3925377a0a048f35ce275a5f4580d70d14eb22e2d92d2790f904ec21299d97fe

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-03_c501b7e8184b36d882bfda6ce2303c04_avoslocker.exe
Size

1.3MB
MD5

c501b7e8184b36d882bfda6ce2303c04
SHA1

3022c29821842508e02a14468b0fef9ff52a4a75
SHA256

3925377a0a048f35ce275a5f4580d70d14eb22e2d92d2790f904ec21299d97fe
SHA512

d86e352191c2d66f73de1e335dcf36921b6a09d075cf2f5ba3af2e4b3d67d1b81d9a77f68c367ae190df4b99cd971ba27498e8375d734cba6df5bd940e645bb4
SSDEEP

24576:U2zEYytjjqNSlhvpfQiIhKPtehfQfr9qySkbgedcGFBP8JUODHG0900ibGP:UPtjtQiIhUyQ51SkFdcG7y00ibS

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 16 IoCs

pid	Process
3696	alg.exe
732	elevation_service.exe
2412	elevation_service.exe
3272	maintenanceservice.exe
3652	OSE.EXE
3200	DiagnosticsHub.StandardCollector.Service.exe
3260	fxssvc.exe
1332	msdtc.exe
2224	PerceptionSimulationService.exe
3740	perfhost.exe
4560	SensorDataService.exe
1552	spectrum.exe
2804	TieringEngineService.exe
1720	vds.exe
1496	wbengine.exe
4352	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-07-03_c501b7e8184b36d882bfda6ce2303c04_avoslocker.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\cda172de4bebce60.bin	alg.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	elevation_service.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_96109\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	elevation_service.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c2d08a588bcdda01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000acf6b0588bcdda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ddbbb5588bcdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-105 = "Windows PowerShell XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration"	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000005516d598bcdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a0a5e0588bcdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\wmphoto.dll,-500 = "Windows Media Photo"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000ecde7588bcdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-2 = "Microsoft Script Detection"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{487BA7B8-4DB0-465F-B122-C74A445A095D} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ddd895598bcdda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9937 = "3GPP Audio/Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9926 = "M3U file"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
732	elevation_service.exe
732	elevation_service.exe
732	elevation_service.exe
732	elevation_service.exe
732	elevation_service.exe
732	elevation_service.exe
732	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3064	2024-07-03_c501b7e8184b36d882bfda6ce2303c04_avoslocker.exe
Token: SeDebugPrivilege	3696	alg.exe
Token: SeDebugPrivilege	3696	alg.exe
Token: SeDebugPrivilege	3696	alg.exe
Token: SeTakeOwnershipPrivilege	732	elevation_service.exe
Token: SeAuditPrivilege	3260	fxssvc.exe
Token: SeRestorePrivilege	2804	TieringEngineService.exe
Token: SeManageVolumePrivilege	2804	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	1196	AgentService.exe
Token: SeBackupPrivilege	1496	wbengine.exe
Token: SeRestorePrivilege	1496	wbengine.exe
Token: SeSecurityPrivilege	1496	wbengine.exe
Token: SeBackupPrivilege	1404	vssvc.exe
Token: SeRestorePrivilege	1404	vssvc.exe
Token: SeAuditPrivilege	1404	vssvc.exe
Token: 33	4352	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4352	SearchIndexer.exe
Token: SeDebugPrivilege	732	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 5072	4352	SearchIndexer.exe	122
PID 4352 wrote to memory of 5072	4352	SearchIndexer.exe	122
PID 4352 wrote to memory of 5060	4352	SearchIndexer.exe	123
PID 4352 wrote to memory of 5060	4352	SearchIndexer.exe	123

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-07-03_c501b7e8184b36d882bfda6ce2303c04_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-03_c501b7e8184b36d882bfda6ce2303c04_avoslocker.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3064

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:3696

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:732

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2412

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3272

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3652

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:3200

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:5088

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3260

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1332

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2224

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3740

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
PID:2652

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4560

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
PID:4196

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1552

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
PID:4056

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2804

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4052

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:1720

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1404

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1496

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4468

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:5072
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
a6c28123fb7f8846cd138c37bb93b18b

SHA1
93e63eac6ebae0932763282aba93783a4851e3b7

SHA256
839f8870e5b0bee08e32bfb94f614c8edef9d422646a554d9b684bf58c58171f

SHA512
8ce80210ad33e1e98973528f0277203d9f87f821211638905259d5665f1010664438a2aff0cbfa9c1cd068532a8076cddd64a17288286bd42284c5e2e251bcff

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.5MB

MD5
8efd3a986c87663b5f3b9b0a84e309ad

SHA1
d0a904adf89e5b46b2c02efd94e93dd1cba8c449

SHA256
b67a3281d7cf8724c28a2a237642d347ad1522215e4c964183670dfbbb6a9d66

SHA512
f78346a42568f38a065904ea82fc8f79624589a73836d55585d0b170b9051438e284248fa97934e4a45c0d83d6088636c14c61fb9ab7cc8c09abeb8ca205e842

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.8MB

MD5
5cf1c1c68546d81e76e754dd58f070a5

SHA1
7b940caa608aca692d4beabacce170489cf8b0a8

SHA256
260148b08592f363fc6523d973ac2dd24c7fe063f72fd8ae257ceec06324ec2b

SHA512
3f8848ba15f73b97eee5dffbc96c77bb8df1af91931ec17ce69d3b6a1a9795a669ce06cab0df6cf43b665887efdc496e789ca630046981d75cb42476d4aeab48

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
0e4c59b12a84d52c23a81ed066987721

SHA1
9f6d7b14a274c48d07a10c1a317548e7cea6c1dc

SHA256
6018fced8e996cb42f5b8723dcddbd2ea1604bc28e03e0b51b104b97d94a62a7

SHA512
912e2fbf1d52d5a63056e6d0b5b1ac97bbd32b3eae367a3836dbd82eb6cb71f60a0fb0975f2d85e39273951d85d00b64b4a6a88138c3b97bc76afafa326bdebe

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
ed1c09d92031e076c5b084d359847ab9

SHA1
f1c2d8d39601e5a0c617561011eada827857b7a4

SHA256
e714c4f34f459d225407df03c6c6646163c508eac4bb7e841c95f734638863db

SHA512
01f9572aaddb82ee459ce58a4a69a908bf048a69b763b7d3e3dc4853a9d8bee44b855a0f3e43e62f12e8a55c62ec706c1d53ba2af24beb935a7ab0c024ea46e4

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
27e9075d9fc278b816d508d1f3fa942f

SHA1
a2ae1c894b35d34a7e7ace82142f4986626cc974

SHA256
56bcdb581a26d9bd031dbfcb2fd9a88577e4cd1db76664db36763e1ec48ecbf0

SHA512
514ec6d8f32c1601963e6872f108bb442213fa78e458ef056106eac56f6a5dbacabde27e8c10ddcfdf0498c5e6713f16661608475a2b878644661c94c4801984

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.5MB

MD5
dc1a04bbfee8739aeabba407d40eb6de

SHA1
edad9a4d9b3f21a7b236c7c24ead4409db7cb30d

SHA256
127bb787dac6dea1c4c690af56545d333fcecb6d2e4bfac2fc64bc694a6fb4df

SHA512
dc7b96222ecef8bda18287f963e84c7f62427d26c4ecbc14aae473c315de3101c0b07fdd046b6017ba0d14165f8dd2a666915ab016762d908e839a02acb2c8b9

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
3fe6278c2ee30700bc71739d387f76fa

SHA1
a2f8d7d4099490d820af23367aefe5242f1cd20b

SHA256
f2064427a88a7e2bdac26cd19cc0d925f203c40875dd09c3ecc8d56d6abd4bfa

SHA512
1f06fd6062d662693b3a029de56f09b44266c6ae7e695e10f239650b7e52eb019408a3ddc66693e00e794423bb7ecd6c6aa5941b08effb59cc34686bb70f9d57

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.6MB

MD5
15a4cf6a6fc95ec8d36f218e6e9eba57

SHA1
321270de6d4edb4f7f451348385d5f91d10405b9

SHA256
b80f412a563997851bef597aff7bc7bc91f7a919d6f6c6a884a0a04ecea2f020

SHA512
eca098b88e4ae3f2263cbbfe6c1af8128e3415a28edac7ed402784a28115f8e4389cbd969e257c6c17dfdb65349f9997aae45b21d267ad7ee3bac5823f1aff6a

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
dc74362a05d383b49e1d08e68cc48aed

SHA1
ba4bca025fb88f3ee662ae141922edd6874ee6f5

SHA256
100de0098099c55dc4377b5a715b56aa8fff26e5a97781e1b3b78dc80cebd246

SHA512
7415a7449a16200498fa0c19659f8803199a5939da27f288984f6adbc044a21be1180d3f818db7e33c0b4df7e1f37fe77dc58b7f6b4dfa9bd02e423578cc985f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
65231d2a692356477cfa273ff9f3c9f8

SHA1
1628ed85eab5718b6c9ddd2a27b2e819b7da9096

SHA256
100cdbdcf532259d50c2b66027482bd0f20195392851a070e9e419f4e25b23f4

SHA512
bdefcf74be33d936ddf21ebe3a27c127693d03394d9e57c84ce5d12c9f6c2a3198f3324b3c5f02363c8ad5f077ce1e652ba3a9d85cb47f1cd18c5e2427a1176e

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
5c57e2d913e55c74cefc3310e7086862

SHA1
7a224212c979560a242c699aa38f991a4227cee7

SHA256
388742076b70ceda740e23411e90cccfae0be13bef455a7d30e385fce6053030

SHA512
dd475844a577e4ec00a605c1d0ecf2bca5d3d7cb6e856e7c28456b1f94e5aedddcb8cb698377c07ac469e22c0845456e941d998769ccca660b74432c57b92380

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.5MB

MD5
d808401940bff9235ee1693e29c0f09c

SHA1
76a519ef7c364965fed77f777e6083dbfa0343ed

SHA256
215d124078f8f6a2b9690e21ccf849a7ba0284b9235d12f3e8d50d1421e15041

SHA512
06d71ff290bfdd26c93062bfe0345fbc67fa5266fdc4e30017af346529b18c66f4c371869313480fdece4f099c7ce502a0256dc0cb056e69ee8c913348bca4bb

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
a687cad3f14d96f839241cb6fd6b5c21

SHA1
19d7501c50a649e034415e2fbcbcacbd3192b97f

SHA256
c43ab686ef9234613f135fc5956f5e99d923452d839aea7e6bd3e82887c44d75

SHA512
a1c7ff075d207e14f82ce64421ce6a56d6ab2764f744330b623bca597ae1e0a6f2f5d5a0b3634b819bbd5555d63ea8fc77f817165311dae88676569676ef82d1

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
4f2621e79bf80ccece92e1a9ad816842

SHA1
3ef4dc11977ba02f1aa98a3ed37726175a6ae392

SHA256
60dceeedb8de5e72da6b109c582548578600fd45998a7c9910c696fa378b2078

SHA512
40d9bd69c9f068e17e1b6f97ae973c3a4b4f20a2f07c4e2b3fb1f387018c97dc32959e135d124c0bc7f871de75286247ba9282409e82507bdb3c9f0ed839fc01

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
d7368923564d534625a2c54b6d1c7d10

SHA1
e53fe10d4e96e8c5716745751b8bb13b49971a9c

SHA256
bd023fa493348e77ca5235dc26806fffc7d54ba76d51c7bf4640b094f2e77e35

SHA512
7bc1353d926384e7dafe72d084546c28896a6eb3c418e468549457d459b8a598304fc5823bc89b4e77f3529bd64f004d625d23d4c104d39a29e7390d322076cb

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
7df5f9a3e56773662c97ef7be6d22e86

SHA1
8eed3c71b209b5dcd5aa833108c77cb70284b724

SHA256
eb82190f3d85f34656a089710d46a82fa7a9f499cd9fc32d501611801d2d9dd4

SHA512
586ba419734abe73f983534603ac527b62fb39e98a21cacd96dc28533a242ee92fd1de136495c69300b2085daf907e7a9bbd95579d575c51c9a89c5364b1978b

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
a2b13d2d3bc47ef6b0bf8808baaf2f52

SHA1
cea953461655d28d01b4395e421f40bef7f7d490

SHA256
c4d193e088dfa337a2339d006211b6953e59718a292f5126c1299ec037f3f85a

SHA512
f8007995da87e9e046972c469eaed6c0917ca27b3c2155af7ff1395656b38fbb7ebfdd0ed64e913c248ca0af8fb6aeaa76710ad3e20e32e6c22eb8e31d1b39bb

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
118199392c9d7d93c536fb980aba403f

SHA1
e0391e1a3d66092415ef3f10e18913908541bb69

SHA256
112c961366b56cde5e125834380ef4f03492f75d27790c49b1b1877108c634fd

SHA512
6b4a76be474747255e0cc0459f223b7aeb617f50a3a911a21968cddb582dd2c8e9d8008f978fecbee1d98f01101393254a6cc8bbbab76d32f0224c621d76bcb9

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
aae09e676b35ad49583d80cfc0bfca99

SHA1
ff098349ebdf6498c67c2a774f7fa7f01db4c141

SHA256
2ec1407a44ebc2cb835d4261323b345ccb4f2010278c254de4a56e9f6eb62edb

SHA512
6f62b88a1e2a6512f3af4abcaee34efda6f4a51936ccb17473d8ac2a57c27119b868580a239c78e98a174ed6bacc80aae0b40babbedb0f6430b2ef30e073166a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
c6e0d59fee4d9209b73d8aacbc739722

SHA1
42fad5de217fa43cb91680d7493d79a7e35865ba

SHA256
70030fb44851b1300b6cf783db643506a5ae566a8635e8ebb0fa9bb337c8be8f

SHA512
8bab1604fe6901d23b4a6efd1090f5b6624e90279ad016d56b4e833faf381b3b2c475063336ce6b5eeed7bdbf1214559be8dadd74bb5257e46168e5a99488a95

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
96e69152ba97232fb95f88db0b005b8d

SHA1
45bbad7c861d039874bd6052eac589f9d9d4f9c8

SHA256
9528fc99fd61d99422275618f1ed1ab7c2cf751a19e2fff2c80871e66d198261

SHA512
281cfe0bd8966ebaef3dc117268a923cfb2dff0be34908e10ca781bbf7f4946479682450b268a523ab0190668fdeb330cf6dff471a4dc66cc6df44c692eec989

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
66fff6af5f6f42bff8d6b85d289286cd

SHA1
6b055bb2b93842e3b1ec47a9b37cae0c72205b1d

SHA256
8878335d03c8a2e163253aff6f556ae436c0a2148fff4f6b576e5f73b992afc2

SHA512
746146bc515349aa7b05642944a26a04908905bee56791535958bd7e15b2a2097fe496ee0a0d87087521de967803f26c5ad3a2f7cf3f2f3dca3effbb0922cb54

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.3MB

MD5
b2c75f1ae9faefbf878f6eb3fc146936

SHA1
ad0535e7042a30933b56046cb51d36e60dce7d6f

SHA256
84bf29339f3c1a37ef8c7f694b194699838bc3fcb799d388293031b2babbbd59

SHA512
bda2e2884e566605c597714898a238ea18a09d24de8ec5288def6f4d0e95076b5cce6fb88db15edec7d45cc100f8bacc6667aa5e526e80e0aaa7394542becbbc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
841ae4330ae14c35e05adfa596812fa7

SHA1
bff858161f971e22af3fb2df9a6e8b5c519c2b23

SHA256
754632e826108f4d3641197387434bad2b33eaba1eef868aa21eac48514b81d2

SHA512
1b3a3b68d641bf7a3ec1f9d8965a212a90574829687f59c7e15462937fbb37980a045cf042a4b62a38237f4a76d290664c89c50f41dc3edb06103a601bcaa66e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
a40bce7392c2d27d383798f6d4c826f8

SHA1
da19ce16fe600db8d23d7954802ac91fab15b14b

SHA256
ea3738d5f993138816efc7e72122996bd4ec8636405ee4e39f94b4fc48d2d6b3

SHA512
9a7dc73702e25728154f6a006862dd686e5eec603707bda35bfeeff65d210df602536f7bfc7ed87ad96038c22b37ca29f315430745f52772b4beae64aed1f37d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
99da1cc76ab10a94a7ed2fc1317acc26

SHA1
50df073fa0bad132641f4ec789c41e2084429aa8

SHA256
b992ee2e50d510baa73cdda399c3c9334115ae7884d4a3ac60f8788627a7ce66

SHA512
23917f1a8d4cdb79201655a9684ab2390a6a1b7c965324fc4b66bf08cb3b56a6b77be5a27abb53e1439de7391a8db9f84047201594bdc734fbd595370824e699

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.5MB

MD5
f7828866bf61e7b00a2099e0fb8d67b5

SHA1
6a3945ffbf9ad82a6d482f10a5ecd7cf55d1ec54

SHA256
3764e898011aaa4f8840f6aee916c107eec5120bbb211d6ffa3ab21fe217b804

SHA512
3ecc5c6645455d87f6264dde9642ebef4695822c0d9623258e5e3fbb3efb243289aac587b5465a9bafcabb341eecdde7af6897e90cdef18ba24bbc929f7d1c3d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
d6d750a88c7fe5e6ed1231f0b589906b

SHA1
656efd24575e1d7e8e510abbb7d227a0f8aef94a

SHA256
7a486188637b26ddfaa201c5ec9e9953a230a1a2c673e841a5baee30e1577e58

SHA512
31ddf7099f567cca53f9d239b823f538303d7a124ea10f9f7e484a4771bb3636a866c80a62af5b324f511f2f2157f429c96e46eb469b6b01799a71a64dc69274

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
db3c6f0fd9edf27465f3b557f46f4936

SHA1
ab069da7e93c75f62ae9b82e49326e8eb8759cb6

SHA256
0cd279b17d30158448ac7602f4b4631ca3b618ed64ff3c47be86aaf0367258de

SHA512
d1a3893098532d3c117a47c99c84f3a73e5a1b0baf4957b8e101322a0ca2adb7820e1bc0bd99cd467a14209ffcd55c84a12563ddd795f33d1a3b5f4dd9869cef

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.4MB

MD5
9c90b4afa67a41f5accd5b9901026440

SHA1
17fea208885e27fb8fb308f67f9a88745777809b

SHA256
448abc2899189d5cdbe9f1ed5f7b14cbcf30353f14e74077584c23db69d00f0d

SHA512
e875a960659412d752352f9d5f8d21b1d48010d93eed8e2e916b7ce80985078a50475300845c5377546d0eebddb60e54ffd712334471ea1fad2b0153ca7d651c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
7677170204a17be10ce5dea906a12e07

SHA1
836a4685a6f4b5ef29c5d564c7f9302d7ee8b997

SHA256
d62d206b1564fbe0dff44df1672103a085007d77ce2f56078420a7ca66f74a7f

SHA512
603a120822f82562350f1a759a81b58b93bc970d0eb5bbd68fa5eed6018b48ba6c39ee4897a48766567b8a2eb45a52e008d8fa588532f06de5d50214e82d7803

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
bac5991c1dfda5869f17f8e1474dfe9c

SHA1
e3647455cc1b86d77df73c6c3b6d85a7854edab9

SHA256
70821e32423820f24bd42f69e19c3d11d9ad99d36fc396919fb981e79ab70fed

SHA512
a7260e60999c5c184003a61fae3c809378f5b0761424300c0a23f4390ed56b49f627f25c4d17e89db9edf789731e7caa8267814514a735adac90d301e79cd7e5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.4MB

MD5
72e7dbe62342b88e5890088df07b9776

SHA1
415d9140dfad7fe3e73ef0969d057dd14ebbf05f

SHA256
55c920f310e1a344a8c2df0fd7b217c23ae4c2e4e3ff6d16485327ef97a5ae13

SHA512
0842bf77748d8cbd2da0b5f531ec4cd7230008ad61bdc7b306301493d218b6e70c7fab8f5a8cf042020b88b692ff68509691b5cfe7f15cc9cd003c84a5d11ac3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.5MB

MD5
6d835420a76767e5172f2ca89d02e944

SHA1
74c0f0793609472acbe34c469fe326aab3a2bc88

SHA256
ba5d205586903c86edfa3522df613cc77dcdb4d1bbb2da5e208e258eb916616a

SHA512
04805ffaaff42c5c85db9a5dda0fe1e4a6931ddde2528e66dff6be15d8a51caa34abf4bce93a058f6a68991212641031cf4cd42da21929463e11d4ee5f71d125

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.7MB

MD5
513cba8c174b16cccaeaa4afc28c4f17

SHA1
7838fd0ec1712115b76bd5ffacc65c87e351e3ab

SHA256
a5a767df3ec13b2ea9b789838e548e729ebe1450a7f6f7a55456f97e7319894b

SHA512
c146a0031a3e27fc1a1b6da0e3d46eb0af8df9857f6515f00290f9f5ebf1aa2b054c2fcf564382a957cdfc56e99f58a8f896089f033682ef5def260458ab5034

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
5caede91e10d8bdeab64d129fe2b53bf

SHA1
f245ff317f18f375e1b918352e495b0ce7eee35a

SHA256
1d41da77e726a9b50c0b52af8af2e3ede3ae6445c19f7eb053db2fa2cce41b95

SHA512
017ec8d43ca8be016b2692463a9c6d04f8ef77369c7bbd05905b8deda15b5d2341b2ac5da3496d17847cb103fd3c863c67838ac04c70e37f6b8fda06bda21f13

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
f22a1872064d3c234b5edc43980eaf3e

SHA1
d0824dc1cf1ff4b5278b3b487bb2b92c15bdb7e5

SHA256
b58b978a71ad092aea994b4a1793b9f3a21c2fe33e90f5306ed891137318507d

SHA512
741ef52f401b8bf16433da049e2b704728b7f67258db17532eacf75f186d1ca9cac42bb645c5a0fada9ec9acf08cacb294c4a53ddb2aa0a770ef8aa3f15b9d25

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
07f5ed60ec28647219798c43a0cca602

SHA1
f5d0882e60d4c3c5b8ff4f2f797b580bf11a4df3

SHA256
d8a330298f3a69e1b2a1ca4801ed4f19236769f2632f02b313596bdbb857bfd0

SHA512
dee6148aedbf05577c8f9b3491b34550d77f09c2bd4ae6cbaa789dfbbc496013492ad7e6304d525b1137444dec4f5e4211da4715ca1b47730ad65de81bc979a5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
d59104edc49bccdea33467bade938d5a

SHA1
49fa3a221017bcbba3a5d317cd9a35e0c5e86c43

SHA256
0e52ca8e03bdd7d3fb103e05034a1d91bbbe117da900dbd8bc3b712579d0993c

SHA512
db7415043aa89dbbcc436dac08a84edf92ced9a58937cb925927f9249ccbceaa9f69bae377a798a5968f68814da1d6f7c2e41a4b4a1313313c97d3ac1f56fcd3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
c97989e6e5209636d5213d6b8b10dd8b

SHA1
10dc0b1b42356ea4ed07b23e74130ac148017f4d

SHA256
15e582fc7709242d48ca84775fcace354b48a6571ce45a57d6134d0ec08ab628

SHA512
39347fcc0ee4caf0f964fc8dacca7e513cec34f66b9e4fb5fd3c4e273c243d3475fd8ee227232fd02a200d0e96a7356268324b05712f99f31f4f036a0265ecd5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
13c61236cfd45a36c2f992b1962f99dc

SHA1
c60a858e297b15ae9686e295b80ad3a0ac44a01e

SHA256
d28dbb02d92c9cec6c1375e01ce51862ef75dc6782e2e56789f62af41a5ec46c

SHA512
07d6c05c9e1c2a8fde64013bce582e103372f8d782b5970ec4c89e98e32deb171528b27c11a2c2eb60941558706de00dd4225f2bad297452b2f560fe623d9b9b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.2MB

MD5
92fa124c34ed70b9df6bcef980e5f42c

SHA1
4d2800a3cadfc0e572017cebfdb196659bbb0e98

SHA256
a5c3cd28f3f966fea13493d46cdc170ca18c2dfe9bb5755e1390d9a970cec99f

SHA512
6dd1bdbba458d38bac3bd43be729e63944eab2942aecb863435d219ccdcdb8898026fcd23d48e9166d0278d08d5b6a821fba745f2722cd154ff5638d2e7847a8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
1.2MB

MD5
16897ac029ad6dc380117b039a23d210

SHA1
6e0db1b33c4fd9b4f4579a70b69493f5fa88f4ee

SHA256
44109f586956f7204da2eaf6c5fc9bab8c40356c092003dd950c29e928768f18

SHA512
7e3efcfd2c7bd11ac77513d5bfa7b46e6b1ab2835726f232924740aad55e6014d21df2367834cc1ca1d5fb537c78b5ec7ad3ae1f29e989499089d49588e2d565

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
1.2MB

MD5
a605f30ff8ef981946c87f470a5d9db7

SHA1
1d4cd35a5fdac77495d299d806e254853864d8b6

SHA256
79e366181aa109efb53f91189263630cbf188455b0ae07ee902e2e8c6732754f

SHA512
647bd0634252d5750e1dce8b036e95644bef6e3421c4f80b51039b5967f88e24dff3a316bdaa611afd7c9de9ba44fbd65beeeb13c8e79747603103797a0d2c43

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
1.2MB

MD5
9cf7b0c0db4966df4950307f073bb010

SHA1
05f926cc88a5a1a91e4c940f326d6dff76971370

SHA256
74447397d467e580b70a7c7b72de7e02899d168d14127a6319b7c6876607ec62

SHA512
2292efc6fcaa553c76346c1b6e214c608510234ed2d8902c4252fc76b532bb8a2162ee0c6ae2c5a1db77f72149f6c22d9f84e9f2ffea4799d38ff637c1ad54a2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
1.2MB

MD5
652fea5b234814fd18be665c3b64d35d

SHA1
97ac72614760487e22df1c369fba8889568d7b41

SHA256
ac6a05712f36e2dc748ded55761cb201b53c53374b6cdd7160972ae68171d7bc

SHA512
425517db254b96b3dd74ac4f5394fd9bd1aef1e7df41a17e894c1415fecb90a889ea50ef76dfabb9a250132f0e9dfe7f026ee0c77f02b1c8325b6366ec7c4141

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
1.2MB

MD5
fd868bde894a2776c1dcf153285dcb68

SHA1
010bb5b63983257289b8654314f276f273ca2833

SHA256
67a5816de73fc45a0c63d896b1f9fb0d9bcb15ffccb6f9c6d755dbf1ec831549

SHA512
cf2f3bf328b9fce3759e16860dfc45c3e136a106cca701d2968032166af596c50e40092cdc7aa8805a2f8d275f10336c2399ccfd84fba156c5c1c572f7bdae87

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstat.exe

Filesize
1.2MB

MD5
9eab6d7a99a637c53afde0bf443b3757

SHA1
e9d33a2c93f194bfe111ffd9c450da68d72938b3

SHA256
ad27f10d3091155768288917d38881ab2e00618bcc3fcb6307ebfbb62016bd4e

SHA512
02dabc08528080ee6a5fdec6ac9b9f97ae080701bedc7ad9680b87e8053779b75a36a30eb889e8388829192e37f0e240301afe36780c56382d11f4ced4fdc825

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

Filesize
1.2MB

MD5
61d2185d29c00a090ca057c21fb9f25b

SHA1
18e82f04e04b216130fdf72b15ca39d43ac753ac

SHA256
6f6b1730532385c195468ac4c859e1e3e57f1a4d372ec8bfdcd71058650a3772

SHA512
8089e87cce732a35a84e2c797d208cb589c7b0e575d68077782c8cd3709b1abde9274c2de96e1bc30e058b41a7ea2372b535a8ec7d48ad4bb31e9c6c9ca4f7ae

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.4MB

MD5
367067c3e092e49010fee6e7d17c2031

SHA1
cec424a2c7c84303b56f54e7bfe45a734eba8712

SHA256
4b6d9d26d30a6114ce03cc2f7d4cd3f1ce9d1c577087a8441c0fb3b15fd702d7

SHA512
e78b29087a450542508d6b02a14d2753121abe4a5536444290c0918bf72ee1b4db30ff9b2c9f9d0c6aa9d8dfcd83e3ea556701052c812f4067d3fe547696cdea

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
f0230583272c42fa4a86ef7648a6c9a0

SHA1
9ba07029d70ae6b20b858db42ae68b212b8c28f1

SHA256
56ef652a234590a6689927ec1970ee560a4b9587ec2b105683f96620013c2014

SHA512
a055198c59f999f3e88a8d335d9f0afb9ecd79ca6c7dcca115302f2cf4118a630060ec0ecf56c87301cd6afa2520dd011a3866b968ae621e34def7d6fceb24fd

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
465eedfcb4d3746ab7f408fe2c96f933

SHA1
861663290dd4f5786ee731b9a57399ef223e41e5

SHA256
150ce3a34064e9fbdbfe0a2c4447c852a41dc525b7b144c1ede86c334063bcc4

SHA512
cde5bfa1cabd60b12d08436f148983ddd50e8231f54830cb2e8724f565cdf9a889f6938518a8e4e196938eaab32ac1e847e12665be9147dcc5a083cabff04cd2

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
c072597a9fbebde445b76427801ff4a5

SHA1
355dc5d92abf48de77892682530061c866a824fe

SHA256
db1ef593044ce2421dff9a4f4a45be4e01b7fec31b0f41940fc1ab3d00da9060

SHA512
73005bb4f9e57da2d3c698bb40962f1826db4caada4e416e3f6bd97c85128cf37b47cee745b7ef229e4365800167f8cc46380302a95dd86707472449135f5c38

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
78dd6d97ad2c2a6a4fbbd912fef9b9d8

SHA1
fe7da14e4b342aabbd3e8d768584adf2cfa9190e

SHA256
28c16d306d3950cfe28e404a4a5028b56e010a8ecb8e9717554c30bd5a6ec03e

SHA512
db9acefc9b9dff97e004e8f2b61610d1d2202c32526e7895b4255d2f6bf480af131635201ec932e2aa03a024a7972c54f3a6982cae521b202c5a79e8a91aeec1

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
dd7ef525a64d900ab4ca1c62ba018fc8

SHA1
51a0052d7f77a8a6b4f8ab959f0fe6dfeb71ad5d

SHA256
9838adaed6cc0c5af6263e1c58ec02978318ec217c93fa40e0ade93ce18798c8

SHA512
f02b9fc6188f6454dfec345574cbcaea8c348140f29e5766cf072bfae7a2be316331372aa57f6b4ee8d088b233b17161d94a52dd0ef02f6f04c538b9b25a9b2c

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
3f8409a116a013305a32b9abc42a8f71

SHA1
290002377bd0b4b6acd8f387f52c41c37ec482e3

SHA256
46ce904d9ff6d00edbe044f9bd9e8dc56c96092b34318156d998a59f1f77dada

SHA512
5b229176cdb93f417142b275b4a8004a836c9dd7f8b773a2590e9bac7d9fcc04a404e64df0c0ab485f23f362dc02b246ad2b1ed68311905723372644508eb0b3

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
a8b785516486fa915cdce20357649e0f

SHA1
0d50f114179a1a2f7f299dd749db7ed9f8f12f2e

SHA256
a365325cca93e836a50f788c523bb100a03a89dda5ade3bbf1a58eca4f140ead

SHA512
51bb462664df527c6126e2e5517d0997a7ebb39c6ded786779aa15e4a93e39c1f6d94f735c236f542a1719a713031f02aa9150fa5c0e77ccf33e42b1bf9716f3

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
acdaa46f9b2836c3a7e67fc32aede23a

SHA1
cb5f626c97aa7ae3389276a5172cc9d1c2dba76d

SHA256
91b6365c06b4d81337d6ead89bd409c8be9c2bb3528a0ef4806327233a81f434

SHA512
299f242ea04976eb4e6d22bbb17f68548d4e5c2cfa0f380252591c34a9caec001cd05df5c15e44ef77c5e3b091d0fa6df94070feb3b6d6d35011bdbee15d745b

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
2f12828f0bfdb1c69e01e5f74dc54d72

SHA1
7b8feb59c93ed5b6a6e0c8a16d8a848930dadd2e

SHA256
80a7762b0d1a59d5dc56d4c6635b7b62420ad4375c7a89989947ea7fa87ed66a

SHA512
30e8ce2af25ca7002f82901f0f0eff382a32a1f02ef3f851f46a7b2448a0ddacc3d4f054a0ddca0e9cac7327b234df27a449214af9f9dd24385968eca1a4d251

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.4MB

MD5
41646c536c2763d1652f7b5a403b760e

SHA1
2821749487491332dffebdda9651669bf551f056

SHA256
e8ad082ee1c894fd0722e6d68106ce62e3601c251b2ec37ce2a5d275ce98c122

SHA512
f8baae7916b87b197bbf653d6c506eac487b93b4d47c5048bb22af6d64a39f89c62fbc7d4e388e7a19083dccf46242508cfe561b89b237c9203917ce3c4d4087

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
ccea18aa242c0d87e368703f5c024034

SHA1
6e627b571dd8320852b0b447bfeda0b9dbf0ff80

SHA256
ef3f28b638859657803d7f412d1b66b1675d9eeecd6e86af796a361e03f41d22

SHA512
79d378b20c7c94742bd4985a024740687bdec7918820c7855f6b23e65b9fc2b1a380cac588433f1a3a829973105d477384ab481c432dee42cfe907bee1416c6f

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
2e2a83edfb9050ac5be1614723e324c1

SHA1
c5592be3a082b7465f00152c0a65a5a562505c0f

SHA256
2dde3c44f7ada25ed0b66dc3cf85413951a586f4bf678bbdb552a508ab594e41

SHA512
99a61639f282e8236405034f61a2e91fc30488b386ec67af08ffe2d3ceb6c491131491d20dc60d67ac43cec3158cc7f2837049880a6825716ea6a3d1565f4db6

Download Submit
memory/732-237-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/732-37-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/732-39-0x0000000000C60000-0x0000000000CC0000-memory.dmp

Filesize
384KB

Download
memory/732-38-0x0000000000C60000-0x0000000000CC0000-memory.dmp

Filesize
384KB

Download
memory/732-31-0x0000000000C60000-0x0000000000CC0000-memory.dmp

Filesize
384KB

Download
memory/1196-370-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1196-384-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1332-269-0x0000000140000000-0x0000000140210000-memory.dmp

Filesize
2.1MB

Download
memory/1332-372-0x0000000140000000-0x0000000140210000-memory.dmp

Filesize
2.1MB

Download
memory/1404-395-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1404-606-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1496-406-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1496-607-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1552-339-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1552-596-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1720-383-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/1720-605-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/2224-386-0x0000000140000000-0x0000000140202000-memory.dmp

Filesize
2.0MB

Download
memory/2224-290-0x0000000140000000-0x0000000140202000-memory.dmp

Filesize
2.0MB

Download
memory/2412-49-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2412-51-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2412-43-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2412-238-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2652-309-0x0000000140000000-0x00000001401EC000-memory.dmp

Filesize
1.9MB

Download
memory/2652-417-0x0000000140000000-0x00000001401EC000-memory.dmp

Filesize
1.9MB

Download
memory/2804-360-0x0000000140000000-0x0000000140239000-memory.dmp

Filesize
2.2MB

Download
memory/2804-601-0x0000000140000000-0x0000000140239000-memory.dmp

Filesize
2.2MB

Download
memory/3064-6-0x00000000022B0000-0x0000000002316000-memory.dmp

Filesize
408KB

Download
memory/3064-17-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3064-2-0x00000000022B0000-0x0000000002316000-memory.dmp

Filesize
408KB

Download
memory/3064-0-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3200-351-0x0000000140000000-0x0000000140200000-memory.dmp

Filesize
2.0MB

Download
memory/3200-254-0x0000000140000000-0x0000000140200000-memory.dmp

Filesize
2.0MB

Download
memory/3200-246-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3200-252-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3260-283-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3260-259-0x0000000000460000-0x00000000004C0000-memory.dmp

Filesize
384KB

Download
memory/3260-257-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3272-66-0x0000000140000000-0x0000000140226000-memory.dmp

Filesize
2.1MB

Download
memory/3272-54-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/3272-60-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/3272-62-0x0000000140000000-0x0000000140226000-memory.dmp

Filesize
2.1MB

Download
memory/3272-64-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/3652-76-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/3652-241-0x0000000140000000-0x0000000140226000-memory.dmp

Filesize
2.1MB

Download
memory/3652-70-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/3652-69-0x0000000140000000-0x0000000140226000-memory.dmp

Filesize
2.1MB

Download
memory/3696-236-0x0000000140000000-0x0000000140201000-memory.dmp

Filesize
2.0MB

Download
memory/3696-27-0x0000000140000000-0x0000000140201000-memory.dmp

Filesize
2.0MB

Download
memory/3696-26-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/3696-18-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/3740-397-0x0000000000400000-0x00000000005EE000-memory.dmp

Filesize
1.9MB

Download
memory/3740-299-0x0000000000400000-0x00000000005EE000-memory.dmp

Filesize
1.9MB

Download
memory/4056-600-0x0000000140000000-0x0000000140259000-memory.dmp

Filesize
2.3MB

Download
memory/4056-340-0x0000000140000000-0x0000000140259000-memory.dmp

Filesize
2.3MB

Download
memory/4196-547-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/4196-326-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/4352-429-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4352-611-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4468-418-0x0000000140000000-0x000000014021D000-memory.dmp

Filesize
2.1MB

Download
memory/4468-609-0x0000000140000000-0x000000014021D000-memory.dmp

Filesize
2.1MB

Download
memory/4560-428-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4560-599-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4560-311-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download