efb40dcc7b438fa00aac9dce79c869259f7e78c9eec265cf47a461ecbda40eb5

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-03_189aeb0dede2e2ca4a641ff1c0eac5ac_bkransomware_karagany.exe
Size

1.4MB
MD5

189aeb0dede2e2ca4a641ff1c0eac5ac
SHA1

9e0bafafd6c8db7110b938b07b1004390a207bea
SHA256

efb40dcc7b438fa00aac9dce79c869259f7e78c9eec265cf47a461ecbda40eb5
SHA512

9b92e0cd357e3c40709330083f9dd3dc383e9566c0ac2ea185343c4942f66448405e26b99b6406e20172a5d72faf795f22b376dc5719e60023335fe06332cdef
SSDEEP

12288:RvXk1Q+lCFcD1goThydrWUeB+QChZsrwbebPeVmfCUqVfZbdbHF:Jk1QUOoTqy8QCYrLLeYKUML

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
1816	alg.exe
3384	elevation_service.exe
844	elevation_service.exe
4832	maintenanceservice.exe
1272	OSE.EXE
2404	DiagnosticsHub.StandardCollector.Service.exe
4572	fxssvc.exe
1000	msdtc.exe
4552	PerceptionSimulationService.exe
3128	perfhost.exe
208	locator.exe
2104	SensorDataService.exe
384	snmptrap.exe
3400	spectrum.exe
2740	ssh-agent.exe
1564	TieringEngineService.exe
1696	AgentService.exe
2532	vds.exe
3260	vssvc.exe
2480	wbengine.exe
3936	WmiApSrv.exe
3960	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-07-03_189aeb0dede2e2ca4a641ff1c0eac5ac_bkransomware_karagany.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\c06b4abb293b476c.bin	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	2024-07-03_189aeb0dede2e2ca4a641ff1c0eac5ac_bkransomware_karagany.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E46787A1-4629-4423-A693-BE1F003B2742} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000001c79fc4b60cdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000001986e54a60cdda01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000083adec4a60cdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d931534b60cdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4803 = "VBScript Encoded Script File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9933 = "MPEG-4 Audio"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a91c7e4b60cdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\setupapi.dll,-2000 = "Setup Information"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9908 = "Wave Sound"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a64aea4a60cdda01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000009170104b60cdda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000665fde4a60cdda01	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3384	elevation_service.exe
3384	elevation_service.exe
3384	elevation_service.exe
3384	elevation_service.exe
3384	elevation_service.exe
3384	elevation_service.exe
3384	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
648	Process not Found
648	Process not Found

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	376	2024-07-03_189aeb0dede2e2ca4a641ff1c0eac5ac_bkransomware_karagany.exe
Token: SeDebugPrivilege	1816	alg.exe
Token: SeDebugPrivilege	1816	alg.exe
Token: SeDebugPrivilege	1816	alg.exe
Token: SeTakeOwnershipPrivilege	3384	elevation_service.exe
Token: SeAuditPrivilege	4572	fxssvc.exe
Token: SeRestorePrivilege	1564	TieringEngineService.exe
Token: SeManageVolumePrivilege	1564	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	1696	AgentService.exe
Token: SeBackupPrivilege	3260	vssvc.exe
Token: SeRestorePrivilege	3260	vssvc.exe
Token: SeAuditPrivilege	3260	vssvc.exe
Token: SeBackupPrivilege	2480	wbengine.exe
Token: SeRestorePrivilege	2480	wbengine.exe
Token: SeSecurityPrivilege	2480	wbengine.exe
Token: 33	3960	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3960	SearchIndexer.exe
Token: SeDebugPrivilege	3384	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 4312	3960	SearchIndexer.exe	116
PID 3960 wrote to memory of 4312	3960	SearchIndexer.exe	116
PID 3960 wrote to memory of 4744	3960	SearchIndexer.exe	117
PID 3960 wrote to memory of 4744	3960	SearchIndexer.exe	117

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-07-03_189aeb0dede2e2ca4a641ff1c0eac5ac_bkransomware_karagany.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-03_189aeb0dede2e2ca4a641ff1c0eac5ac_bkransomware_karagany.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:376

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1816

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3384

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:844

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4832

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1272

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:2404

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4120

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4572

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1000

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4552

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3128

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:208

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2104

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:384

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3400

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:3428

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1564

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1696

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:2532

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3260

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2480

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:3936

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:4312
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
8c79be1bb37ad744f7eb3b389c088058

SHA1
a034f071d26a9e5a671d2f5dd1cac06622705182

SHA256
ebf256b0881265c689d73f4ce800a11a729cabd74db5022b80f86dec963b2ffc

SHA512
5bbf9c2d83d84b2e7310e0dd6d55192a99af26624dfd8d10a1d9c285a121ff134055c94e871ab73499e961c28eed1b95cf0a77ce38cda2e0d73f900fb0ff07d2

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.5MB

MD5
e4d6aaf61599911a67b16c104cfa1ed9

SHA1
da107f0194d18d82f4e3ac293e647f424408acb6

SHA256
adeb9e4331442b9061a061b67a6c3e2172ee8e5f407635017c04e08732409c95

SHA512
7a4d21a8a15585e96adf9c71f1efb6285f5ded12501d590a0b69e69a9c7eaab95e34a49f14ea775c26b319f82b0c8f9fa425ff0798d7866e6a94b72c2c68a345

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.8MB

MD5
850faa10408f137515b1510978618922

SHA1
5c684cde5a2ad03832d5ffb3d978deef33020fb3

SHA256
0371f6f812be6983d2e20512e19a68fdbad6651e31d32ab6865e1c674161a70e

SHA512
9c8c856cbd1b355f11d53ca3697ec5e029acfd5eb69512dd21bfd116f8330bde476d5cbe51052d16b22aac8426c82d933a6ca5100d8a21692cb5838468d5891b

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
f8523657b5e4d47524146f3674cd7d92

SHA1
3083db6368fb1625cb803c3c99dc0251776da0b7

SHA256
bf5e62ffd4b938efc1b85180fa2bd99dfcc8266654b39d6a16d9635a4d097aac

SHA512
9653d0f3952ee30311c4cc5e8f4e378902ec06a632eb670217236bcec1232798278e87cb604a59442d8b20a274ee3fd9f1e75bc567defb14dabd4e4f9734ec05

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
ff14cedf77257b06831f7acb023de07a

SHA1
5e18474c89b6fca482fa4069ce6ccb869f7a86cb

SHA256
459aed29e0a98e800d91ab449a1b748a699debac6ffde6ac886149b7c6bb99fb

SHA512
d1648729a1f2a735e476d204ddfe6f14cfe2ac9bebaf166dd6d06750963438820b9c44f96b6a0b01be2c6d5db474cfa46f80b6c0bc6581af55242ef4ceb65da5

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.3MB

MD5
39f05b2982f99f67415e543ed5aefc0f

SHA1
8e7faeb369186c167bba96e35b84e20bf89ed2c1

SHA256
ab5e664545e739f1959e31b25c1fa4f60502ae108f7feeae43842ac0274b7186

SHA512
f0216a509bbd2f2bec030ee28089c1287bd01c1bd079e296249732edb702e4fb5f10b19f5e1704ea68bd11a6463a905c1c35dfd37146a9232b70e0a35253c20b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.5MB

MD5
f9ad3c08b6b33a369dc45fb1de101e09

SHA1
7d5241944aa358c1751084c4142b28197c688569

SHA256
1b3b65cca5369609fc5fa48328af9fc5c41b66300419fce4490e4693c8dca498

SHA512
9d0b4311f563dc07a9c5d7ece365391645508baab65c04e7d5dbef01539e91c26d33d5b319f3319ba07a0449b1af3ff4769aba73ecd0b77c741467d57b044efd

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
98608a18e3f08f8b5ab6813b15358f36

SHA1
7e87d037490d4a965e94fa8c89e011bc3c6659cd

SHA256
d10a2918dc3c221eef0f86a1aaca826e87d5159bee68b2ea53ce17390a46bd0e

SHA512
5d89437ef703f2ce9d6c45f250ec1be823660c8d5dcf58ce136f3d1b04227a5ca294bea2f4fe9a1c97b321db4e61af02a729f41dbc93fe680531eca813c50115

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.6MB

MD5
f81e380b9576360ab6adc7aa99977ce3

SHA1
57226cf4a4d5a5dfcd0afd10f8ddb9d26b9f74f6

SHA256
3ce72294c2c90937f5fa49feb044c085f05327da198246c71a9ae015a0c69631

SHA512
5955e3999f5c23b5558df1849f01f31b0a7f81cc346bdd4739ab5fa8bff6632a2a3e11b78c8772a4b6b33c83fb9430663b2f0d059b4b294ca0996e556ada0e88

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
34771139a3cf15c254ba67a6206031ae

SHA1
1afa15832c4aec75d4184afb20714d74a475219c

SHA256
68ac6f68341806c1f30ab73dc30c287d1697b897dc056bfbbf8befabde8dda8e

SHA512
7c22190e96657c2d8359f3a04215e3d8f70895248ba56f5dd6faf4f2ca8f3008b8a43e470dd537923f8cd9882a5ed6ebb1cea72d3a53aca576becc10eb9eb4f0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
055701e616b59c256e0356dc75a1215d

SHA1
ade40e3cc3ff09fdb44f973272f4d9e2be60a180

SHA256
249fc3368b74edde6d39da85a932914f83a99a39d09747c2c909b0801734160d

SHA512
0d849e7a2af662e516865e175d2e2ad2e0c1247d86b3e6e37fee0bef4424a7086302a67b3a1efae6df04510e97001602cbe131d5cd0bf55340db1f9b0686433c

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
d6d3d35224f05639cc86531a2128b6a8

SHA1
732b9df6b17472a7bd2988251b2be596f8afc645

SHA256
f6a8d0f7e8dfaafc61767343e3a694a992e451549809fd82a5197a3efe832460

SHA512
d93b528b7a26c47a3d9850097b88b2b2d0689fa7109cccbd6f1df15d190255ab137a46e7055e350ff0a315674858f07475e843c110dfc3f73419c688ba1d5d29

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.5MB

MD5
23860f1da8887075cfecf335e2a46023

SHA1
378cc6e4d38672ad77d76207aa318abd803c19a5

SHA256
ace3dc7131b15230cceb657bd55562915cf6160cb492ec8df83ca1664c8fe7c9

SHA512
8c1784d5f309416c323e0c87ed27fb6e6ece8f348b9644378a855e7c723fa767cd9f4e4eac05c567924da37bfb4910f134221de5a56ea38f9d26e7d2c8117539

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.4MB

MD5
560744ce375eabd341c18e59f098a699

SHA1
5fdd28a315e5169be8482137542ba5da0557d0e2

SHA256
ce344cb6dc0c5d5c2cdf4940a56e05652231b299a0ca7d643f7b239058d262cf

SHA512
fc15ef442c852724a3e08bd7775bc97b7df41ade772123b29700ab47c30907d456c685638e49ccd9924c4a8a40cc99ba6063bf74b9be0c68def2b88fb694c86d

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
4fcc93d8c8a45a12920a7face12569e7

SHA1
b214dcb17e3b4e500ca1de353fd7d65de7dfa32e

SHA256
60f63cb6cfa9743953f8075db2cf0e54c715fd302d6c9fea2b0dbcf26e794020

SHA512
cbe6e967609a55deadb31b351a035c7d68b4fc2b2109abbf609baccdf8727b56334844dfd5a16d8e6008509e99a7bfbdb6e80871173452b09eb05f9e2ff2eb5b

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
9367910c17ff3854eb506edab857e2fb

SHA1
07805df24d585d0d93edf281167dcb3e66fca8e3

SHA256
9b6c1f4ca42bce56ff22a17f13ce9c9b38f83c20f53e3bc0765f3e282bdf7179

SHA512
9d15da6a6a771f29aa8a5bcc6347f49beade59e361abecab9c181ba534a14f91181b227eb5dad94551ba3844617e1d2b57a75fa33765950de4af10005f21b8ac

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
f95144b3b364002fb01a5bcf43433534

SHA1
097c6cf5f47bf68f8c4fa2d1a2237df4f78bad5c

SHA256
d3a3d6559b058da92d90d1dbdaac3036c71e28b3f3e4eed0cdc6dc616cf7ba89

SHA512
7aa7c1cbee1cad15bb07977dd86926456b40600a4e0c5f2cd0967fd048622c136b350d150ad8bd88d251fc2d51fd5642c510a2eb1630219fbf8964c7b0b57a4e

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
0ac8c9c19a1ae268bdb7bef7538a85b7

SHA1
387c2127ee5d84f2f7789b73740595121a94b856

SHA256
adbec4ee482837311863c8b887085d2eff499b223f823617347f8482ef08ceb1

SHA512
e8d5d5472810fc4be49dfda36a7f97e8453311f2bf1c2e68bfe3ee4500854874d93310506d7de3a72bb7f168d882f8676b29bce5e6407fc1576718720bcfd832

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
e5927e1c93fd056946ef2d9834676aec

SHA1
126d4a0a839475d9f085e07c2c8782142f4321a0

SHA256
fa59717deeeb1ae8dbdafca61ce10cec17e0f2c5e6614cf8e206eb4361a519b0

SHA512
0bf260dba681d2763875bface96f756d529a873e2af79581d50a12604a3350866c8dc2eb43521ab51b782a4709d5191cd9dc8bce17455310e89731bffa9167be

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
9cb636b77b5118207eada60327b2a16d

SHA1
01602eaf45295ec19d37e4ba94822ae6f2e8b3de

SHA256
4052318595afa9857a725b6b0cc60bc83e667c4d75ae27a1365b5ed85f102afe

SHA512
438b02274a8a9aa78c680e755df0f6229fe098924413567c52c49f765a27bcebbdd1c9a24dc00f40c0cc62c03449f86b7accc4c77256435c8cecb00cafcda4f8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.3MB

MD5
f0a69d335515be001cda996975aa2322

SHA1
c0d26f7f64455ff29534d36dffe628bc7a70b9d4

SHA256
bac1029f6bfa907800a1e3c7252d777fd421fe15b345f27a49bd50520b636256

SHA512
f4893663d13fbd1aaf5cb64c8d92453ca48eca6b711d1967409719e77ab4a18728b372189c7c585976b8cc807fda3aa6548c08144157600df0720dba2a9e15a1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.3MB

MD5
087a9f3d50f5f68eaeab9560a90e5195

SHA1
6fbc99d8a6093f40bb5c63673cf20c292868aff5

SHA256
9d02744c896eef443e13eda7a3665c5aca100a1448f5ce62dc4d30f875c430bc

SHA512
02eb4e8f9eb57cbf98c10ff871091169a1099bbce49281744707ccd7d0cda13ffb4a257a085b34efc540c64c720ad862e11cb7bfc4dd023fb102858066cee447

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.3MB

MD5
e66b3bdc552b8cfb477f5d3bd45f58e4

SHA1
897010ea5be30749c5007c5b6fe7e7d2337063db

SHA256
48a70a993622389162e9b704632147b7aed3837a8786449a5387fc32ede7b65a

SHA512
88ae08345912c20ca9a4eee8906e9ba2b50196ccd0b74bae36a56aa6efc7c4705f2d86f2fe2084909d2204654d118b09e7069597de448cf16478fd5ac8db8ab3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.3MB

MD5
d93284c05ec29ef1d9502d50df614a75

SHA1
4841cfc9651a371068dffc016d0c416028276c17

SHA256
d8beb45690a9ed6adf46d3a40cb5cebd7a33f0ac44e392fed30b2cd8e4de123b

SHA512
172eeef9ae2b3a86d83746ebd262cba72404501d69f6f0420f1a13fdfaeca51f79f2c73eb062a8965bc9817325d4263f8f377fdf66a03c9b79057ae877fd8865

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.3MB

MD5
78bf5db440a9ebd1b0dec74abab61d65

SHA1
b9ac9601c5dbf3c58d55e1cd2f31c26bf6e489b9

SHA256
a9e8806988adb0d3e754c470d1f308f2e66e7c1d1c54bdf9453556f311a919a8

SHA512
5c3899d332969a8c77702d0ffd20109b6a356fbebaf4738b57c4d2ee0056acf7c98729212c1d0d1b84a66c240b21c2d615382f9d4496ea205e40982a0fbfb08e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.3MB

MD5
4371e6f9d71444e54253897c653219d7

SHA1
1d51394c2abd6e1e5380449f42e40260128fbee1

SHA256
47fac1dd417425ca4a2765dbfd6fc6af552c1d2f24ce7ba2ba5ae805ff69fcdc

SHA512
ff55c5158666d519b7d00c47b9b9baa1247f07fa38eeecc1a435f6c8264d4ff10f1588ae7d1b7f2dd028dd68697e5fce5996d9c0310c96987dc89fdf0fad10fe

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.3MB

MD5
8267f275e14bace5e92c0d4446b59d68

SHA1
904b8140c1e0d8c46b4264b443df5c40d7e7654c

SHA256
3faaf5bfdfd06885194382fcf1ef204a852c3a4d34bc2d97293d0fbd620fb2c3

SHA512
4b0396cd9156cbe54504b2bebc474387278f54771cf202085e192abf00c52c3f50560562a190eeb5b1966c46783cd35edc0f958cad3319491cd3abee2150f68a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.5MB

MD5
c7560ce6cc0c728895d64c779b5c5209

SHA1
7439658bea03bb3aac95ef083e8eb0e60a00ee7b

SHA256
c16a1a9fdcfcece861ac274ffc803ae879314de56c392d5791e88169f7dcbf8f

SHA512
9e2e76bf3bfb025204dbbb9dd2161827509abf49cd5adf86e96970d5629c8754f1113623e9ad485e7e58823e2b125997d266d8aaad6887b74272a951e1f345e5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.3MB

MD5
3f4825b6e15641cdd1c0455f82014f26

SHA1
6b03f06417a3af47e8b2ec3a06d2ea0139370d19

SHA256
74ae05027de20a197b688a82cc7c520815ecbce589ec6fe5994157411c07ead7

SHA512
5c641f78ba21a3de0e09fd0c177c3bd539c902533f673ae5171df36e95fa5885093fe8b5a214b582ff09db76967d3e497bf3c61b3d4894e859cd46815fba8cf9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.3MB

MD5
0497820804bb7c83a4fc1f6c95bcfc84

SHA1
29420153e257536314cd401d25b235c5f3092515

SHA256
243c955d992169f95a86019255e779254582ff3fcab20292c108201d1eb095c7

SHA512
42e6f129afffe0e9b4d1d3c7abaf33dcefd441600800ba44154e6b9c6ac1594b3dd4b92851dacd1ac3c59ad0a5f02001c5be8edea10c8156d1d05b9f224ef303

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.4MB

MD5
5580d91d524ae6b77170fbc53f92a6de

SHA1
09b675e68debb37d0306fbf20497c4eef462f9af

SHA256
b18784542b1dcfa65803fe5284115518b06d3173ac48415059c2df5cb0815fac

SHA512
cbb98e176d22dc58e8009d174a3faf3f0524363346671b08c06173df8eb465924cabf6cf3e6fdba5e3fa49377228e884de49b6e9320aa50a0ef642574c2846a9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.3MB

MD5
6f94013622f097364adbee07c07ccc0b

SHA1
43a7522385b35e64ae5eab32189ed6df671d61c2

SHA256
b1f45d4ccfecba3d8a032df2dc23668152be03d6fd06362b7de8ca510111b44e

SHA512
17a9de5ede9a9f718f50e132cdacfa9bacdf36a081e95d9d80e8ba34562a98d11ee48d962ad6287965e50d0e143a3a724ad30155d70c43cfc8328b8cc72ba001

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.3MB

MD5
227981600556b89ec11668cd7ce2e6b2

SHA1
de736e9f2a42598a94727d8ededa6c27e3c3af25

SHA256
542f937cfc5ff07d830abfce177bdf5011f1ffb3297f02c675e4c8616d6ebdfe

SHA512
90f670be485d6bb6d59b1aaae7c20723e6c355a52ec7d76ebe3d8893dd608e7001413f2f1f26bac789f63263aefbf647b31b4139d148395a79cea49d8d67a4ea

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.4MB

MD5
d1dbcd779f290d4b17fa6d467f7f3c7a

SHA1
6eee5053ab08c20f6c42f1b984d4d2c2d763f572

SHA256
6bb31e1104b8ed6c08a510c174ed7dc44101843deccf48b9f3231c9f9601ca0d

SHA512
9fc400272fa6fddc506b0a32d8087ae8ffb041b008f4fa75522c52d3eb248abedcb0acff8ff573c285bd25044119667e71480622bcb7a56d5ec8f36d8e11dbf8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.5MB

MD5
2f4932a314e269a7c97698fda8ad317d

SHA1
442bb28b588ac658239d61058060b12b182d6597

SHA256
09d15ca0ffc52e0acd8dfb412febd0feb1a239ccfa66ad42d3b6751bfa06f37a

SHA512
5f44df4372af89b316540d0887235f0ac8999dd59b1d71ddd53dcb24a14f2fa294e924be5f73decd28bf441da24ef33d1c73a2e77cb3d1216d15d3e8ed734d75

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.7MB

MD5
657a3e6a0f0dce322d4acbe1a417c8bf

SHA1
fb5edab30bf824b5279aeb4212f2242f3c056085

SHA256
37b75978ef51a25dfada74a3f5fd6f2d8e6e9e238f070508522a59f01d929cdf

SHA512
fdf9980c74c45c4395c895b3da91c9105c2dd6c0899692c96a58bc583c157a71462678d47be04ba304f05a450fc18a0ecd7b6c28677aae8b7e6d540181311222

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.3MB

MD5
a95f1800d3f7f9f9e105873f992b60fe

SHA1
1e9faf16bce51f771df612904bcf214793590e0b

SHA256
da00c38bec124f4dbc93d0a0baded018cc21e0e3f56d0bddd20657de009276fe

SHA512
513194ec879cfdd9f93cff8521eb0cd903ec18fbc33d7f5bcddbe0040bd3f6dcf55fea39caf54814acfcbcb3ba62f00601d0a639801cff06ddca4109cfcd2151

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.3MB

MD5
f184154624fead5f018b1efd6f9d279f

SHA1
885dba023ed471d5ae913ece8813c72289d7275c

SHA256
f0bf739207ceb7e3cfcea46a195a299ed7e5365689b133428c2dc517853e6af7

SHA512
c45019194648efd3a6374ac4746a143ca643d3b2e6bff6762523e2c2f21975d6b4c268fb6dbc2a7e644d4d1188c845916ddc334bfc2269ea42af3b67947bf1d5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.3MB

MD5
36fb23127f38ee485ec7e8c9b8b3fd48

SHA1
ea12f636af2a152896fb8102bd780e29b39426ba

SHA256
930514e55e936f59548e6f62b96911f55cfd564c3eb6f91be217e7efd8b2ff36

SHA512
aa6b5e5cf25840388371d4823a0d06527e7a744cb157075bc4ee688b920297eebe548065b7c8c95d2c775f7263eac1b763b4280cd1edc701687ceeb26c266d45

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.3MB

MD5
cd1a93db1bea872d93a8fe784c037bc8

SHA1
9fe63c77991867003117bc51e35808f11e5dc33c

SHA256
f152dc3fe7f65cb7b0ba1921a21040d35f80f776f79f768a12607b6c0448ec2b

SHA512
320174d140e7efc6e1ca62a64af2fd366a02b0824f963cc01aa09707743f47fcb20fe19b7fd49caadf0eca01d46d1b75c974efbb7e2efd1438651f6b28db9a1f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.3MB

MD5
97995b357457500ed957e32c1a3c7c0f

SHA1
16139582202caba9e537b45f7a66e5320b902293

SHA256
a788694b29f2b2ca5edcc8273656f62753d59ea8e15493dbdc201db406ca9b1f

SHA512
76784a5a4c7c031c420ed4e5f080c4452c72df692e7207f8c2843e014c1e1df6672547a9e0e17cf12388aac194715704e6dbcb48d3be73be04f26539b3852167

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.3MB

MD5
61c0d0afbd444d789d7d93a1cdb8f01f

SHA1
6dd4d017d2a305739031952b3e0dc8b204563ced

SHA256
eba5a4cd154edf72062288b477f5ba7140eca806a219c90b739dfa076ce109ec

SHA512
666ce050ba72f437769edd7de0d092fab67e511c14f1939211dece731544270ef46c492dd0de5a9dfa72f59860e133214925f79d81514fe691ffe659be81ade0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.3MB

MD5
b9bbfd769f50cbeb5064372a802129e2

SHA1
9d7d2dedeb99ea17ae19f9c33e2cd4cff48dcafc

SHA256
916a350070d05349e1edb6a307316461a95569b4ef6f10a696bad9fbb2f2f4de

SHA512
a8382346c4ba5847f96be020152d7cb693cf77b39c3d2704861612cb463716833cf3ee70419e1ef948cfd7ee7fa7514a8ad065693c2025b085b640685de4b369

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.4MB

MD5
40fd3429605325b09db7cc7cb6f9274e

SHA1
174cfe60163b534c52588d1ccbf90f5dbb829693

SHA256
d454641f10ccd0b1161999588426f6c4003431d8ee380e4a4ca47c9dc070a8e7

SHA512
486dd55d4a576b7175ba1155b8c462edb18ce9cb039e4abcc78755abab7daebe96b866b8aef2bb795f535b4b84b3531f10b878be5e4da583f6bb6bf142c7addb

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.3MB

MD5
57b9b9a4b3c00d5aa19b3460406bbde1

SHA1
fe8f46cfd8fb7a9a9ab165effcfd18ff4481e5f4

SHA256
5c7ea33d0ad26b55330df49c2f52c8c7d3898d0c6ad6a053e032a70ed62593b7

SHA512
1a951206c6caeed77c34908750b4d262549d435d435bf7d3d6324dfb4bd1ce36fb4a8ec5db7d8046f99d0cd1d025b1c73e7a0ef67c95ea3f885a68a596504752

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
53a363992005395dcb6a7797df969a1d

SHA1
6d7ed2f89a27d247ced6836c96a534d8af3b4fb3

SHA256
da0274f6fdab65857d20faae412432ff295d9f735a8034a412fe55ede4a0c26a

SHA512
15b72a9546a30c9457918917a824f8f14eb3acdf402175a808139aaef4b29e1d9acd404b78159ee90de0b7da10c74d2baf88effd4ccecd7be0cd7b4858831ab4

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.4MB

MD5
26cfcf92bd29daa231efeaef58b78131

SHA1
eca7680da90d72d99966eb292b769761f886d53e

SHA256
30be96dee08121d7168da89a48094fe89161101a3998bf446a38b53cd0b809fb

SHA512
40a6d44fc2fbee5cbee0b5b313620ae6881fe7fe049e49b7770ffa6d511b3d38ecfe99dda2083490b5cdfc87ee3697f506bdfa65023bef263d8f0955b080d85f

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
3d259c1386ddb58eafb47d343e881f42

SHA1
4e334261b7b89b7cb5f95e6aa6dbf80fb60983fc

SHA256
ba9e5c777d7925d1881edceeec976235bb11b5158405ac6e1624d621e82eb960

SHA512
04ae67beecb608e896eae775bea4c5839596e662008a1c5b17bdd35463a1ad2663f7b1567f38e851f3a7e6129aa8a6e98c21d0e0e62e53f146cd2c6995f647b2

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.3MB

MD5
eabaa2c100a9f9d8d401a70a2eb08297

SHA1
a0bd132b9ae79942b5831acee8e699140e6c5739

SHA256
49315dbd37bd7e660e261a1bd405345378c5dca852833eca9681d284b0b215b5

SHA512
d2d6dbf64793f06d6b5734bdf36f7398d9ec2c2394116d1d74c46ca04438aa497ec1bef517dfb523e582d6f65786ff67f8fc670655de16b6b983cb4f0cda77b3

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.6MB

MD5
d2963e57b762fa95a34c712511f02327

SHA1
007987eab53615db7adccec0bf1d47f25f8f042a

SHA256
7bdd4fa0578d18d7d84d9c13a31619476394520c1974c1a7e6c4f60a3d7e4b76

SHA512
a1260b64cf18f7fb818dae0b8062ccafa209786d4b2e889c791bed4c55b444ec9493dc76429f8bf480f568c111c7bb67664e58607d085d4e84508ed6c1e2a7e1

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.4MB

MD5
1d16017a01338ba9bdd5388e0d57ec78

SHA1
d9a18da6d08ac11e8fc2243a742ab65015b9884b

SHA256
76b18af18fc757386b9bfb88d3537b643696e2370ddeaff31572974050e4fc15

SHA512
26c5881fdf9bff54eaab867ced2e55cf286cde816d76fd84585797598ef6db3b7a56ac73b47f43333005e06c9b36142079ceb8f2ee63a76ad890694efbb1c0a6

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
85e5a6a5723ac7fbf5e6c4b231f92ed0

SHA1
b39c211b82978673ddf56a56b19e67627ab64481

SHA256
b44c4e03c2435c56085d9e7be59ca8e3725a06ae373dc17e7cb364b44082f5c1

SHA512
6227b0870595f81954c8ef65cfb0f160efcb1325016a60f3ed177505a26eced1404625cdbc454547c5a2c6e6dc9f1b9ee99df3e0b4a5b39dca41895f1b7c59d6

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
8eddaf2b919a6510ed23d702636dc8ff

SHA1
611ba3bd7e6e64ff6e181f8f1de8f4ed77fc6854

SHA256
4a97a07adc35fe278b843784a9de37a1975c85d8981a2a85607dc846acfa01ee

SHA512
c146485d89e8564bff4e694a4d6dae6ca3ea76f198d20e8395cd7003dea749ddef0bcf87db7c6cb084f8ec644fca5f3f01ad4afb1eea9c0848c4cdf2e551f990

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
1865d58d056429daaf8b2704427cddc9

SHA1
217a87ff92aa118f6addc4061db09f39ecfd23fb

SHA256
67445cfcbf83903fcb82ce0cd92674884c4f4bf03342763ddd131e4fba3a7d00

SHA512
3a622946e91403329d4bfb63d0694c47b8646888a6af3a5c5b806ce76b6a50e08a9750594df5531fa43685c0a2303e5c4ef6d4b7412af2eadda9a3cc15309d2f

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.6MB

MD5
93aa27825f14bcd828c01e1223834147

SHA1
328b498877dc0164d40d03ce04687f53c95a7f0d

SHA256
c2a5ee78e354509c7a5d67599a647826e098c592bac24211a896da52fa0bfdae

SHA512
0b8f5d70e69063276e6c2b852275af903fb9e1302fb643798993225f59ef535ccacf711002168659feb606841a44d8a6432ef43616bd6f8857068362d6134cd7

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
e56d5eb121641a0b7bc407fd9ff9f57c

SHA1
128ffb6e50a541315d4c822002a0734d83c8be3e

SHA256
c194c429633869a864cae2bb69c9b9dc2d1c130c56a9734937ca282c7f3b136c

SHA512
bc8484516de0bbc527d86dc305495905647a0dab39c2350f470d9c350773b48d5d2d34e2123ec660734e8e29b13a65893080d5e9dc1491ab7a8ead5369a921d5

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.4MB

MD5
b88262bd0d3178d0a2aca8d1eeba0ab0

SHA1
97d2d6414295990c4d6695a48a46f90caeeddd2a

SHA256
b9decf3ec3b9de0cb8e5156fa6e0a577f18569844c0e54589b66de9ff5a6b243

SHA512
50a8b2f071652bcd7dbd189420fc2be89c56c58350565a1ff0d58b2c5c40a89d1dd2ee951e57f79108230d6cd3cb3f73edeed72607e0647c8e3db0be98c68a89

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.4MB

MD5
01ac339271fd6f9ddfa33925416fed0f

SHA1
8891da67bbecb9e473f2e276006fcfcdda78a836

SHA256
54e74cc992430ace55e16ee04fe768466ecff031b1b5a805178184848491d9e0

SHA512
c182f6da7d473667eeb7ff0792e68c57c3dd2ba35ce95056c885f3fc96ffbd9214cf0e535e0b30083c439ed3df4493c7ebc813e958d09d94f782102bc9baaa82

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.3MB

MD5
e3ff6671911f7e6cc3e73ca627386199

SHA1
8d0adc0ac80747ef1a078430611184fe627102a6

SHA256
841fa4f119be56858968e780cf1f805a8f22d65a30d56aaafd32559aa44e3d6d

SHA512
8be580fa148d47d9b94b7c0cc75480f32d2266d607a40e9862c1ae1de9c39fad8c75b205f76ed087a896848ff49bc80c92dcdcc98d4a6784606878cfa1e8ae1b

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
0a87fa05075aa7a4516658b10baa0223

SHA1
9718459ab1022cbb3f83f96735061c907a2471a7

SHA256
c4c7de782599e962ee59abe460c1e4867b30aeea11909bf3ecc0ce8a7107cb09

SHA512
2940b5416962e0cf27e1644e6232105ec8628496c9839ff859a4ac7c7c876e74f799c62cd2980fd944122bb77481da19f3343eaa813d6eb11c10d4f5b712fc55

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.5MB

MD5
b9b55a90017f8a9d28c1fd62aaf22105

SHA1
3a3c5a61c85b103b3b5f712513c93cd9aa4843ba

SHA256
47ebadec9b75e3797125448374a854297c28cfd02b2782f4883a83ab4723362b

SHA512
83b249eb33474d8d7355a4a2a1644ddf8f037cf76b67e4f1114d8ad0bd12c4b73da001743227e866039a3f6e90fbb0c14e8c58785ed9136aa0b3b4dcdc20241b

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
22ddc3c5842c6e148b93b044ea9fc277

SHA1
de00f96a7c290df254d06f4ef3ac4b9c113426fd

SHA256
91d94ba93891081a202d18dfe1c4a75b3b68e4e392e9d125a06e04d0d2421c14

SHA512
0a82e2630ee04f966d5bab36280148ceba913c6c3eb9aae4b2a01480ccd90c322b474038720b8f81940352d17ee0bae1191d58a72b7a0f6ecfa154f90f3be98c

Download Submit
memory/208-433-0x0000000140000000-0x000000014014C000-memory.dmp

Filesize
1.3MB

Download
memory/208-314-0x0000000140000000-0x000000014014C000-memory.dmp

Filesize
1.3MB

Download
memory/376-8-0x0000000000710000-0x0000000000777000-memory.dmp

Filesize
412KB

Download
memory/376-25-0x0000000000400000-0x0000000000567000-memory.dmp

Filesize
1.4MB

Download
memory/376-0-0x0000000000400000-0x0000000000567000-memory.dmp

Filesize
1.4MB

Download
memory/376-1-0x0000000000710000-0x0000000000777000-memory.dmp

Filesize
412KB

Download
memory/384-603-0x0000000140000000-0x000000014014D000-memory.dmp

Filesize
1.3MB

Download
memory/384-337-0x0000000140000000-0x000000014014D000-memory.dmp

Filesize
1.3MB

Download
memory/844-40-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/844-48-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/844-236-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/844-49-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1000-389-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/1000-270-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/1272-75-0x0000000140000000-0x0000000140186000-memory.dmp

Filesize
1.5MB

Download
memory/1272-73-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/1272-67-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/1272-239-0x0000000140000000-0x0000000140186000-memory.dmp

Filesize
1.5MB

Download
memory/1564-644-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/1564-372-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/1696-375-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1696-387-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1816-18-0x0000000140000000-0x0000000140161000-memory.dmp

Filesize
1.4MB

Download
memory/1816-12-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/1816-234-0x0000000140000000-0x0000000140161000-memory.dmp

Filesize
1.4MB

Download
memory/1816-21-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/2104-438-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2104-317-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2104-642-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2404-371-0x0000000140000000-0x0000000140160000-memory.dmp

Filesize
1.4MB

Download
memory/2404-244-0x0000000140000000-0x0000000140160000-memory.dmp

Filesize
1.4MB

Download
memory/2404-245-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/2404-251-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/2480-414-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/2480-649-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/2532-647-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/2532-398-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/2740-360-0x0000000140000000-0x00000001401B9000-memory.dmp

Filesize
1.7MB

Download
memory/2740-643-0x0000000140000000-0x00000001401B9000-memory.dmp

Filesize
1.7MB

Download
memory/3128-296-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3128-413-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3260-648-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3260-402-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3384-28-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/3384-36-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/3384-235-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/3384-37-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/3400-340-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3400-639-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3936-650-0x0000000140000000-0x000000014017D000-memory.dmp

Filesize
1.5MB

Download
memory/3936-434-0x0000000140000000-0x000000014017D000-memory.dmp

Filesize
1.5MB

Download
memory/3960-447-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/3960-651-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4552-401-0x0000000140000000-0x0000000140162000-memory.dmp

Filesize
1.4MB

Download
memory/4552-282-0x0000000140000000-0x0000000140162000-memory.dmp

Filesize
1.4MB

Download
memory/4572-268-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4572-256-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/4572-255-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4832-52-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/4832-58-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/4832-64-0x0000000140000000-0x0000000140186000-memory.dmp

Filesize
1.5MB

Download
memory/4832-62-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/4832-60-0x0000000140000000-0x0000000140186000-memory.dmp

Filesize
1.5MB

Download