d0dc2500ff9a17374966f895c3876b9afb52bcc3b0460a6265a919cd4835708d

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 20:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-07-03_5d83e980d781609a7dd98b1ab31f3ac0_avoslocker.exe
Size

1.3MB
MD5

5d83e980d781609a7dd98b1ab31f3ac0
SHA1

1bbc8810f967e99f06a8db152c1d736dc6016013
SHA256

d0dc2500ff9a17374966f895c3876b9afb52bcc3b0460a6265a919cd4835708d
SHA512

3509195f52d9dc10d0bc5544e77c00184a9d98c0168284174be59d3c1380ded876ca68a1becb1972514b468e52e03804ecf8f9a8991da24bf934c33b770542ce
SSDEEP

24576:o2zEYytjjqNSlhvpfQiIhKPtehfQ7r9qySkbgedJSkQ/7Gb8NLEbeZ:oPtjtQiIhUyQd1SkFdMkQ/qoLEw

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
2680	alg.exe
1864	elevation_service.exe
628	elevation_service.exe
5096	maintenanceservice.exe
2400	OSE.EXE
2268	DiagnosticsHub.StandardCollector.Service.exe
1032	fxssvc.exe
644	msdtc.exe
3732	PerceptionSimulationService.exe
3452	perfhost.exe
3460	locator.exe
5016	SensorDataService.exe
4356	snmptrap.exe
2156	spectrum.exe
4624	ssh-agent.exe
1508	TieringEngineService.exe
880	AgentService.exe
3672	vds.exe
1860	vssvc.exe
1784	wbengine.exe
1196	WmiApSrv.exe
3580	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\25f726d74ba38143.bin	alg.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-07-03_5d83e980d781609a7dd98b1ab31f3ac0_avoslocker.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_108875\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Adobe PCD\pcd.db	2024-07-03_5d83e980d781609a7dd98b1ab31f3ac0_avoslocker.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_108875\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\caps\hdpim.db	2024-07-03_5d83e980d781609a7dd98b1ab31f3ac0_avoslocker.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000004b063ed084cdda01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000001a3e77d084cdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000057a8fdcf84cdda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b99047d084cdda01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{487BA7B8-4DB0-465F-B122-C74A445A095D} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c1647ed084cdda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration"	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000a0800d084cdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002e720dd184cdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000037045dd084cdda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-105 = "Windows PowerShell XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-2 = "XSL Stylesheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{8082C5E6-4C27-48EC-A809-B8E1122E8F97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000099027cd084cdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1864	elevation_service.exe
1864	elevation_service.exe
1864	elevation_service.exe
1864	elevation_service.exe
1864	elevation_service.exe
1864	elevation_service.exe
1864	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4728	2024-07-03_5d83e980d781609a7dd98b1ab31f3ac0_avoslocker.exe
Token: SeDebugPrivilege	2680	alg.exe
Token: SeDebugPrivilege	2680	alg.exe
Token: SeDebugPrivilege	2680	alg.exe
Token: SeTakeOwnershipPrivilege	1864	elevation_service.exe
Token: SeAuditPrivilege	1032	fxssvc.exe
Token: SeRestorePrivilege	1508	TieringEngineService.exe
Token: SeManageVolumePrivilege	1508	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	880	AgentService.exe
Token: SeBackupPrivilege	1860	vssvc.exe
Token: SeRestorePrivilege	1860	vssvc.exe
Token: SeAuditPrivilege	1860	vssvc.exe
Token: SeBackupPrivilege	1784	wbengine.exe
Token: SeRestorePrivilege	1784	wbengine.exe
Token: SeSecurityPrivilege	1784	wbengine.exe
Token: 33	3580	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3580	SearchIndexer.exe
Token: SeDebugPrivilege	1864	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 3012	3580	SearchIndexer.exe	123
PID 3580 wrote to memory of 3012	3580	SearchIndexer.exe	123
PID 3580 wrote to memory of 4352	3580	SearchIndexer.exe	124
PID 3580 wrote to memory of 4352	3580	SearchIndexer.exe	124

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-07-03_5d83e980d781609a7dd98b1ab31f3ac0_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-03_5d83e980d781609a7dd98b1ab31f3ac0_avoslocker.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4728

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2680

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:628

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:5096

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2400

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:2268

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2068

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1032

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:644

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3732

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3452

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3460

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:5016

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4356

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2156

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:4624

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:636

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1508

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:880

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3672

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1860

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1784

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:1196

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:3012
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:4352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
ed0dc6c5f8a86db90e4dea90bba71610

SHA1
1aea4c0049a7f60c6a70d431ede4bf16824b7e30

SHA256
4d8683c004546a76cd4b3c47c8c5458af54f1a34cd8423bd62c222ba0d1fa4f0

SHA512
a1408955a4d8fd828a15f0970ae154b9d33520b27d4bcdb0a6d4e40e843eb77bf44760582334e6fca7b882a5902a978f544e564bd4c21188c0366137bac52ba9

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
53cc7ef14429c42f5678992bbe280d7e

SHA1
8c63067a50b5673a6f26fee18eaa225802796e17

SHA256
9f06f7c5e2ce44b93c0a07a44033f6874506a731045f516b82f392f2d080f109

SHA512
46223767ba7b1829d6667205984bb090f239db2e47c7379b6db612a8fa56072812e66f77420673660803061674879b7781300eeb8a8972f5e387e30f5a814e03

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
77cba20a497332f4d40b55e21a134057

SHA1
a1b0ac597083f15457fcc9558c2a6b7158150d62

SHA256
f5554c7afff5d58cbab5fbf84cea2387101a6e6c8dfe633796027237d492df8b

SHA512
c919024383d472880ca48c1577d753c4f090f0340fd5539891234d2fe510330c4a35ab9971948c524654b46c3f0ebafc90bb439310dc7ab7f9a17594e7f8a150

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
61e182c3196c4e8d5eb54af28f29ea15

SHA1
f0b507be367452983b92154dcd85ca5b7cf454c3

SHA256
d6ec1d5f5d870700adf05634c01c266200a2a0e70befa3330d8fe19e4d840816

SHA512
f2e5dde02acff6067342162d73e1b531d790eded10b240984284b67c0a3ced712ee619448e7cc5ed9c0005b2a6c328fe81d068eddf3769eb3651fd2cfc7e868b

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
8a99cb26e9eed2cb8f493bdcdf598404

SHA1
e8be06e1db0e7f9dd5de1dea0f5c197ad26b0636

SHA256
0a60ae1403ab577bc7ace37b18857ca7e625ae53386c90581660c9f3574812aa

SHA512
c444da112aee8a522eabd303d58f0d66baa9f39aa5d38e1afa7dd9c51f59aaae039394df304fd842f81c24fd40d28354dddead26c1b50e621d57177f263e9281

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
8a729efbfd93863d70ea88eba05bd4b0

SHA1
8952ffffbc187eae72fd807778261d05e7a24f3c

SHA256
7654eed7321da85e1154f1ccd741ce05ba8c8dcbc1f1bf509d93d3daacb97b06

SHA512
aa9d7a4e1a90e9ec857350c9d74577cc3f4797ca4fe01d5a9a2bbb2e8fd853406598d667deff5bd7652504b1b726fb6163a38e4c26166895f903aa21410cf592

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
d1cbfdb80f3517a960257d7c52bf2b55

SHA1
b4637364e74e58b9e87a6cf6b24b13a14c1b16a2

SHA256
2b50e6320c8a0a27941b86a877e46b1e79d4556ec60e36c94146dd1add17d9b0

SHA512
c27e2c723d625c1ca5490506df23d1cf9538ef34006ae5a9a9f43cab63dd7d0ca4564fba485a7769a9602725574e3203a7eafd88881ae165802a0b84aa8f79b1

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
f2b070371905ea706e0ad0b3f2a0a0e9

SHA1
547b982efecad478c08635e33fa9a6655894b423

SHA256
612b457889d1e7fd019544c93d76ad2290d3498b089065141a1d3c9b45f7fe6c

SHA512
2dca689c1172bb5f533fb9c12314a9ff6016103c0ddaccfc53d04d692ac4930e12afcb2dba0e34bc64cc821c3960678ec572bb85179d2613d25281859cb06edc

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
11dcf29b55e16b9402588485e8721e80

SHA1
4e4a2f938ec925a46835088fc1aca7a6e8b67a16

SHA256
c2b5169a71418a4aef12cb03c0ab93f7776d050d0b823119bee95161237427db

SHA512
d716f3dc34c21d88b59944a8699eea869e80d3cf0bb95e9a90a0c8c8591dec1361d7bf52f74f9fa725b3ef2be05996bb492dbaa6db59fd437b2dbe743ac2e97f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
b2c86dc04330848386471bc3fdffa883

SHA1
29d36bc78789dc499c6d687c2400db3141c4f184

SHA256
c4e987e6eb4ff54cae20c7d64e2ad4d2a8fbcedf1e303f76594c498f96b93a43

SHA512
5304bda4ee3b57aa9ea98752a4f84ad94de9fb97be98b0dc9ef730f3d0142b0577f058a46f0c5319fead20371ed504556d7ef68e5d8f814594914d997edf89e8

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
22229c307f896269a907c37de43fd62b

SHA1
e053dc69470d8005ea018d82e6bc1aee764f20ab

SHA256
c94f567ff749c57db122e1ba4b7bc6bf6898e647eda729ec002f737deac30134

SHA512
2bef071a9c3b60a3c175daeb4ae7e8f21e35089bb85e4b93023c601a5cd96f198535c10fc2bab9cb81758bb91a62ee7737cd2f46d980172c3074ceb378f80184

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
59a0b25f39188926bd3681240613e47a

SHA1
f0acd493ced541e5bf82f5cd6005bb578fea08ea

SHA256
1f9fa200a3b6d40b30955d9ad854f08235067f9a98b51b3bdc7dcb1d643008e0

SHA512
25278186942ef972d8103801a120d03e973ed30d041d5fdfbaaeecda5853b28f1e7311082aac9000723d26c21e8ab8822dfb991e0296f12b5c550db3571125a6

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
a41401195edbd832eea6d2d92cc682b6

SHA1
9a89a16ac75c75dfbfa70f0183f9875512cc27e9

SHA256
8ad52124d4c827c53a214810853712c724cf80d4bc0fd4a6f75fdbf5efb72e5d

SHA512
b8f20bc1ae9073546c81d12f46acd9e2d50e2521d0a62ac77172b6718c6f48365c10aebc80fa2f7828c82c275a9a28b22d8c1e6520ec28aeb7b84f45f6fc78de

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.2MB

MD5
60cad65016956aadd008fc2fbefd57f6

SHA1
e5736028e8db93df4688edbbf6174c07b10080c2

SHA256
071323c56562b65931a182bd288b1455cff50def72038b98f3503547026229dc

SHA512
b3998f368e6705706d707ba5039abb736f26133d2876f71ef3d1e111bf272e3dd9d632bef4e4d2aab98192e29331edda01ff951b5ab0ca4d2bb7206717c32f8c

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
51339f655c6789072d2da1ff7fcc427f

SHA1
be60522a64d8246f6661b1c0fb73b4ac330affa2

SHA256
7a02e859c18341cf458c7f166f55b9f7739e16d9804083129d1b885281385d69

SHA512
808473e85bb26af96393b8e9635ba2c5115058c8a827d31f128c51cc2ed5127df577cf9cb120da4603b95dcb11dfea1b60f6cab9c22260afd2c608c076f9a765

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
cd05277b36a23b398833af1cb94da036

SHA1
d37c57843b8bd9eb6451bc505467d8a84b082765

SHA256
16377c47a5f2f1a21625413da6d80087719f90c403389fa913d2638db0cc7280

SHA512
cb8eb43976f11e8d22bf1a89da4307cccafb6a7812a2702a8abd34678d88d6abc8b23f31e4b672737c9a9e68f254f2d1b223c1a6ccadb2cdcf0088c7cb7d83fb

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
481c14eddc725f83afc617ff5ada6178

SHA1
4a47ef675586e40b240e53d40fa60c3c72f01c5d

SHA256
69ec7d2dcbf8b7b423109f2aa4780afcdeb4defa82e6acabffbcb919757d33c0

SHA512
636ed729a416b7e14c3287cf1265829c7390ef8fdbe6f684a2359fed2e2e6f741efb50eb2872bd5f6aecbce498bdb0321ac473fb0c37b5679c2a6bd4d7b52347

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
1d33c3687bcfa4ad8167563492b8a213

SHA1
f03181a4573e7c1e823e3a6345f7586fca02dcc1

SHA256
3be9067eba188bcd50f336f3cad185d6f9651962251000728270422b90c48d80

SHA512
331cacd29d40aa42b1336d53b403dd9592525ca471baf378473a9c3054acff2d00c8e83aa60fc660c05d7a65e772868e47c9876218477f60b4fa94ef49d45473

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
5e76e860576fe50bce3348f7dc6c87a2

SHA1
da372c3788f6f42feed533b7ecf3b54cc746b3de

SHA256
fd81332521705092e0c678919b1672bbd4e0979f661d443343ceb5dcffbbf2ac

SHA512
1f9da9148abcbeb600093e2dda0d89299a6c3714dcec338299951765fcb1f5abd704befe9516d188b6bc6d2f8c3ce59e457f545b8f22d70f407c7db6f1348e81

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
8c7b9c3629ef3c7333ca68bc0fd8346b

SHA1
57d30f314aba840c4e444e532104bb2b24d2b1ce

SHA256
458db223fc2cf445f038360e0eafae9bb34c83841bfc53acda679bfa8cc0892f

SHA512
7856c226a38cfca557caf1ca000b9e07a421ff8916025e739900115675bf1c4c7bfef3713d48f1a8ac2f563058acd24db2ce8397bf38de47b56f1c54d15051da

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
2cee327a1f2dbb90dc6b8d0d7202a3f5

SHA1
108d528925a927343f56ff6d7e70b92e445b6a86

SHA256
524174cf16b8c8fc7a80841f85dfb5edcfa3c9264c4e26801de712fedd610906

SHA512
9b59e737c6df29cf0fdcf03aab4e48d2159e47346113df176e4d914ffd1811508e94944670d74d76350cf42df112e320398cb9ac1b21b35ca3c8eee6d2e53c00

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
9ca327dec2b84faa8045976d6ee233d5

SHA1
2ac17f0289a92c4c7b045786bd85d330e5a06c95

SHA256
6126c201a14225a7fa14df3dd4636c7365707aeb4c81df8ee2df79b4af4981b1

SHA512
c27cece54d88bbc2a1c8f03574b70f32ab44c48badeddc2fc4ae76bdfe71503e973e77ba82aada77a796ddbf7465ca8cbb31ac8e5f83e3e9b1453d0963e08067

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
56dfa9b9a72942eba6597860ddf410f0

SHA1
ef9fee14d86929cc5daf09bd753da60433ad245e

SHA256
196646a2a6c94564f59441f36d0f4d65be870ff73843a58414402e3463018a9b

SHA512
b31a14d23d66a9429f1169527543f89dfde4e37d66ec254248d4e27ede0d137bb929ae1da0a1d2eae7c285d359fb50845118555687ae6056bf234791d619254d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
d54f0d0ba4c91158eac2944af36b724f

SHA1
4f7f54ff869b0da58f416d71bb2a12c88f81a89e

SHA256
11c2f575e79f5419aa1471851abb9686f599c25df0d5e412c361aea4b370ca60

SHA512
2d1ac653d69949cd785ee464395e69c2eb27967f2d43054df12d7736c2a38f5a9d1070a73bff0feca654ccc5378401e54fa267484d430b7dae8a1c30e497d757

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
dcc14e6ed915ac1c5cd0cfd090fef290

SHA1
52a968635d463c0f74fad9d3a346e7098b225b8c

SHA256
a0a3909538494005e6c0b0881392494fa27771bc17ec991d3a72c1cb400e7c26

SHA512
a12a1630814d38d9c33bd9df9416697dae825fff4ff00fa2efcc254e2b528268c2ca53de8939d2c4e4a31afc218d8854e10574a288365eba06269ea6101a6298

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
473eb5f3c24dad100a350c4395e6bfc4

SHA1
46a7b155310b8d5bc2082cd0342925538afe56ce

SHA256
78add68c368e69f715536b6bf3c814abd42a67b4fed5c8863d08ae4305cbea7b

SHA512
2919cf5e610461d8856ceca8ded1fdb5583b03840190e1fa41f6d04b94f481e77466399fcb29b3c2980f9d535eca1ae7adf7a351becaaa1dc558887cf4266b4a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
19e724e81e003e237230a5d1a58ad885

SHA1
5f8f2c5f3109c394955f28ce9fe03b7b463bb7a7

SHA256
59f98516a2087b61d3b0a759c2134159e5d1e1b5ad7057b1c8fbf904519d928a

SHA512
dbd3a601da4c8d9089d30b2e131b3003cb8ea07d5365dfffad1d0afb7868706bb3d8f37f4e9c0302880baed417a0cc65fcb8aa2ca9019e1741db05a8630f7474

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.4MB

MD5
ee449f55410e63d7c6bc18a91b6a1fef

SHA1
5e1b0a20029443a84b5c27582a89aaa741526dae

SHA256
fa878020d7b318029b6107f6635e7f24cb85cf1dc1d8f0f105a004983dffee70

SHA512
fcd45df66cc867db0f7d1a1d013ed34f61f8a63cb9ddd12054a9eed43e29e3e4c3b07b66fc8054fbf2a5e77837d326e88c8ffca55877c81ee44ef1fd9c4c5ae9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
e5ef5e217bc30640e4c7a0194f3c06c1

SHA1
71037b4d9c3d309df7c91085f10b68e1c9f4c61e

SHA256
20243112fe0192344cf28c9a28fb36fbb967d3254accfa474b9e407b439bc91e

SHA512
d7b1a3467c6a2956a860f3f2e73bd8eb71a1feaa37e469933869c298227c2724f94101b2283f5da10eee52178ea0bf4cd6d1affcbe2981bcb752b59fd5cc064b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
0c77a59adfd2a020e24f74b35c1b6edf

SHA1
cf4d47253cc30269fcab6dc6efdee4f58b58ca0d

SHA256
11e0f11b2ad4946683cadb095b26347f046789e7381623ff53bc064ec5e4a16f

SHA512
884f1ad3293b8d08b13deff4deed9791c25b0766f8034ca40f517f216409f50a55eb8d3031f722ce20f75b3feff19eb8397e525e0a0c6846e0f594d35ab0ae43

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
37652dd7d78fb7e4172eea82c6932a39

SHA1
38ad25b7992566b62701c9ea46b5b57b0435acc6

SHA256
84512251f71c36f8d6e9615549f70a048568e7650eacb9d583879599c5874a29

SHA512
8dcb8ee4485c4cb2751701a19f4237cb01cac725fe36363a3c95a74dbeb3ccd8d989778403100d221f8283994bce434198733917c09259a348322fdcfc70b2f8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
fbe0604585e56aa4710a27a17f57d75f

SHA1
7a673a05225b76d669ed35b2192dedb08cffac13

SHA256
c15baba5897905f48194714f0d0700717898e9519503a96497dcac95d8e95056

SHA512
1e8f2305ab1f7df5cad8f7708e85dbc6df392f2de685a528ed1963920e947a2bb9eb8f377394ca9da6b4b210b19a4e32b7eba289caf057d95f02fbec549a9edd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
63358c0c81e2c0e42f33c95ce1d55b77

SHA1
5c9649974eeeb6671656b5709926e813bc913ff1

SHA256
f760c1ebec5a630af18efaaff4a3b19d49fa8676b6d9bfb085aac7d2752b274b

SHA512
11c6ce2ae087ae4fc64516413645a55abf7d827efecbc8d5e089f6173db6b39304b62b0480f05040850e10320b60569d400b2127a9c6e4f27c151179329963b4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
34844b2cc2842b00c57e30b9f3573872

SHA1
8492a0d465801ebc798c33be692407d21e45dab7

SHA256
69e25f9f9e8662d9df47aa063088a0c7b1ed022133af1cd27a7e872ad87c682f

SHA512
6997e9ae8af6d83d8186cb267e407eb69af91b08cc34a1a3fa355775e8b2d2202c79423dfe83bd2c951883e92c734ff6da6734a072cf5eb543a94087c281c79c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
bc4639c5c202f402f8b8b34e20cc6e11

SHA1
50a9aaa8f313dc02be78ae7c93ce192eb2e160e5

SHA256
ce05949c2f1c82ed6488973ceedc8edff73ceed2927edb6e379b8ab896b4859d

SHA512
f4f7a223f4f0eddc19986187fc0bb2370ef0f95af02a06e5c8e513cd941e751c2102ab5cdaf0eb83e18c06a647ffe70c12317b043dc366cb5b2444dc50da0765

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
1ca57dd56e243aecf40f32a0736f89f6

SHA1
47088d5b5619e41d00c47df78281a6920e9fef42

SHA256
9a823f12716cda57ec827ad1125db9aac37c73d763595c0a39bfbd4bad9a6c89

SHA512
96202eb7fc65a76635d7e3ca2c7280a794ba630718984b24e83da8a42beb7156e294283c6cbd1ba5b28f567530ecd14a268f8874a092ad56bd9640a74b84eeff

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
4f364a59dfe7c42bcce4546a68679ae5

SHA1
3026dfeb4dc229c2755507ca951cd8c2ecd66cd5

SHA256
a229042d41b5283920c5bf4305c05b0809ed1bce3d44db9d891b929ac6763e88

SHA512
f35b9dd5d55d6181b205c0aeee74594f98bca4688313e03cafde5fcbff3125363efeb71faf1fa01f7a49c1c691004457ece1f86c6cc0295158133b5b32785655

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
60b81f1a1edbdf29b73c7e04eb001ffb

SHA1
f3d86fed8056c380b6f30b95880cd2b21dc90a96

SHA256
9ff724ad4647dbe670609265b18570ef50264f31673b15bd9bd0629b7f9590b5

SHA512
c6593c8efd4bbecc724a48bb20c32d4b0896ed5bca25d3d56ad4e536890dde6cc39930c7b870e1cfc7cc7b2144dd0e905f2daccf9d6f2c6c220cf32392fe3504

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
8aa124295af238cc2826e7010f827e73

SHA1
b66c7de3fc04d38f97f15d6b200c36a2b4e4afec

SHA256
6c96e280dbbecd7611315b5ac24afd9cf89c6885a6d47d788fecf9d0fade3914

SHA512
393f3790f3a9d233ce3cf696daf4e899e61c8efbf8d08378faba71dd0d41514919a882b255864ff3c9840c0dd26dda1c09db86a93a683494be6b68d2cb4c8415

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
2ceef320f3a29a1d5a4a5f6e42c5c4b3

SHA1
6ad44425abfd9fe7f04c26f8ef8fb7b56b9233d9

SHA256
c1c271a8b81db956b946a95f24dff4968bdf85b4c6f1c45c657977b923c5aee5

SHA512
b26cb7f14868840102b13035112cee452411570accd52c8237a576eca18211436a98178022de4c463c8af129446447d28fd04227b5b9d3b0c666c244b7bcb086

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
9487756a99e170b5e6aa0483b6a5613a

SHA1
a671e3ab6e07336bf471ac3599c1888d96019578

SHA256
3c3016153c8c996273813a749cff2ab9774bfce584badba0b205f92c300e1277

SHA512
16c0cff547d4c4a371f27c4f751db3030aec51c1421ae33e35d8be867c04b94251a75a8b243361f8686deb2504745bde41e3cda5237781cb4af9b67b70eed922

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
895d20993d59da67dcbb672d52b9b528

SHA1
0a8df65d7b607961f9eab82b0aa2ccbabff7463e

SHA256
f959aee6b50eed3584a78f57950f48e3502b8ada9566ec0adbb7561fd6537143

SHA512
fdcad8bb12257ae2c3b42fca69259c735e31fba1e556530a97f1e26903ecb81964da257542c240300ec38c4dd203899a0d50ea8e66a641ea37e8aedc49890e7b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.2MB

MD5
953541ea1702a54d6a74a7b1b15e51fc

SHA1
0422edeae688b96dafeb6188891548f2e642afc4

SHA256
22b6beefcf3ced95ed064a8837f5c069a143962941263d99fb2b022da86cd0ee

SHA512
03af51ef30dbe74587d850259cd9e09c1a3df83bfaf26b9a79baeb0f5607213c7ddff8e7dffc7286bd7b5c726cbaf32e2d4519f1cbf9e241b7d3f0538efcff45

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
243f21c4b25c0b3323602b9a5420884e

SHA1
8d4d18a5196c4eff11ccbb08fbe0c85a81becc59

SHA256
39bb2202949833516710fa000a5f5e20f3df052374d1de4d92ebe9f974ec38cf

SHA512
3f97382daa7b397caa018ac6a24c9ba32ac8369659c6ac4a950395ceda652c2e50fa19afbe3b898f7510d258959c8650c9c6bafeae03611fcf74451a41f827ee

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
ca18a85f5c01b501bbdc496829daf438

SHA1
cc5a989a4c6feae44f46bdce5fb0d4a425673885

SHA256
29442c257ec3566d0b861f710c2206f3f970384b46fd61854ae3c62d734234cc

SHA512
42b609c5a6ee8f6f31a51eda7562c7ef22f4014c2a76522b11781916b4952cda8c0fd7a1d17292fa54e4ef17789d617dd2796c7aaf7881a16979538762565e2b

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
b3bf36cd5cdae9253a5ce8d27353b48e

SHA1
2ec8d6ba73562fffde7d4828b27ff38b60769687

SHA256
809090c3e936e0abbfec7c0d7b688a9d7f83f0c07025a217c7962f7cc12aac51

SHA512
4dbf28dbebc75dd06b7f47d4b867e05f9fae169df9421a689c657e6bd451d36ad3bc1f07cf51e83b4a4565b205c973c45836dc5af353852a6409eef0cce7a459

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.2MB

MD5
39d37cee3d4c151d2505ecf1d6c7ae8c

SHA1
ea1484f487d23f23767e7582c6ea235571d8aea2

SHA256
2172c9a1980c07b449a31c87775987c65c8ed20e5d8826e2f89cd6332a4359fa

SHA512
3412ae66aabb7c3f919f3a8174119fcf6449ee31fccc547456b4b34196becce11c837112c8a438716ba7e7b3b334f09ef6f21c07170142a788cd108a5b7c14da

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
88bf0ae4f159925e7037e50f51c60573

SHA1
11fb7ffd389614d2c7f604787e9bd61844d863c9

SHA256
e97ba65c6aa36a40ae9404e1b523f327f4c485cbdff5e2cd0a8167c0c06eede3

SHA512
c80d85a7b1e2ffe4d26d2f4145b0d1002ec79d2a671f57c0f7403d0ae77402095dc6382c75cdfa286fd03283ec52b7f07fe6eb69c9b54ca6a27aa17ecb700f13

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
9389c54e2090640194a0d3d9164b3001

SHA1
d95670b6eb42db442524a5ba1bda2479aaead4f5

SHA256
c70c8bc281e64599bbaae9c9edd37c9da441a78115009a9f44631385e57b2c66

SHA512
053cfc9748d92375d6e12e00cfb7113c83768a4f58868507ee3db37ef785b80564c10a21c80968848fbe4eecf463f80b40132ab19c0191161b97113a2ce72693

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
1dd53cef1f7e03bbfcee5afdb11aec80

SHA1
0209d6743b30f9a2f49ea346e4255a1454c3ebdb

SHA256
86ab7d1e978c6fe88c292f9ca55ebe6eadc19e1bdba1ce225ad9909e5c7e31f2

SHA512
d2cad9b49e0fb06791606ad0c249356c7704df2334b07f2901469ce155a2138ae52717ff88419c82dcfdaa619ce9738e284667bbf13fa3ccb9890a7dadaec9ed

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.2MB

MD5
9301ac08d369e6255cd9a6332b806997

SHA1
eb200f4889862a5f881aa4d076078c2b8d350c60

SHA256
4dae6ded0e35efc3961c64677b3a1d5ae781a245bd3c1ea694698e436412c693

SHA512
ecf387b2242b564c0ccaad59335265cc5867af535f218736fba3af34a45aeee0c450c99dba0ebe84399522b0f0b3f8ab9d9515d2c82ea0d802e2397950d5d6c8

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
f96eff955f0d58b5e2fb2148efa5de34

SHA1
7cc5e4946f7a07098c85cdf9226b06f95cccc435

SHA256
477a19b2c7e741556d0238499af40a02867a891428240cf4eeff43ca31557749

SHA512
2e666e5eb1a197d5e22c7c2e0815dc75a127c3f563cd83a108a5fcbf837c934641722dbcd0a972a38ada4857279daacf70bd51fb637d090abbfb0a085de2574f

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
71861d83cfb7797878c039c793316d49

SHA1
8b26db8376d85665ec03aeba8b7ded5db78ef458

SHA256
e5a3496fc7670bdf2129a5b002ba7895f996b713fdccbbc33f8d40c64d310c24

SHA512
ce7516696acb7a33e51667a699078d14172c80b3581f864a9e74b180f9012c469a67f63d3a9f6a059da53922e764143c058eb86212eae27574f760fca057c9fb

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
cf39941a070971eeb9558dabae39e918

SHA1
13193583e118d5c1fed544ef78c42af3af1d74ac

SHA256
876c20e36e0453e904ff6ea15391d75ab759b1fec134c5aa9c7f5dfd4034bf98

SHA512
64ab5827f30bf739c0a72fd138eeab3d960c63ac16223e0d6bcc62b324b55133c342a95590076bc0f766c73f1c4ab62c13c19551e151f83a9a9ba33253428253

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
4ee02486c811065d139fa0941d695276

SHA1
2fc6b53d585f4fe488ee944c3be2eeb0af3f6eae

SHA256
a6f4e7fccc4304c08fbbadee1cd191d9ce23b4c77acc8d26d17be196a1117f2d

SHA512
d11170bc72415f213e596966b18058e16aaea6bd2fd575dec3b70679b691508356cdca9d76602cd8689406d7bc34fcb70959a217a9c886de14fbc0401673722a

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
5cdf95f5a0e81d6e5c4629686104ea64

SHA1
1295170d543844a2a77aac7217c16231154c7619

SHA256
5611d1250c0ee411e8b7671dea8d67ddd183029ffc650c897d5266a29f216137

SHA512
c60eed7085fa3810f365837d2f59ceb3edf5cbae1c7c614c56152c16632f59bda29201696570e9e645a0892f59705d9ef95d74dd6df6bd3716ef47e322e709ae

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.2MB

MD5
b163d653203eb897502c0ff5418f2733

SHA1
4506392dd0d8bc323831601b1ac94e3711a1bcc6

SHA256
2278272427c6e8b7fe17f22ab76233d411b37f5d1112f47090f81d649ba782c9

SHA512
c588472469d71c7af24893a59f5cbe656f6c1e5a489bec923949609e9c4e095b0a5048295b393760785f487db6daa8b692ac5babc5202d3557306bf09c56aafd

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
76679cf99ba2b9308f9a47aae0744e0f

SHA1
9d3201a5a6f5bc68ee4c4dfdb57abfd4de5bd363

SHA256
05af072f42b854f7eae0c29501fd58d229c3e0f2aecaca66621bb11c08c072d1

SHA512
44db91ace8b5e8aeaf1651729351185f1b44669322880444ead0529e5bd3f34752ac4616bd177eca469f7abba25b37f151dd3828946e77b4a1569e10caea9be8

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
448d65fe01f4ef326518f5aa82fef62b

SHA1
eeff7b6e647eada312f63fa0bf3b4bcb6a1aae63

SHA256
ca1df79009c7bdf570642af5ac0a07c4c5a9907be5ec775f17646759f0f13228

SHA512
206ccbed3ae365e1e6ad80594b8efb33e73c1e55477fcd8c3c6f44c3b5ee9406e2f536ca4e9483c75740cac998be29dd8530b9efdee4071fed70d74125d00c7a

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
db2189a3e92c80e558fd6a3d7ae51a45

SHA1
97dbfac4bfe392f593faaf8174242e2b794ffe7d

SHA256
af3130de2641677b9a880c948f46274f4007d7a8e9632572c49959ff0f9752c2

SHA512
f57446f9d88147df16137859c80f4f19f95fb7d4853ac6cca140fe417d974e892ec26c00fb1da8edd4027a4e6c41e18781ce58eb452ac40c479b932b6e2b2365

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.3MB

MD5
807dda935a58a5fcdbe2e666a0423ee0

SHA1
79596ffc542a3d3c1c17946162638e4c6504305b

SHA256
88e8eac2d4231c806087ee970707c06198670cafa883dc7369fefeb5e623a5f6

SHA512
207d9a63305ee8c7820dcd02a8e658dcf596629cd60b5f2f2e4c116432335ceb1f2c52c46069d1afd92f4952228fdee779810686fcbcd1347eff198b6424eaf4

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
4c2d7b12d94c9de70f1dd23b6c43d18e

SHA1
e6cf68954f0ba85a1364eef2edb35328e06577e7

SHA256
f67e7456dfe1740a1e1c0e1b9dfdb07bb48225abffecbfb57616049e2a76cab2

SHA512
790ce8ed24a1a4803e07670eb39da19257e7f4ed75be0dfffacef5bb99add2047f6e1b164942e26399a318dafe9bb889996702af6ae2a0a1cee1557cf6123178

Download Submit
memory/628-240-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/628-52-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/628-53-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/628-44-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/644-392-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/644-274-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/880-389-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/880-386-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1032-259-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1032-260-0x0000000000E70000-0x0000000000ED0000-memory.dmp

Filesize
384KB

Download
memory/1032-272-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1196-429-0x0000000140000000-0x000000014015D000-memory.dmp

Filesize
1.4MB

Download
memory/1196-639-0x0000000140000000-0x000000014015D000-memory.dmp

Filesize
1.4MB

Download
memory/1508-375-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1508-632-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1784-638-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1784-425-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1860-411-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1860-637-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1864-39-0x0000000000CA0000-0x0000000000D00000-memory.dmp

Filesize
384KB

Download
memory/1864-32-0x0000000000CA0000-0x0000000000D00000-memory.dmp

Filesize
384KB

Download
memory/1864-38-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/1864-40-0x0000000000CA0000-0x0000000000D00000-memory.dmp

Filesize
384KB

Download
memory/1864-239-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/2156-629-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2156-344-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2268-254-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/2268-248-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/2268-256-0x0000000140000000-0x0000000140140000-memory.dmp

Filesize
1.2MB

Download
memory/2400-78-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/2400-72-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/2400-71-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/2400-243-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/2680-28-0x0000000140000000-0x0000000140141000-memory.dmp

Filesize
1.3MB

Download
memory/2680-27-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/2680-19-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/2680-238-0x0000000140000000-0x0000000140141000-memory.dmp

Filesize
1.3MB

Download
memory/3452-416-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/3452-305-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/3460-310-0x0000000140000000-0x000000014012C000-memory.dmp

Filesize
1.2MB

Download
memory/3460-428-0x0000000140000000-0x000000014012C000-memory.dmp

Filesize
1.2MB

Download
memory/3580-641-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/3580-450-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/3672-635-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3672-393-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3732-404-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download
memory/3732-286-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download
memory/4356-333-0x0000000140000000-0x000000014012D000-memory.dmp

Filesize
1.2MB

Download
memory/4356-609-0x0000000140000000-0x000000014012D000-memory.dmp

Filesize
1.2MB

Download
memory/4624-356-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/4624-631-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/4728-18-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/4728-8-0x0000000002150000-0x00000000021B6000-memory.dmp

Filesize
408KB

Download
memory/4728-1-0x0000000002150000-0x00000000021B6000-memory.dmp

Filesize
408KB

Download
memory/4728-0-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/5016-628-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/5016-441-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/5016-329-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/5096-63-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/5096-68-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/5096-69-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/5096-57-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/5096-56-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download