287b3e58937dd4b3e3cb3d62163b66bdc0d866f947f2d769c1260de4f77fa478

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 15:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-07-01_17b089653da1df82d2ce878cc5a02ac3_avoslocker.exe
Size

1.3MB
MD5

17b089653da1df82d2ce878cc5a02ac3
SHA1

9b98984c90bf78f2218d83c3a6ec58045f565e02
SHA256

287b3e58937dd4b3e3cb3d62163b66bdc0d866f947f2d769c1260de4f77fa478
SHA512

5e1e8163b0ec8f64cccbd169475eb56713aacfbc61140fed9130b2eea0907fa8683a5f37a969cfb8395ddbde3827fb2cd607b581e8f828f645f62aa646994b5e
SSDEEP

24576:62zEYytjjqNSlhvpfQiIhKPtehfQ7r9qySkbgedLt/sBlDqgZQd6XKtiMJYiPU:6PtjtQiIhUyQd1SkFdh/snji6attJM

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
4824	alg.exe
552	elevation_service.exe
2996	elevation_service.exe
1112	maintenanceservice.exe
4460	OSE.EXE
2760	DiagnosticsHub.StandardCollector.Service.exe
4052	fxssvc.exe
3380	msdtc.exe
4456	PerceptionSimulationService.exe
2908	perfhost.exe
3748	locator.exe
1408	SensorDataService.exe
2500	snmptrap.exe
960	spectrum.exe
2964	ssh-agent.exe
1924	TieringEngineService.exe
432	AgentService.exe
5116	vds.exe
3344	vssvc.exe
1380	wbengine.exe
3020	WmiApSrv.exe
1684	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-07-01_17b089653da1df82d2ce878cc5a02ac3_avoslocker.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\4cc4cb24c3a5208d.bin	alg.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Adobe PCD\pcd.db	2024-07-01_17b089653da1df82d2ce878cc5a02ac3_avoslocker.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{125326D0-F6C3-409C-BC6D-35A6D8D3AF5D}\chrome_installer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	elevation_service.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9937 = "3GPP Audio/Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000aa39c9b5cdcbda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000003f88d7b5cdcbda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\setupapi.dll,-2000 = "Setup Information"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9923 = "Windows Media playlist"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9933 = "MPEG-4 Audio"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-194 = "Microsoft Excel Add-In"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000014d442b6cdcbda01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000145b4cb6cdcbda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000009e4cdcb5cdcbda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9926 = "M3U file"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e560d0b5cdcbda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000004fc2f1b5cdcbda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
552	elevation_service.exe
552	elevation_service.exe
552	elevation_service.exe
552	elevation_service.exe
552	elevation_service.exe
552	elevation_service.exe
552	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3036	2024-07-01_17b089653da1df82d2ce878cc5a02ac3_avoslocker.exe
Token: SeDebugPrivilege	4824	alg.exe
Token: SeDebugPrivilege	4824	alg.exe
Token: SeDebugPrivilege	4824	alg.exe
Token: SeTakeOwnershipPrivilege	552	elevation_service.exe
Token: SeAuditPrivilege	4052	fxssvc.exe
Token: SeRestorePrivilege	1924	TieringEngineService.exe
Token: SeManageVolumePrivilege	1924	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	432	AgentService.exe
Token: SeBackupPrivilege	3344	vssvc.exe
Token: SeRestorePrivilege	3344	vssvc.exe
Token: SeAuditPrivilege	3344	vssvc.exe
Token: SeBackupPrivilege	1380	wbengine.exe
Token: SeRestorePrivilege	1380	wbengine.exe
Token: SeSecurityPrivilege	1380	wbengine.exe
Token: 33	1684	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1684	SearchIndexer.exe
Token: SeDebugPrivilege	552	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 3564	1684	SearchIndexer.exe	123
PID 1684 wrote to memory of 3564	1684	SearchIndexer.exe	123
PID 1684 wrote to memory of 1820	1684	SearchIndexer.exe	124
PID 1684 wrote to memory of 1820	1684	SearchIndexer.exe	124

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-07-01_17b089653da1df82d2ce878cc5a02ac3_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-01_17b089653da1df82d2ce878cc5a02ac3_avoslocker.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:3036

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4824

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:552

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2996

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1112

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3468,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=2404 /prefetch:8
1⤵
PID:2500

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:2760

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4688

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4052

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3380

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4456

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:2908

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3748

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1408

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2500

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:960

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:912

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1924

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:432

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:5116

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3344

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1380

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:3020

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:3564
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe

Filesize
2.3MB

MD5
9a801bdd2d752dea451064fea27b29c3

SHA1
be3ec341a119ab60d2fc1016ea213904d8e51f21

SHA256
63918d460cf932bef365adec305221c82887e53070d39f6f0ce1ff82b0c7dd7c

SHA512
8ff6417324005904c2edce934a587893921d5e8282e14e3238f48173b4daddb7cdda90355b6be377778c041e00016c7e98c9600a88561713a8451d7fe0493b99

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
3eb071c88c0f501d6dcb5493bfaf4c5f

SHA1
301ad18efd0a201bf911d634f802fe886f0d733b

SHA256
3783298234569b3b7ce4a893bb5c69e73d720c16bf3d040e7516659680e99238

SHA512
967023348b1f10e92eabc0723037478a9fc6c4ccf950a8f9fb779fb3a1f92c5564316e7f09d62edf467d078c788335ce8a475e69902f1a1c459d2c65074e5992

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
c271a68a79914720cc87337fc123e5ef

SHA1
a5dc8f13c44f4484595c9e66a2dd25849591947d

SHA256
afe9ee3b0c3048f25e260411f8c55b39c0158bfcafbc3a8f4aca19bdb9ac0d78

SHA512
7bdbe05e2d136e244e533f66a6364883aa5d4fb9e1021fa28b39f46f70754316cc8ce6887e14499981ec173a271d6cc325cf548322a6551672341218a0263078

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
61fce62c4eb02134257ad8cafa34965b

SHA1
1f6147da37edf60c925e15cb890de146417f388d

SHA256
66b6566b0c2de601f98a9a06abc908e2cfb9d28da300589d50dbaa0b4cfe85bd

SHA512
edab89bef6f9e61c413f386f378ccd1bbe9df81ebe3cae50932db7f10a2a3091baf79d13f46ff51a334229f75f0f03b1cfb390e3aa5bd634a0c3c4717a7ca2c1

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
f94ae3fd9e4d0751aafcabee48aed5a8

SHA1
4e6d8b794609f37b9fc386108c049d753044f802

SHA256
9e0e6ef6181ef8320e8ac931bf9c8fda850d13b6fb94ba01c4e7365b33bd07e2

SHA512
61beaa8aeccff1e0217de30eee334e1ae2b0698f0c11a1bbe11ad2747b3b9cd16e866dcbe636017de20a4b3c09bfb3827ced58f7f34d43b418375745eaa763d6

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
c34a04dc5393ef22af85eb6bd2684be4

SHA1
6dbc8a13742175cb938cc97ecb27a83943166c83

SHA256
e5dc4706363fb46d557b90e80e6b0e5655ab6c7ab8df9e763534068787feccf1

SHA512
b431bb2ec828172b846232f98118e161493fa640808add9a2200d3dbccf4de83446fbb7c2b4eedf7a90a6e532af24bb21703162c17c9a4709cf44b0a38a5a1a6

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
c35e34f0c98afd92bd4ffef2a59a40c5

SHA1
c710604ad868cc3308aa592041729b87f28850cb

SHA256
197309be169e09afc7f9557cf098591ee618b13a8620072dbf1fdb36d48f4f96

SHA512
6df54d60a054af1c25e929771348be04f459d23edd46144d436d528e123e20c2e2095be083469cb1ccc3dc653d5d99fdfeab33bb4059f54fd497782f0fada5af

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
8059db1e053bb3a860e8054d041ae49c

SHA1
665da31688da60c25f0008cf5f9fd054ec46f927

SHA256
46d7fa148a114659c819fc0fc32091dee062a67d50c4c6a200bde565fde1d009

SHA512
3697825f1f014d13ffd8f2558116cc763902f7ca3ac63b6ad0dcb8d4e962f25edc7f6d9fcbf05327c5dc1c145a3598a7a3385d5c438cc652651c268983e11102

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
55d185ef56648a189f2906e49c20936f

SHA1
b7e0315f38afee7eca5c316ffcf63cb2c44ad19f

SHA256
064a4deee37ba7bd3acbbefadb8a83db8805a5235c33ffa7114dd89b0fd0488a

SHA512
6c684b3c6d83d3dbde0e8eca28619f97ce1fad4f7a18e3c03aba80d184405655fe314968c083ab08aa045d7ead59ab6707bb7a0e64a1e8455a98a858067c0b9e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
e01a440225b9ecd65cc8ca0e965c5e1e

SHA1
24eecc0948fa1d78d070f313e19850e23580e9b9

SHA256
92c36b43128872d54aef9a29f4b7e853b7c0c63a25bbab8c5c5d4f9f349f2835

SHA512
fc1c7d339fb79b767f704b90cff23aaa98e808bdbfb945376cdeb073d1234d7dfb3ca35227b4d2ae9cc1bf93b1cc49589fddd520d3d4ffbbfac6f67d4d695e4b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
e2588fc821434ce5db5edb4c84771d93

SHA1
11f927d667ccdb7400ab6c025778ee06f0a7c3f4

SHA256
1be3c1e7727869314afb2620d7ac59f905270ff308df9d1b3e4f82bbad20f89a

SHA512
2d12aa55710b74de6721bebc3d054f4e4be7f2be86e2a0c8245fe0a0d3ae35b42dcf36f4b07252e6592d0bf61d73dcab4c9a82d873107267abb8675bcde52e53

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
1824dbd5a55d0b675515af08b7a92aa4

SHA1
d49e9e4d253a91d5bea4ff015851f77b244b9099

SHA256
d4e020129b87505f2fe313d5a16f9b45c7d80b404a4d781a2b6fe6b299ae2fb5

SHA512
a0a62e19d9b305c1773146be975a9dd6791514680a73e0bde1e7337eb27e83f3bf055e369daa4a393a9b327b1593b41340c7d288af85a849767923eee3c7aa6c

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
1865b390993b46ea1854b7c87812e851

SHA1
672e2d26ae1d2c7b59fa6c2faf7e3f25008150ae

SHA256
a9623971850ccf31a9d10b2999b9bfd2201ed0b383a8e19c068d2f76131eb8cd

SHA512
9c2ec178ca167503985bda6ca2b6dfc04929989672b78f65d79b86415f1caae4b6982f7d2a5e2e4782b48e997a4dabe8860e62b106a8cdacdf94d07ea8774697

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
f05bd8e7e5a829dafa7698f01aa24a42

SHA1
57af05df0ccb9df5f94b63bace9aaabbc88c3bc7

SHA256
8935d82327ceb7e2a4873373e36c3d0de36dfb4cc42a33e73369892c4775fd8b

SHA512
7a9925b819542a6ffb95922811a01023dd7b5249e50d6ee1152356f1e9c4b2d3fabad535a0192d0a3501632558342bd2f36dd42a189b2d4a2f033e7fe9e523fa

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
50443f911304224f94d6e9f14c42d7db

SHA1
ccab91f4a3eb7fc07a197b592c7a09a7c01603fc

SHA256
e9760cdd288bfba69344dde15223b1b555ff4dae75e524f576d61dcc58d19c36

SHA512
b287bdf60cdd15e1a70ab79b8b0d97750c423602ebe2318a0d068b3a56b9345ee0381dc8881199fecc81b4b824d37051e209089f91b4eb0d0e4e098a92fec353

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
93e473bd19564f428e9463189be0fe0b

SHA1
d7c2f0782e306279382c58cb86f13bea5ad5a251

SHA256
ea95aeb51c9ce523a0805e4086cf6721969d54069a376fe370ed67395aaee636

SHA512
6f5614fe819f03b61fb837aecc86a45c39995d7336f87cdc5e9cd38b7ac41811d4463f89f3c136dcbf7615cf6657703eaaa78898420c93d3604e3f672e3932b9

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
b3756cdaf667a0a844ab619da47b0aa5

SHA1
0e7abbc72573a0ce0153a3b402a84dd35a52618f

SHA256
b9c4ed9cbb46ae3715a5444abebd2f810ae6221e80f95cff4588c6d6a014fcbc

SHA512
72d42c8e0ef9685b1f296239c8c7e08a35d65948f8cbc0a2d364a2166ab06d5d33ae2720ef52d26b6371a3df8196d4e667d1d1687fd4921f8a5355621a3db457

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
e94eb45b4fdc39440e03f910d2b1c00b

SHA1
98887668a76d422786b96b8f6eb8f256a031c7d2

SHA256
eeb0913a6c620a064c847193805b33f02494848c90609546461bf3080753bafd

SHA512
730166b3e31d2e9ffca7c35418aa03f419c4a97aa3645282b3a30883dad956d81bdcdd77e6d25d7a964c13ba3a9119ae569a729734e090eb04a1bfb52a37edcd

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
dd801f312644b0dff33a653285b15761

SHA1
db1961585e88cfceae6d76cb2ec890f93e2af29b

SHA256
cf67f934805b62c562c4ac390989f5b2126f08a197b146426c3b75b1ffc932b9

SHA512
9f60c8f4f7c99b3d894312e8d78210e2720f36896e24df00982bbaeb42d59523b7a36245e62bf87e4ade616a4e478a28d495e45426e78088624b8fec11acdb80

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
a10ab9e36fbaa382e478d4fa5567a790

SHA1
b3f4678fd115d22ca7a9cb43b7077b2f00fa6102

SHA256
77eb2aeaf11996b405045445a4f82c51d12126a22732427ebd2d319b306c7148

SHA512
57c7234cf6c774c91f574badb1262ea6fd473c4b9bc17b72ce0837f93d979ab41d99180de23c3b54132bbf2593982d5106e5dc8b4301a32a5513cbadf48220de

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
25d583cbed070d06dc126a6db0eb2be4

SHA1
3c7154acaa88a4b8af4d0c3c478febe22dfdfc18

SHA256
0ae557bb497b605be1e0b8f377b71b05bb428c6e0277fc412686f5d6034b18a4

SHA512
82c22eae24690d71cfa732f4c238cc30b683ffcfb5fd77482d4c59b614c1f77e001178573b146f1c2b0613a6256613cb82ee7bd5993c60f3aa16730bb1243518

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
c792889977a896be32a0097f94002511

SHA1
90c9cde18d1ed9bb40312060d14fb2ba2806676d

SHA256
9199af180fc1ef87e7881bbd2043b9d83a3d81998b71785ed0b106c2ec8f5673

SHA512
80078f634b6f8a90c69d4da3558375de50a45829aee9105cb461c2cb8d51e489cb7e2be49f5a1b4e9fe36bfa4db1076f2b2b56e21cdceffefc08a27694e5b5ff

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
297aabe1a87976e8f1c22cde551db49a

SHA1
b4af629238ef163dd899027d00f39b2b186e66a2

SHA256
e28dd2d3151ea7d5ce26034e79432e8787bc085dbcc087bb05929b47cac6b3b7

SHA512
e6236392eed70d2d5fc2299bf6fea0b0260242edde8d36bb2501e2e0634f37db4540aea0d1131716df0b58771b5b17f9a78790732de929f112f8b8a10f96d330

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
a226bf515f1efd450b402807f42acd89

SHA1
6990d195f573af3e20ee4fb2eec991a1f6219964

SHA256
e79426cb0ddc61abe2002d239016595826e0c08b27adb7a465879fb1f2f67175

SHA512
7a5b37fb8a816c97bc6d027a7e3e610ae3c95df1d22e3e1b408f4ea0f0d14b4c81c2789567266625d4197744bf085721d07b2dd9fba504fb0a51a859a5d04ae6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
3325f483bc3356d5d8b8bd587e2fefa2

SHA1
868f9e33495b5f646f4cf1397bd8ece4212c1b56

SHA256
8c4a4efecdab03722f92a761a89db946145ef7dfeb97850120c6ac77cb89d14f

SHA512
a6a3b18d4b13e9edb7dbd8a751dfbb1e88687e94b0b5e6fe37065782fbea5934c7fea4636cf0c33e931d48b77ea47d8220457b06928ef8a58cf1d3373a477484

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
a98374212844636eed3b526f0421207f

SHA1
928fb4e235ef014d5ba120960b9d0740860e5ef1

SHA256
ce0e2f0cf583120dc46b44a9a499264e02a96c7f2e7bbcac425d9bfde00b8425

SHA512
55499636ce45c2188fc3f3a0b0972ea109d7eb7e4bb5185a364a5f85aaf095318497b7e306ad386ff1e77b3e01ff92ec8f8968e0deff8e78ed33d29f936d186c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
cbeab952ea809f36c20b95e37faae43a

SHA1
cdf0a2468a30bce7b88e5d20dddcfa851707bf22

SHA256
982654d7f1aed7cf3152ac719e814ab0a2f8e504f8e1ff914fc34c656182782e

SHA512
f7d4acf5e26732fe6bcaeba08afd11434f754cf5cf2de80f16cb8b0afae8fedf1cf285cf1524b359fad5bda01b7e035b2b5f6a9a210d7cb847e9680fd8014b1f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
c31e5588562d719ed5747155b2cb4da5

SHA1
51b49b17099e604a00f9c50ff20feed27ffa300b

SHA256
91b1b995b58374deb8c5a545165a9cb554b56a14c96fe49d4f3b24c0edf7fe0c

SHA512
f09989e5f5a05b966438e6eb639e640399201177afbe9d95177e79f0f8cb518ba29ecf321181eb5acbb0861bcef12fe84ff31a1d601c64804ce39d7d4d8fd13a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
2a0b186ab4408b18ea80f8c1c47d67bf

SHA1
bb56f017e0187d6c0496bc9789243d332a7de599

SHA256
fb538f06d533505e426389381871a279b17670ac292adf40c810e24b7373fbac

SHA512
f8d6d35ca2d331c244d350046b801ff986c24bfa30657b2128e14c422211a1ab0f0238516cbbf1de91708186899183adcdffde8bcadc6f112081298388f1079f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
c212f64f930b79994987b577f71f06a2

SHA1
eb3919ce978c422f324d0e476e9d0880f2319fde

SHA256
1e48a27a889545ae0de09d628e2d332b5f84153de6ea50ab36f033bee8f7368f

SHA512
9af4de262b15412247734f6f240f17fc5a3bed7dd409d6f2ab110371da03c70c106a830925c0b07175dd0d9005176d5eec36eaaf9dd10f78610ea2e4060551fe

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
0705755150065f7bbda7f2f094c2aa7f

SHA1
eeb75e0b17dc8e90cda80c3bb0c7af5a663ddb7e

SHA256
178bf859c555e4421e09c36b63bff739aece7552254106ea40b9750d95139c2a

SHA512
e76d03f43af7f46b0b926c42c2715580603603717513e376dab79f35fd04db576724faeca943084030f464c7cf351096eaac87badf1a31baf09420aeb8e7a3de

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
3048d11cabac2dfc87aa4fc80ffe9bc3

SHA1
0ae396ee87b56e9551a4768aafd56cf8f38770ee

SHA256
292e58e890d2847be89a4d501ed696c5aef2be3d9221bd820e923f3ea46e3a77

SHA512
a13b848899862c3a562a3894904857f2c4812d0a0a43257e0b05c98a756314cb0dd6153888e5b72d2df6b40e92ab32745ed85dd3e9becb7c78f412f028b93284

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
c41cf47d97a34e716a914fdecb842aaf

SHA1
c733da6e20d2d25d01543679d335a5ed765ecc09

SHA256
82c1a70a596ec18122f3f3e8e0baf10c1c01e939d4f2153b9b26ed5e3317277e

SHA512
64a97bbafa18c6be0fb1d7fcf717e72651cc2a9793930eaac350c20184175e7743fc0cdddbd6a46aaaa4818a07615e0b000352836a3b931844311c3f0b89e459

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
e01b5adcaec86a8d797dd8a59869cfc9

SHA1
1c189d8c3d574f0184351a3194da5a125548dd2c

SHA256
91baa18b0c4230bda504c6808f934e0b4c2358d3ac6a457b4344d5570d06ae3e

SHA512
06d6149f7b422f674ebad3cc4facc2b29c0b0de533e159e02d43836956ea1a5ae65cc0ddfb8d1bcd704a4b0d96092450ea4ec84c8e48352e638575bf5773b5a4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
2bf20bfd2eb05e3c7cb1498d8bf0c42d

SHA1
d07cf88827a70376bf815c53f5a7022023e2e254

SHA256
6e177979740f746935bd2aa597bffadff853ff44a6e373b958c301638dbe3b1f

SHA512
1522bf50746b20d47dea7a6c03ffa244eadc02c0adabd04a7ef1c5dd2cad2fb9a4af4b4927a83d18905c8b14bfc2cfcfc2090029d2c35dffc83a077a01c91e41

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
a579ad4cd897a49160c949290711531a

SHA1
f4b128bf07ac58f517e0d856ed1d56e7f5d58a67

SHA256
52f3f1b21f3b995ac058483b5c27a7987af4e59e2cc874061b9ba1f22e9430f9

SHA512
ff279ef053d6fe2d0dfa60dcfff16d005e5381aad0baa13d6cdc15f3cf1278b3f91c9d2131c7e1d5902562b2935d84e7b094ca4407a4ad35684dee3b9d1a55f9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
6a3495fe683e994c626e1bd78b5479e6

SHA1
a22adad0a3bde4070dec7eac3b46be355317fd27

SHA256
a2c69e2edff8f081de5ff49ad8c2b25a3cee1b6325cb1cc2ed16616647ec220a

SHA512
549f5e4b22d9136f33425777ccc0ca59c68677f58db523dd2d69c5eeac65e27707abe279bac5c058d0f7d03a2675f59d7a6a0327ac8a606fb18c0cd44150f262

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
16ff01a6e00ea73bf1d381288f8e9e37

SHA1
e61f8ad279b2a523551c7cd4673284a8d3443c07

SHA256
eb836774304538b93fa1dd68afaae2017e97fb75c1931e8a45f3696b42d96353

SHA512
281c66290f1ae1e73051baf03a759b99d3eec25d368827fd7b3a137b2cddab024ee59d0ee9f82019cfc3a978ed49f820082c19b0371e1b4239392f98f8c7673d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
29e6670a9106931e83f1f3de48609cc9

SHA1
562819927e2627085eea755f07bea6e530a18ce0

SHA256
83036d8e94c05147cbc1d3b38ac9c4f850c5d36955f04958a840b2dee67f62c6

SHA512
7b4d2b3a1228a82b8ab68cc452529e79bb159eedd18f90c1a4f2e001b4f468af24c72bf679bdd4e4f798390f5961d7b6b8e4a0c8b52df32ec7b5539762cc720b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
5b37ba610098a678452807f5483bdaaa

SHA1
d80f4e3a0720c2f97e59fc9210bf4252708b306d

SHA256
4194bf6186111b0ecb65a315b8700c17b8ec5b3ab29c9abf2383028d4e7c3aca

SHA512
a53e597fd953bf68637dc91491758b11c45c4f67746cb085319799dc423441508e13bf4a1d16d4954b0a3b399e7fc411b07c7c5b76128bb98daccde252adba10

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
4b620785ae97d7660b79a6da9509116c

SHA1
8164b746f46854340261eccd7caa89e629961ac9

SHA256
5d10056111eede6bdf44efee8698a2afd786b75f11747e9061b574b1d175aa6d

SHA512
0b45c2e1d2543c2ea9be1325f76fc23881e513d7d7be2df7c0640a3f98f9388000e2c33065114768c4ffc4502f99ed15e3fb4b9a1f8e89b02d1a670955b6670e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
75c2aa3a7f3cbff812e25f53ca9d1011

SHA1
a6e435eb4c7752f9ca464d2e962b7065e9bf80bd

SHA256
7e1995e357991ef3ee2cf13dddba9cc1636cc019abfbad0b6d30285d8c7f4d3a

SHA512
b0d264f2a54fac32f6f604827406beb27fe68379c80d556b8c8237db825397e50aaf112e5e4c6a04d82bd349a11b47142216be69709592da494093169df77c99

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
f09ffe89ee884898e20e3ee52aa2e284

SHA1
b8ed51aa6568284818df8924d5bec4322c7b9843

SHA256
bd896e7b0564c0d5c7a511d8b0c6f53bc9f737cdfa6aa02b61467eeef17e6aa9

SHA512
ed3e23a3a6ab5b9d1683773ace495cd42434b195bebfe2d3df7776f0d1aa329218999012e47124093a3309fe724a541de86faad5e584957595c76a47d4fff6d4

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
afbe9069a4eabb9c8cad703d84e5e903

SHA1
73f78195dcd1d8148061e36a5d8889e8c239c83f

SHA256
c0e3d02e900b33a135935d9195d67ba4a4d5c1f0812c1eceaebe4b0be5104dd6

SHA512
e399d0e570bfd53b86643a5229cc566a9b870dbdd144cec83b103c1ae094984b62514e166fdd596c610fcc2f0fc7fd8223fffef0696a7d22773b8bc4ec91f25e

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
487106871a49a16c24767fc447db5fb8

SHA1
b989cbb9c75557460af8f13e54a8b9f481837679

SHA256
3c66d9f8d157a1805a15c28e0b2d747525ca3208aafd9c64386136b9b9542a03

SHA512
ed8eab61c17684080e430a8b43d0ac50492f810462c6e3b67bf341f45047f9a4a4975bbd0d85bf2bbd2def72c528675708ff93aad8e169bad28020ada16a95d9

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
8b275a54ed3d73f1870f0611604061c2

SHA1
e207524a663a7d7bc9bbe4ae9609fc54d881cc6b

SHA256
343068308938ef2f1c0d96c49a8341d71e8ccaf8613d4de9d589000d86c5748f

SHA512
088512534c530a57004c4ef8bacd5761787fadc3e63288d181c7700a3c878114de0b3200c0799687ee3e84a11941cfebc99e97858331984b33eba388cb4ecfe3

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
5d34f8f79d31fffe7ee2c34994a2f710

SHA1
040fa56107e6ca2f5d90835d5c4af02462fffd3d

SHA256
98e3d7de0f21be8219ce6b809b84c4a08e2db2ca178242fba3b1478a356775dc

SHA512
9b512227c7a21d3462f810b8be5340df6a007880fd8cf43781856bd5385d5fe25cb5ca5988d66d0e7e66a0a9ac4af71a15eeba2f1d4a648c30809bfa0169a9dd

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
a4f03c5022f30254636d62ea008f0820

SHA1
0e002a5cd828a1101a8e3eea430b0c79a3a96c1d

SHA256
d5b2f5ac3498be37e7f709ff346611e9c2be2d4d2c82a767c57c5da62423b5d9

SHA512
fdd608e6976cd54e7b5cec8079347915e89c4e70c88a91e24dcd2d8d1d21645a30ed6a8883df2ef38a17aa5d46c6fa6c244ad279f09c5104e3b0130b1b19a7c4

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
81710f0327eadf4de47b70a8eb0ab5f1

SHA1
df2f1bb2a23cd0816d1535029f0a0382bd7125ac

SHA256
e3b8392663a3bd09f4330238f4702c406bf78d55198ec0107f54ca6286c4e837

SHA512
729ef295451b770c392342b10bbd3172b71143a57b29888b01d683ea885937023df7100ed211ed4c33cfdfce35e03304fb7a2ac4f7c03db1acbf4f542c8a7c47

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
41e9c5e56ed914ced54e1cd114d008a4

SHA1
55608004a140706d8df35409a8b2ef76cb06cae3

SHA256
8ad66797d8d16346c1f814acbbf0989dd09193e821447e415f5446f29c68daf0

SHA512
b99d4b39bcf66a329531403454300403d138e51e248ecfbb151593ed65df85e502db02d2484b3547c65b33d78c3681070823844b0ca9fedb6b7631a4a4b64426

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
141b27aae0db9425b216c67161dbfb5c

SHA1
5999cc8e2c4510d2fc9f82221d9b65234d1713c2

SHA256
024dbf1537ec08db9c7e870ca143d657546bbfa4037e977a567cfed39cfe5213

SHA512
1f9e9250cfc40cc282e651215d37896f1dd5d23756d1161bd120cbbeebffab056fc88117eb543f6ce06a14f6de555d4dc10f29529e46129bd4adaf259160e71c

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
c929e0e032349cc18b331828c5896b41

SHA1
67c38a823749f08c0a402fb6a0c16b1efac2591f

SHA256
331e5aeb29f926dbd10aefcae5c6d6b0d6143e7d85a24ca5921069c91efd0d66

SHA512
2dc4cf69d9cda760ea4e117bec67ec847a157aaa8e2522fd9e5855c23a81fb2fb2be6b7246892358cb32528d596e3ffe1694b48505fffe51ee06fd3ba68bc7fe

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
dc5db8ff1e8ebfbd6064484ab4fb07c1

SHA1
c75d35f27398d2143ef6a221580fb2b3778d3e87

SHA256
f199d4d413a1291b7f5ceb9d643345f4b37b3435e275c083bbd33a917dd8a225

SHA512
fe51ae01732dc2ee9cc71d08110259116f86899146acf9923dec413b81a46c05d68d6861834d2ed9e8fbb14f0b1cb2026a9fdd65bd19a1eb2797600df79686ed

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
1e1af2ac97b2087ba80992c7487152ec

SHA1
6627f9c25d59583dc4846bedd57c22b1f11e0140

SHA256
8defa6c112b2bb2b04af1d71f17620d11395dff028418ca671be3e27e0377992

SHA512
ae8ae68dfbba9e6d4855655300a4283b32a15bc09b2f9522f77f1799aebcb4e29fd875369ff8caff8b6acc82e77812246b946fdb7f6f93103378516501548602

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
dd4cc8122b61994a64469158315a5eed

SHA1
ba36b6c9b55202ea67f7c87254faffb660640238

SHA256
9e073a0598495d218d9c94c82fcdbfcfada835be1c2a41683a51310fa719515c

SHA512
7671236bbdb627e7942c73956ddc9f6ee9d3cc09ed4593117df6ee42e8eb3093564f112cc1f949ef4e4c0527384eaad6a44189ba11e3fbccbf06d0ff2473ab60

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
9ddcf72fa27fa32c0107162d13fbd9fb

SHA1
bce311d9579be28c71e7cf9adfbcd368db2b05f6

SHA256
7408fb0c9a2f849228f37a4972034dfa969ef5bd7502b70df067d8f1912aae54

SHA512
7966b46c131c04bc37c3eef2ce281ad376c00b2ce323036999ec8e0adb773791de8df43f77f8541472980310b1557d61a3db1551e9232f9f85881fb6662cfc9b

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
38ca2825ca96d9a64e616ddd4c86b43e

SHA1
8a50b77e2f2e11a945032de278f9a560a445fd60

SHA256
0bb661b441cb374d6e90d82345aaafffc7ef3bdd3423e5b2aea083d8cce6c274

SHA512
9e0585b354ce0de95e8a3e982cabac5d3b61877cfb10dec35e6c10c45dd3224cdd3c02ee15898d76fda1d132ef248ae4efd97cecf7a22e6b4e2cc4fd855dd488

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
2c9f2b8f346b56550686bfedc4ac988e

SHA1
2ea64477b6c49d79bb081ab80964245f60de240a

SHA256
254f8808a05478fae1301a049c5951d0b0ec9f2146b40c4b4c8a516bd95645e5

SHA512
5e9dc9b56c9ce53d7101db7dd9af8b34dd45ef5a8f7f6bd36e1ef8036451b7820551721b39ac17dbfa85cc8c25251201288222d6dc7ab8b9a1b9090dfc7be6f1

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
b90cb32e3718a0537ac6b317244408a6

SHA1
463abde522b6432e220e8d1f883a3596c0057f2f

SHA256
5e01cd863cca07da537f8a25344a94b4577630dacb4f37074373d41c355c3933

SHA512
6d7ecffaf401a92fda65dc10d5141e994a49933372f5fd148d98a8c2611602171728b97aa0f56a4e4aba5c1eff3bc6ab55821ae3dad0f8a4939d538427ae8e0d

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
a0ffec8fe5d73787a5f3428a941774d6

SHA1
d25ae73f8dc4271264fdee6c5dd6a5ac11484bcc

SHA256
dc36e45b3b57c3e7f098a9ed5614e0162d0bd8b3adc2de64deb2dc55350f959f

SHA512
5e62ef930cc93a69bd7c560c1b4a934166d4b7b91483ae1e910de592d4025d1bc31ac3ffec17d779c488ede0c6571b9b6390573648dce5cd1b965046110e47cd

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
471947f7ae189b7305cf218dc1b59bc7

SHA1
48d232031c5bb4606371ed5b837781ec02c2c65f

SHA256
2b0b185b82c64e74dd56bd7b7d0010c86845d47e0f407ce845524991a707452e

SHA512
89190781c29df277f6beec94fa060ec7a3fad99f45e347fe9926fc2c5531bc4cb0a3a8bf0eb40765ba305f832d5560d3a0c37a1f36c129d7bdc7530b83c35f32

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
766bfc24cc49d5d21aaa143fb97a737c

SHA1
e152af4b9652e9af7667cc448542c9f86d013ffb

SHA256
2db757a01eb6c6e776f34b3f64854e9bb8bee7c7de0189e50fc20d7ff56d0356

SHA512
89fec3dc2de0f8db1d753ca55dcae898bbe778d44e14d28c1d21d39483795cb07daa9f278f75c71dda3487792d381f3fcaa7e25c396a044f0eaeee9b961233c4

Download Submit
memory/432-377-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/432-389-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/552-237-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/552-33-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/552-32-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/552-39-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/960-342-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/960-595-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1112-54-0x00000000015E0000-0x0000000001640000-memory.dmp

Filesize
384KB

Download
memory/1112-63-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1112-60-0x00000000015E0000-0x0000000001640000-memory.dmp

Filesize
384KB

Download
memory/1112-81-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1112-74-0x00000000015E0000-0x0000000001640000-memory.dmp

Filesize
384KB

Download
memory/1380-603-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1380-416-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1408-319-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1408-594-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1408-447-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1684-607-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1684-448-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1924-597-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/1924-366-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2500-527-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2500-331-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2760-246-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2760-365-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2760-247-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/2760-253-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/2908-298-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2908-415-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2964-596-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2964-354-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2996-44-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/2996-52-0x0000000140000000-0x0000000140267000-memory.dmp

Filesize
2.4MB

Download
memory/2996-49-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/2996-240-0x0000000140000000-0x0000000140267000-memory.dmp

Filesize
2.4MB

Download
memory/3020-427-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/3020-605-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/3036-18-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3036-8-0x0000000002290000-0x00000000022F7000-memory.dmp

Filesize
412KB

Download
memory/3036-1-0x0000000002290000-0x00000000022F7000-memory.dmp

Filesize
412KB

Download
memory/3036-0-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3344-602-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3344-404-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3380-272-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/3380-391-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/3748-316-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4052-270-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4052-258-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/4052-257-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4456-403-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4456-292-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4460-71-0x00000000007C0000-0x0000000000820000-memory.dmp

Filesize
384KB

Download
memory/4460-80-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4460-65-0x00000000007C0000-0x0000000000820000-memory.dmp

Filesize
384KB

Download
memory/4460-241-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4824-28-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/4824-27-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4824-19-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/4824-236-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/5116-392-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/5116-601-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download