4eff70a58042e171350304b0518c42f3af87cebe13df1215dd34a6eb64c6c98d

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-05_2538aa309a21e8ff434bcc0178f67660_avoslocker.exe
Size

1.3MB
MD5

2538aa309a21e8ff434bcc0178f67660
SHA1

1bf8adefc71ec30d1edc83cebe083c90a9932aa0
SHA256

4eff70a58042e171350304b0518c42f3af87cebe13df1215dd34a6eb64c6c98d
SHA512

f2cf82e5f44936f01d5fb74cb7b544a5fc0e6a1a2f9b5876493bd99a77de79bba5bab34c21bef9f55f65401c6abc0b808f81d9a8093e5cba13044f14f041f3e6
SSDEEP

24576:A2zEYytjjqNSlhvpfQiIhKPtehfQ7r9qySkbgedpTNjx+mZCkt76f/24pN+XNqNl:APtjtQiIhUyQd1SkFdlf9Ckt7c20+9qT

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
4236	alg.exe
1920	elevation_service.exe
888	elevation_service.exe
4188	maintenanceservice.exe
1136	OSE.EXE
2128	DiagnosticsHub.StandardCollector.Service.exe
2216	fxssvc.exe
60	msdtc.exe
2544	PerceptionSimulationService.exe
4112	perfhost.exe
2760	locator.exe
3320	SensorDataService.exe
4808	snmptrap.exe
1300	spectrum.exe
908	ssh-agent.exe
1700	TieringEngineService.exe
3980	AgentService.exe
3224	vds.exe
1372	vssvc.exe
1376	wbengine.exe
5052	WmiApSrv.exe
1528	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\1bf28abbc8648821.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-07-05_2538aa309a21e8ff434bcc0178f67660_avoslocker.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	alg.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	elevation_service.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{14DF0EF0-439C-4CF1-9E8A-D1E954BF645B}\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000004863707703cfda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{487BA7B8-4DB0-465F-B122-C74A445A095D} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e878457703cfda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a1e1ac7603cfda01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9908 = "Wave Sound"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\acppage.dll,-6002 = "Windows Batch File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4803 = "VBScript Encoded Script File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a2a6b17603cfda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-105 = "Windows PowerShell XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000008da5d07603cfda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000004e8d397703cfda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video"	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1920	elevation_service.exe
1920	elevation_service.exe
1920	elevation_service.exe
1920	elevation_service.exe
1920	elevation_service.exe
1920	elevation_service.exe
1920	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3156	2024-07-05_2538aa309a21e8ff434bcc0178f67660_avoslocker.exe
Token: SeDebugPrivilege	4236	alg.exe
Token: SeDebugPrivilege	4236	alg.exe
Token: SeDebugPrivilege	4236	alg.exe
Token: SeTakeOwnershipPrivilege	1920	elevation_service.exe
Token: SeAuditPrivilege	2216	fxssvc.exe
Token: SeRestorePrivilege	1700	TieringEngineService.exe
Token: SeManageVolumePrivilege	1700	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	3980	AgentService.exe
Token: SeBackupPrivilege	1372	vssvc.exe
Token: SeRestorePrivilege	1372	vssvc.exe
Token: SeAuditPrivilege	1372	vssvc.exe
Token: SeBackupPrivilege	1376	wbengine.exe
Token: SeRestorePrivilege	1376	wbengine.exe
Token: SeSecurityPrivilege	1376	wbengine.exe
Token: 33	1528	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1528	SearchIndexer.exe
Token: SeDebugPrivilege	1920	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 3652	1528	SearchIndexer.exe	115
PID 1528 wrote to memory of 3652	1528	SearchIndexer.exe	115
PID 1528 wrote to memory of 4100	1528	SearchIndexer.exe	116
PID 1528 wrote to memory of 4100	1528	SearchIndexer.exe	116

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-07-05_2538aa309a21e8ff434bcc0178f67660_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-05_2538aa309a21e8ff434bcc0178f67660_avoslocker.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3156

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4236

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:888

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4188

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1136

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:2128

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2212

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2216

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:60

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2544

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4112

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2760

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3320

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4808

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1300

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4524

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1700

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3980

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3224

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1372

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1376

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:5052

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:3652
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:4100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
e01586323f583037548a785d0dd52ba7

SHA1
b5e02992d91e49f7d78dc8638ce853ede18eb9e5

SHA256
c5f4aa1db9b3aa2d884defad0ea7d857beafec2a387ce6b02bf19115670b11c5

SHA512
c583d4aa095477ce6d91befb3722a3c91a308bc2a04c08877f346e3145eb91c929385ffc870710901e02e00e6e0a859d62a3163d5545d953f9a429ab935c20cd

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
35110450f133daab1cab6419c04c1f63

SHA1
40d7d7a0a056b0bfe625c2ed5a97f9a2bafbd57c

SHA256
ea216cacbdb34ef8da33523270037aa3555b120a075bbaa6220dbd8a6f1ecdd6

SHA512
9c71c9191c600057e6356cab6bc072cf174a3d21209cea618fce45e1b6895675d0eefcb62c070d268dc60baa44ad12330a23b94a5275d95b8671878e9e9c5838

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
5ef0473a1a1c8362eb0a25faf6ed059a

SHA1
75552341f6b66d70b25b296ec0b2a3a847ffa6e6

SHA256
85ab829bcf7420e106e05c85da034eee88fd5f6e1085f84a6a4addfe6219fedf

SHA512
c2fa65afd2ef0d52d7d9e3bb2bcb0774c8fe5f6130167aa531538fd5ec592952e972b773db98e2718ebddf0b85f6853500ea1a99bac5f2da34064e40147c2889

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
e90d617890d9eae88cd2480ed911fd5e

SHA1
91c68e25c51d53a66895b6ba2d9e0f7dcc959617

SHA256
721d6f0429d0c2e62e43ec0b604716eea6958504f23ecb844191faa15e5c00fb

SHA512
5da9c7c3cd02b930d109d7c6a73e30b4c22f124c7dbc42e00ec89c5be43489b86bd503a5025367405185073d9f1c5c31f37d9b981ffe5e3be1e0b07c493148dc

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
3b23a4c3cf641210ae41e8fcd9697390

SHA1
a019734b1828303d0d966992d7a782150ae6d67d

SHA256
d51d173a6faa90f4e6dc5e13552ee200c9eb6a3be693ca78fd62b967e1f63935

SHA512
06388e357d876a1c419d3bdea5b37299b952104490f9a3ad1ce1347ebc6c9d494cbcaf2634916d6d429e17269c523eaccca6e2dad1a8a024c6221a3e9f911b3c

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
9c993d3aa279d81a597600064d21dcaf

SHA1
e6ee48b69351b7d3dfb7c7f89f8c0aafde886c43

SHA256
883de44a1ffd04db60fc2c3883a5e53e7c6e7b02b5177361646987a74bc12c99

SHA512
ebf1ae8a12c03fdd1a4df7feb9c99874c10ca34489769ef9a01472b8619b36c3a266f3e0505fad2fb0d470704e78567a7dfd16b72aeb2ba17017cbda53a71f37

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
41f5e85494921fa47ab9747cc972df5f

SHA1
50478bb3c582b82d21c4049ea77e9b0591458f8b

SHA256
ee9d8e8ff408acfe8cf6b950bdbcadbe09c77ca5109b7719baf5ff98f247e11f

SHA512
d4646f437fab0a34d5c9be0949195f20bb980ea4cf5595850d7b2a45e45ed008d894397fe952679b9d62a067990a52e407087a7a625367f96ba4ff9a7e827130

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
2be0929a1c238490ccdc611dd9a78f89

SHA1
235fd51638483e2b7429a1fb65ecce6a67ed0a57

SHA256
616cde8d0595b1be79695486d110be3b63c04d37b4eea0dcc0dc1fe401dbb3f0

SHA512
c1fe84007354dcb23e9b482132f5ffd673f85dc5b4432e8ab52376bf4ca5f59d5fdfc76652bb9032a84500f85793833ed3d7f8546b250922576c112c9a8034c4

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
1ba2cd34e64b1599bc80bd7abac63a8b

SHA1
c56f2bd604362c19399642b2b97b1431e46d37cc

SHA256
ff85a2684e76afb087d33c0f28918e62f5cbdd7bc24e6666848c4db702d09820

SHA512
339c2c31e518d03c37e6013242d48819e67d321493c005f04b6e67ab9bdcb675ccca4884af7a4db3a8fd7d4ce6c7179ef7c919731b0ed33b477f71908f3289f9

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
33989bd4263c0af267bbcdcfde54bcdf

SHA1
84cbacaeb92b5611aca5dadfe766451cb7b810cf

SHA256
bd064df71005ab6ade847016a126b9d1f162df89b84d6842b2976a4895a727a1

SHA512
6c5e5177bfcc95e9727e0c6f092e034faa5e1ebe220e6e0efc6950c991dc4a297ea7d90d9ecddee591ea6a960474a199203d06102e6a52e95fc40e205ad7ee9e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
5e91197ebbf903d89549f03c0fe40102

SHA1
45e1e350b08d79616904b20e9fa076514a51e477

SHA256
b026853d5da181367a43318ac15ae1d83ed6dc6320ba7fe2aa5eedd9576a6b37

SHA512
202e1f1249416b30881b3660d41fab99610c26ad2b3b286aee617f05cc10aba4ed7c1ac1fea97a95bba2a82ac8656c4ae544763fe7917b9900c2c8ea259c3de1

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
c239a3ff66e23979272f72aa3cb9b95e

SHA1
1874cd60ffa7360bda29f8708bfc89ccd0eda65a

SHA256
79bf19559127e266e83f36a3b23f47dee949d083e31a9d148c321662368aa140

SHA512
e3f235d416a2503ece770efa4b0590b68e06ac4c121c7349cac8ae24e2c338735e2a3d9b34f33c2e936a5ac8ede3cdb8f2aac68bf24744c20f672bd446f4e45b

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
1ee2eb89782a5400b324ad98570b9b00

SHA1
4a8d2201edd89b0a91013c5d74625e5cb2ae213e

SHA256
b44705ca532cc972a8e7a1a3a5ab021e5ba425464b33e9b8d5fae70288e8102f

SHA512
c2d5b2c6616b3b2bc4f7d0f0495065ceaf60d163c93f7485282627bcce017f810aa99dbb67c3322863602d05bcd4840f12ce414730cd3a54226b73c5ad9542ff

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
da8cbbb75f46672b63e0de69e4fbaaf7

SHA1
82befa6e71c09e89aae075274178e872764b28b4

SHA256
df9527ebc174ca4e9d3f9cd237bc273cdc4f0e580af6c088ccaf21448bf603da

SHA512
db36cd4df4dff690fb57f46687d88359b2f615b4dc4be45b2f2a6a1b6c677caa9b8152795a85974ba91e1244148f3bdfad10d65b92942fcf9b7f04be39422640

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
0c5dfeba70fe0989e93d6eeb72f8212d

SHA1
f5071358cbe829bb72cd5f6dfd9b8244d2f6d48f

SHA256
f0d2aa822a81d63abfeaaec8a0285c33e4d10cf47150b2f12dbf0bb4b23381df

SHA512
a605355840d9a34acd0b99583195faf3eebd1f765f69541a1a4dbcfb8633be8d14580a4eab91eeddac6ae2fbe9e14aeff15ea6389aa02259b0acde07b9770760

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
f70f63790739286b11bf0f5d55be7fc1

SHA1
026ecac99f68562c77e09a0f48a91f68212263fc

SHA256
9966049f84fbb40354682e34dcd54a2d6113f58f8381a7c75f39595ade311cf1

SHA512
256ca0538580e6e8e6e0f3ad2d174367b75d7899a7d3bc46da58250b17f54d031a259f50269ec7ee2d88b2fae2374ff52c24aa2c9d4df72332c7c794599b0300

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
a75a45b85f300123b6396ea5266a0d33

SHA1
e86f58ec6b2a497ceb7d066b893a1dd6a1b3ef25

SHA256
4984f64bea42e1c29cef50494b0f67007fe28bb11c1020a3e1d84f1f11584f4f

SHA512
dda4540bd1d4fe69229b781b5e9957d94385caaec2cd055099ca22549f066886a3348368d750c927ec31e47f8a63c8f4a114db68953aadcd26768c8f48076b39

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
f92f7aabf1bc278e772745bf10f34a3e

SHA1
91170c772454d8c57c8423baa1d27361fe91e7c3

SHA256
388d9f74365b96979bc74f24e80ce8ac6f14661206e27d516ce7b5ee1432a89c

SHA512
b67e7f89269ad0be172ed979f31e062f3ba7e227de1b8ea894985a5e8aa9f350110972db4ad48ce5a477b7968f180b7659edecb445838c4dd43e3d71969c7653

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
b4f79aff38663cd38f0a68e2bf64b8ba

SHA1
2a035d4a55907c9de7560ee51d997af398aca56b

SHA256
8da0b934e396bdd566c58876bfe5878048638ada3f7a8c286bd4b576132ee683

SHA512
f70dacae518a39344e76bbe976d41df30709366ba0947a79a681af0818f123266fed88efdcbe26edc893d2d64fb54286807584f62f1f37f50233e0918f373833

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
c6fa74aefa416a8d3799dc855b258b36

SHA1
b18e3fde2724c1de888d489611495bece53b7c3a

SHA256
8457ae754b5f42c691823861155f2b68c8b3e021e28feaaf991ecb34485c3d31

SHA512
dd39088bc0f8f2487d9319535725c96bcc8c098fed14a512822edaeff57b8901cc52a9c28317da52f6e64f6ecf9d62293cca06e03d07d62c3a1ad716c57022a4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
b5a06c9b5c54c50258c09fdf2481826c

SHA1
0d5a78e0fc09e7ebc0e3572cc319f7d3b88a407a

SHA256
c317ffae61c57b5f4d3a796711b8bf26fa01dea77813c11bc62e532eb3b6aac7

SHA512
35d93de27e583dde045beb247d8b0520d46dece5b7ce09b1a65da81788a3677a672a2aabe08812e4916f58b310fb45ca7e9f1117d37c6effedfc4fb086aa8ddc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
b759ebdc759cbbaba775c2ea10fb5f88

SHA1
4b264dce00ba3b33f7492acd16e99e2242b15cbe

SHA256
4b04fd1da62b60144a4b526fdbe0e6c1ac4d42a0d0eed30aac418ccf0ecb441e

SHA512
4c1dbd395b133222edfb4ec14efb511cb116a023f95d3a7f2287d1bc7a645092d8415b01dc5dfd5553b546bf28a03e78ca5466202d1549920636f35f993238dd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
208e20d812703c9530d61a6e3f388eb5

SHA1
fa3397607bc7774782d42563740b2be01de1ce7d

SHA256
f5121d2f406881ea0c264868de2b7ff4de9f983b7a5b241803d0fe6932873afe

SHA512
45b0b2276749bcea8a7688df6e15e7c1adbe4fad4c0227f5b284cda42995fbae362e257345053240d2a9bcf48c93abeae3658b1d621ae80b289bc97335650390

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
c435b697d89f5dccbbcff20e0e926464

SHA1
a44f8fd7e62c7cc5a7428628ca4cee6164983710

SHA256
4657d63ff950a469678a518fc5b896cf66a9bef0aba5730b7291b37645140ea9

SHA512
9c8b52b5214c5a6054ef9d549a8a640e4b48a65d0fca8037591e429a1a6416f144b40eec2340264646c889ae328eb0c4031c593cf5ac1ca391be646c9e09bb2f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
b3cafe437d39458d081107e5c79a7006

SHA1
3383fad8ef4a80ba4e9d6b5a77cb9b54a3a9e9db

SHA256
c72a90d0bccbab9739aae31249485a675239b3bb95baee68766277463c8b8aab

SHA512
0b407fd11cb13d5fb10f2dfc20e8179bc65d8b4f3c6993a73d2beb1c2577babb041fb98cd8786edb315d607a768ab43090d6e49704d9cc3ebf8b8b17d2384015

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
fcc8c351751eff23167f67660eb854de

SHA1
172eb3885bcd833ddb85d34ca9c4232d3bb5e000

SHA256
654215e835295507a1ef54df3aa39edca4f05870f674419c2744f0ea33eb25f0

SHA512
df396a7c3603c38a15e978161fb938ac84e34ecae9535a27d0582edd1d77e3fffdb95ba383dc7631ccb96564c5a96c8d5d6081c691fd9bb987015ebd0a688f18

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
eff6afb34bdfb88da79af50b18bece8a

SHA1
03c84159e2d0402454fd539f807f27276c483d93

SHA256
f38639e788150062ce4e067d1c92260fa9fd4797f835dce72849fec8176dfae9

SHA512
c3d3d8468030496a6d9f872cc3be954dc0641cc36ace370a44e9c02cf1fbdecdfa5b43d8f2ddf1964fde44309cc268e418041cd29974aaecbdc400692f00295b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
6e0590f67db40d62526b623d7fcfe286

SHA1
725da625d614e07f72c06189ee4df6b61f21448b

SHA256
e053aa7882e95a1d129ede719696ee24b87b93628b9929f7d80318722bba8a63

SHA512
c328e8f3ff2e20dafe03123d1c108d6471f40ae2d42e40cb0d53b79c699351edaa2191e7352f1df39d0d0bdd0835826712de4797816b139e259a06cda23da3b2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
780c0e23465c3b058b919b790c6c26d5

SHA1
b70097bf06fbe325459629655a5e33e69c398f0a

SHA256
97a5af529033fbfcaa7130a358f35fbb6ff38035cfd3fbb6e62a058e8f2f6f61

SHA512
75ec7b34ec3b9712545b657783761bfe2b4903070713dfaba16ef4a39d2108f6336f6f5e03b6e740dcc6d34016ac612f3f45f4c9625e0dba4610fcf97e3a8f3a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
f41ec968ab5dabf7fc502aad08aebaff

SHA1
a822c3fcd103def193ae779ece35d09a4ccc3429

SHA256
9aacebb71308468f2943c15c016204ea6aa9e1495dc213057aa0f9dac0a6c0cb

SHA512
256aa65661ff5074e485786ab3de3d89636a1c722a5b3daa20f216286e1aa3da21c3a64acbcfd3e60d2d02e028938787d8de7aecc5c3f8c81bba6c0b6d269a9a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
027996d52fa78fe9367580a612f86a24

SHA1
3b00bb3d3959340f4eaa705453b6127bc7d56914

SHA256
ab0d86916e77fa9ffe03e358f38ea1a710dfafeb968cc0888e675712a6f204dd

SHA512
7e63c857260d02ade9410404286866cd3076d28714ce8b71dbdc828408242943e3022db44fe7e6f9ba93ee89fc00d0b72f9b849f9c9e95ccda3524fa880b3bb0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
b268baafe4f22313e3f62796ca6d8cf9

SHA1
304c52015e2d717c1b0e826c60a0ca149c98d3fe

SHA256
c40a99ad09c7fc8b98cbe9a0464397ecb1eb66de0fa61c37df612b0aa8946207

SHA512
642c64c4fc907cda75b357f2852084d5f0fe9a5fa920548893b4c9d2a3957d9e928e2ff9d8c978c0cd04fb8c53c705947cf9f3b5a738750d8feaa458fb27ba38

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
2983907ae10ceaa8eb8ab2ddc04b89bb

SHA1
18b2e0b46c7ed990e235a43af7b33df421ae118c

SHA256
e73b71f7400ad1f14420107c1fabbee9e96a7dc4bee9edc2a7b43e47fb1a27a0

SHA512
3ac82206edb07de99267d6d847a6f22a2d08a5853d1ae063b88be74bb4848a7085aeb1b02675c860786a17f78aee1bdb1a96aa50d54e69351917036633844aa1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
2f6f5cc99102a3146a171a3ecad61627

SHA1
098f21ffd6c5f896a6dbe1f522613125eb7b27b8

SHA256
6063ef725c112b7820d726c8aebdbe2809b76f08ca9aeda3f9aa671b8987b4ae

SHA512
9b56316e9b04e7ab84651cf884d34c6e9c243e3b38a2d81b5fd63ea5ffac7d54317cb925ce907797e1bacc858f3b4139d5471eb87ff398a5c94dcee887fc5efb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
bdbaca554812f349b615ec8514d50ffe

SHA1
a6977e6241bd22847e0e102f287f8d923bcf48fa

SHA256
27c7c9a4848758608bc8632a4e28e620f6dcbee13d3719424e4705ce655c953e

SHA512
b582f0f7d02bcbb3692d1c8f9255642c9b9087944ae0277596ecf5b045c3518cf7ac9f4a842b03a2f4e8ae00476d13ba0cae00f198cac9584930fdbb4199f29f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
8384798ceae13f428d69aa52c5e4c26b

SHA1
37ed1c173178829977b092863ec41abf21513d6e

SHA256
3ac62620caa243d98fadad6cb2df1aae13b076f4d068f2d70552cd6b3d2cf39b

SHA512
c1957a4b6e0a976d8cabd8962c5a229cd818e351b61e0adf1efe4396ffb43a4281501b47a90286dcb26424efa2948aeda10279af5b505971057aecc7c8882b37

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
dbe83d1bc10882a86e342d9df5d70bf6

SHA1
d29f7cfa7ba2654fc19c8ad6aec7b5575c0c9618

SHA256
2e7dfeff4782ee593a4b084d0b60c5fa6dbfe24fbb8c3c12a861684f029e2b58

SHA512
c7ad6a85bdd2e0789642ee509a73b7637e28addfaea945470076fe36a64897dfc90ca2d6a52a45e6f933e2c98b52973a74c28b394f7163429af66141b046d55d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
d714af4afc4b2dbee5cff15e2e55bacb

SHA1
33ed61997b0d98f25836ed1e6af342937116fd09

SHA256
3c1d778d99ea52860ae612a95fab009201f127c3a38e1519b58877195cd43408

SHA512
e48766634192284d239786272c7aadb271b7ec5b57b87207ad825d71c155d9ba6e5070476325ac2953defffa9b0975acabf1d0c2b9f27f96769713566cda3ba9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
b16ce42439ed95d5a8e8711ce1eda3a8

SHA1
5d9c0bc69bd96092c5f024078440a353cca9417b

SHA256
6ede467c5d6a7f0c653c6d7ef0941a56012d6e1a566d9dfc99a4990f42da5d21

SHA512
9a89c6834020d5897567b4a85a3569fb9b04651ff828acbc083fcf6c09ce03b697ae5624359f691e1f4962201c7013f15d121b4ab909c39a90dfafafba4c3d3d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
3b758edc65cb83e68ae4c1cb74a651d1

SHA1
62be1a8e049ab6c81b3232cfc0630b74d292a3de

SHA256
fc7e4e8161e3da57115d2a617c928dd8d0df49b85252a41bc6dfcca0b687fae9

SHA512
920d957e7a242d19093da0daec8c52d53f3d8051d2af581db8caa80a28db70389ecbbf0836471e57b4acc2bdd3f21f5c4178d7868c0772908f1755b5f3aa45d4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
74b6a7544350328085bc405de5c0fc73

SHA1
8f4f871a52b3563440feba8caf6d53414c44e6a4

SHA256
e4912562130bd044e4605e2a01dbb45fc5d14ef7f0bdb50ea94149a986bc1aa0

SHA512
88d580c3161324307b99f83d252a1c63656c44b311de613e76a2b6f55bec7a4ba7e9eed1910c5e81bc9b01f3f1b1976c6f7ec58ff9dd93d12e846efd2c6081d5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
8beb89ec16f3e23f9f81407722324b23

SHA1
e64d0a5ec1a627701c114c6cb8e75c80892a66cc

SHA256
86ff8667557bf71e3e1f5c2d5d7e4c22c14209e8e60c88849d6d4a4f38f22656

SHA512
4af3ae5cc4d272daf057ec077bc0a73cc0feab6d8242d9ca95ec80f1702153b8a636cd45836a66bc3a0731b6d153e54a6496db6c0a2451d743e479d9f3b4ae9f

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
6e65b4a1a111642aed75b925b3960b55

SHA1
809cc6e89eac308b1adf3403b9ac35b04dbc33d2

SHA256
b203f0a388c3c694d1538ec50ff68766b91c4a82d9bf8b993b9a4b598cb9c555

SHA512
1471ea41812fd5b970fb3aacdae4310ed60c451c3ab0274ff729f65bc78b1c415b5cd6f910a15be5aaf935cf86251fc60050e48ed3c4d7c296d70dc8bcc452e9

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
057d3515cac3f10da45c14e06dd87584

SHA1
7a728790edadd7e7e78c0f8a66629b1637643ed9

SHA256
0f2a8961ccb64511cbdd6ef6477c3470ea09416780a2b9f7bb8505394a80ce14

SHA512
84bf94eca2dde918096679d6668b96193b97f980e3e9b7944cacf00f9a84198d74c2f7039905e54c2f9e46d9a1bd3dccd64f5e3cc7e43c9b5420caf62bec1653

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
edae22dad1d1ee97dab51d5b372985a0

SHA1
ccb0b9e01760dd908653f75b339eed5df96eedeb

SHA256
4abdfe6afc342f379781f231a6138fefe64e24f6e60c6532098e6821b0d45081

SHA512
97dda24f6b9cbb9624e2cfe0df600c2a3d4f3c6ee479eb77262124718fd08df784b729c887d9ea846364930fc4377065a5e6484f91e1a509894714fe4847c60d

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
0873af3e065ac3de7d6dee874e4a0d57

SHA1
1c1148d90ec465bac854de09135317b3a1434b86

SHA256
92ee704d92de43d6efeeca7d3c61e0230debb08139b7736ebe5a6f6cc482d540

SHA512
7768c252246153b4a544238b9b0b77b1ea1a7c0d3b0be10e93c0f90398a0d6f0a82b9bf2403be1f8940bfecb7c6422854b49fef9d4491ff608e3280ca3be148f

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
2d9ee4dbe6e1417ff12ba6698f46fc23

SHA1
e868a5557ec9101bb18ad67a9dd005380b097a57

SHA256
30fbb18a516d1b7151afeb354f966ffccd4d05ea74effeea1df8e4ad899a378c

SHA512
0305fc99e6c09c7d68c6d26de85574c94aad5a12fc175eb94b8865d91661470081a60b62064cb70fab5308a23133d8d82af1a0628610e23c5a35e5ddac088057

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
f4edd1c78c2a445c9d38a0320a69b227

SHA1
2c884bd16c16e5e8810741cf75db2bf41b104229

SHA256
7764113a681e54e247a02ab60635b90a510d7128aeafc55a3240bc37f2e83662

SHA512
29c0afb006b7233d5eb852c5a7349e4c6e8d21077f307d6348f205f266300b02426069ea38b600e6058c4d357af613f32506cb96aaa225491c024b055ef4f931

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
50a3348fe63a02cc727e826e15959f5b

SHA1
d9e63755150a921a19a04ed8adbe10a3d0f7a470

SHA256
80bff5048549ff2a9d2bf567f44efa63eaea9fd008ddb7d18b1b09cf0e8887fe

SHA512
21f220509af80b9e438dabfdb77bad7dc27d2fd609433f7e86ed4e846700330bda934860bfe3c96a0565c73b4ec9bd1c7df3491d6b8bb8c35f26ab3b2e13a256

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
b13651527e530b090c7871e5a50182fd

SHA1
bbb13d3a94bfa69a6a68a3ee58131d404270eb06

SHA256
47ff15d174a5864594c2c81a2dc9714ecd6a3ef4e09907ea6b463337ee8ccd49

SHA512
343b2c6deb85f4de0664c08c29af6fb7896502320bd48e99c29ba4f9cbc5e73dca7af810bae5a9d4833b512cfd1c0e3721ee34d856056de7e207606aed0a12e2

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
29430689e8f6443c0fe4ba89bc5c1792

SHA1
05cbeb2fad1af39a85f7fa49d02654f53edcc459

SHA256
ddf78b923ff03db184dfeded531bfd501ad2c5847b5b8918342eeccb398d1237

SHA512
6248b20884d739a72a4d1ec8bfd87d8b5ddfafbd86cc47cb2326c72a079d522dc1c6ec568ab68b5f4249f79fb0266d6865289bb36a5ddc867ad4a04154625d1e

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
8948abe55401fe0e693c116dc6e06d47

SHA1
fa2c339ead8fbc32f16faa0776544a14f89c76f4

SHA256
8196c3eb9218a0d23382a4a0cbf1e0e6ee9b64a6ab816b1b693edce12f96baa3

SHA512
dae030a06a099e870f1124c52f7706e024415063c483d5bdb94ef3ccb4772e1e7bc74404787b9b55624e6bb349f3efd17906c11603892e9c12656f00e79c5784

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
3866f9045887c191f62a38a31ade42be

SHA1
c0f3e7cf9a11df011db7616e11870e095a6f833f

SHA256
5d437a83b1ab2ef03410c895ef525634bfab3d8a84fffbf370e3bbae4d65ed76

SHA512
98c5040c0e2fe924a78e673fc0fe0f1191850315d3676a27036b8c9e1eb1e32e2a360eb939b1cf4ea139c835efd2c13570afc577711e814ac15cc8e9a23df784

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
3c8794eff007f9075e6c7cccd4164806

SHA1
94004c0f2e4050c2b22aea93d2d8e436487eacdb

SHA256
2c7ed343234d8a67c745ce00efdd09e0f1c5054a90937caac82a05bf5db85fd4

SHA512
6562229de025dcd48a5fb80127b37decad639a98cbd8cc3599f705a8ff2a01a527cffe9e6e8a13c8c51f19308838d5bc16a33f0962d0b208188632b289c6eea2

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
bc1e5b72c5678c8d7a78493b33260cef

SHA1
06402ea708adf8714baf63552c09416a1290036b

SHA256
d1f43dabc984a55cd817ce4ae89bc96ba3a4d24c81efcf7b69079a3c18f3c070

SHA512
dd44399096daf93dab7929bf054559c94332c3e567a9f8432134c2ad777fc41f8c5b56d7fc064d7ee47f47b104d9072ddf3ec29663ca030d645617d8aded9017

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
b1d99ef2624f2dc7a596eb0e33518910

SHA1
fde23e319c67ab8b7a08e419bf5d26335db48a48

SHA256
bd2a3bfa0c6a5934e2f6da9927138ab87bdb23598abf539575a8a6f54ecffae1

SHA512
1bbed5771cd95f39228913d32bc8889beb902851919cede89fb70096cf24ad61b65e304548f9dbacb34a41ca95f0b0dd99a14446885e8ca5d0971b46790d27e2

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
f0c089f980887a75547a418eccf4015e

SHA1
5f8beace20613a83f1a39ddea07c2786e64a858c

SHA256
bb016c64545358d065ccf6cc32ac08663d8dfcd1852816b0454c2cd36f244df1

SHA512
17af14e2cdf6b97ca7c6a160fe6c1878c4ccf3650935faffa473b9853cecc477bdcd2d0720c8218f5ce5355761fc007e20971bdd85f1deb4a1bf01f5a88d31f0

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
d0f4184d91df0ca0ef0d1c8dba6fdf8c

SHA1
97acc80a01a259d9e07df7e2f2ce29403fac30d0

SHA256
d1ea198b5384987deacd46b2f9e9a17b186aa4f2a31dc98d62e32af69c83fdea

SHA512
97483a4fdc221ff07b30ffd672b731f433c305d866f489f7a708e9d98337d0916a249cd2334d7d1b2f1142e45298908fa3261b3912d76122dbc8d45c2bfc103f

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
3e12bbe36d71db2a38e7af81d85d3035

SHA1
88df285f84446ba49fb99492a0ae56f1c03d3d04

SHA256
d4123dbd99882d49dcb2c2348763e205a8568115add2ee32e019b1131ac22197

SHA512
7cf7c2bf548f114c3daee0013e0bdee1e7432db1a2cf47441a1b18d4faea1671ae92921e122a7cf1e8797c735d01e389d331ae9c33f13c5aca7305bd1799126d

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
91d5a2d5676ba3ff2f5d168502ab92ca

SHA1
0171ae60f016e71ddcf4b080f4d9aa1597cd50af

SHA256
a4a919373881ef7620cc20037dfc5738c06f2f08051913dacfc1b389fb7b76b7

SHA512
76661b6117cc9152d07df7df5a55fb05c66731a2742da998ad1ec875a675dea45828a914ad6a3d1ae5edf73c28ea7c22943d1c3bca306513e6721a804db83ce9

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
e6948d5dbc109d6b45be82cf15a8e967

SHA1
9497a66f61150a337c2f567f8f9467a9963972f1

SHA256
aafcd8e49691012a216ce732e8c0f988d151b62e9c86c8a74e372b03973b5041

SHA512
2c6a949a57445fc268e9191437b9bf2c51601fbbe9b5412724a21140ffafad16fede2a9e7258d04c20003d9485af309e2136778d9dfa229165312b9a6cef32d9

Download Submit
memory/60-386-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/60-273-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/888-44-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/888-53-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/888-240-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/888-52-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/908-611-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/908-349-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/1136-77-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/1136-243-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1136-79-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1136-71-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/1300-607-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1300-337-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1372-616-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1372-399-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1376-411-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1376-617-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1528-442-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1528-620-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1700-612-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/1700-369-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/1920-239-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/1920-32-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/1920-40-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/1920-41-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/2128-248-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2128-249-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/2128-360-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2128-255-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/2216-274-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2216-259-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2216-260-0x0000000000D60000-0x0000000000DC0000-memory.dmp

Filesize
384KB

Download
memory/2544-286-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2544-398-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2760-422-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2760-311-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/3156-0-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3156-1-0x00000000022C0000-0x0000000002327000-memory.dmp

Filesize
412KB

Download
memory/3156-31-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3156-8-0x00000000022C0000-0x0000000002327000-memory.dmp

Filesize
412KB

Download
memory/3224-387-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3224-615-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3320-441-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3320-320-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3320-610-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3980-372-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3980-384-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4112-300-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4112-410-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4188-69-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4188-56-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4188-62-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4188-66-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4188-64-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4236-238-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4236-16-0x0000000000740000-0x00000000007A0000-memory.dmp

Filesize
384KB

Download
memory/4236-25-0x0000000000740000-0x00000000007A0000-memory.dmp

Filesize
384KB

Download
memory/4236-24-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4808-558-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4808-326-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/5052-423-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/5052-618-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download