0x0000000140000000-0x0000000140227000-memory.dmp

Filesize
2.2MB

Download
memory/4416-12-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/4508-330-0x0000000140000000-0x0000000140213000-memory.dmp

Filesize
2.1MB

Download
memory/4508-614-0x0000000140000000-0x0000000140213000-memory.dmp

Filesize
2.1MB

Download
memory/4532-625-0x0000000140000000-0x000000014025F000-memory.dmp

Filesize
2.4MB

Download
memory/4532-365-0x0000000140000000-0x000000014025F000-memory.dmp

Filesize
2.4MB

Download
memory/4808-630-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4808-414-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4880-269-0x0000000140000000-0x0000000140236000-memory.dmp

Filesize
2.2MB

Download
memory/4880-381-0x0000000140000000-0x0000000140236000-memory.dmp

Filesize
2.2MB

Download
memory/5008-243-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/5008-249-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/5008-251-0x0000000140000000-0x0000000140226000-memory.dmp

Filesize
2.1MB

Download
memory/5008-363-0x0000000140000000-0x0000000140226000-memory.dmp

Filesize
2.1MB

Download
memory/5044-289-0x0000000140000000-0x0000000140228000-memory.dmp

Filesize
2.2MB

Download
memory/5044-393-0x0000000140000000-0x0000000140228000-memory.dmp

Filesize
2.2MB

Download
memory/5048-373-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/5048-379-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download