0bfa6737a8a65403ece6d05753106e352d8ad1108dc2da41f2f03e8060ae4cc5

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 17:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-07-09_71e4657965c43211fc9d34eed56af11c_avoslocker.exe
Size

1.3MB
MD5

71e4657965c43211fc9d34eed56af11c
SHA1

dc69bc7aa703db12d90dc6c79827bd3378725194
SHA256

0bfa6737a8a65403ece6d05753106e352d8ad1108dc2da41f2f03e8060ae4cc5
SHA512

cc935aa49a6a5c45aea2b9122332611fb95ca849dbd0587a2223eeaa9f95278112aabf1ed3c2f5254a8949fde4f02237bac93e87d8c2a4a75fe525cd1f8ea94e
SSDEEP

24576:K2zEYytjjqNSlhvpfQiIhKPtehfQ7r9qySkbgedGZiUJXca/VQBIe2dhi8OP3YGv:KPtjtQiIhUyQd1SkFdG9TQHj3D

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
1584	alg.exe
2824	elevation_service.exe
1580	elevation_service.exe
3352	maintenanceservice.exe
3108	OSE.EXE
1552	DiagnosticsHub.StandardCollector.Service.exe
2540	fxssvc.exe
4900	msdtc.exe
2708	PerceptionSimulationService.exe
3324	perfhost.exe
1664	locator.exe
4992	SensorDataService.exe
3112	snmptrap.exe
3744	spectrum.exe
2788	ssh-agent.exe
3888	TieringEngineService.exe
3564	AgentService.exe
3316	vds.exe
2076	vssvc.exe
3412	wbengine.exe
2808	WmiApSrv.exe
4848	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	2024-07-09_71e4657965c43211fc9d34eed56af11c_avoslocker.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-07-09_71e4657965c43211fc9d34eed56af11c_avoslocker.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\e13754886c5b9070.bin	alg.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	elevation_service.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	alg.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpnetwk.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000066249cf921d2da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9923 = "Windows Media playlist"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000004cef24f921d2da01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000067afa5f921d2da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine"	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000009a651bf921d2da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000009d4acf921d2da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration"	SearchIndexer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000088b167f921d2da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b5d68df921d2da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21825 = "3D Objects"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2824	elevation_service.exe
2824	elevation_service.exe
2824	elevation_service.exe
2824	elevation_service.exe
2824	elevation_service.exe
2824	elevation_service.exe
2824	elevation_service.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3756	2024-07-09_71e4657965c43211fc9d34eed56af11c_avoslocker.exe
Token: SeDebugPrivilege	1584	alg.exe
Token: SeDebugPrivilege	1584	alg.exe
Token: SeDebugPrivilege	1584	alg.exe
Token: SeTakeOwnershipPrivilege	2824	elevation_service.exe
Token: SeAuditPrivilege	2540	fxssvc.exe
Token: SeRestorePrivilege	3888	TieringEngineService.exe
Token: SeManageVolumePrivilege	3888	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	3564	AgentService.exe
Token: SeBackupPrivilege	2076	vssvc.exe
Token: SeRestorePrivilege	2076	vssvc.exe
Token: SeAuditPrivilege	2076	vssvc.exe
Token: SeBackupPrivilege	3412	wbengine.exe
Token: SeRestorePrivilege	3412	wbengine.exe
Token: SeSecurityPrivilege	3412	wbengine.exe
Token: 33	4848	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4848	SearchIndexer.exe
Token: SeDebugPrivilege	2824	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 3436	4848	SearchIndexer.exe	107
PID 4848 wrote to memory of 3436	4848	SearchIndexer.exe	107
PID 4848 wrote to memory of 3996	4848	SearchIndexer.exe	108
PID 4848 wrote to memory of 3996	4848	SearchIndexer.exe	108

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-07-09_71e4657965c43211fc9d34eed56af11c_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-09_71e4657965c43211fc9d34eed56af11c_avoslocker.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3756

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1584

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1580

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3352

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3108

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:1552

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3440

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2540

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4900

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2708

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3324

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1664

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4992

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3112

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3744

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4560

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3888

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3564

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3316

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2076

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3412

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:2808

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:3436
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
540e02f5c46f27728b223b18dafa0c0d

SHA1
c91ca4d8452047209b85d30f34ec555a0a792faa

SHA256
d0d7733707b9cc037fe3be2edce3b91d87b24936db4d6b06f5cc120a363a8844

SHA512
7779db7800a827349ed5df504853e51684951c3904ef2b613579e00412aac3b6e9d02ae582aef68903021f8283510d082f3ceb8d970ffa3961ad9159934a4080

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
789KB

MD5
a71977de95e601a0b8fdd7bb2a21b0c8

SHA1
c1a61241e91bd000aca712900300a849acfa5582

SHA256
141e754a4b668fa9e8afcafe4d08b74f075d265959df4e8e5a10756d95aec240

SHA512
81f59c6cd31b6160d8495956ae0fa686177bd491e7633fb46786021c7b0d272db63aa2cf385370b601cf81388374ae9aa7ca60d8935460e0e648e549ef8a90f6

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
4f4b544797c83b2fb80d296dca2ae412

SHA1
8cb3e0e68e293166fab338fc39dd974f3c78dfd0

SHA256
a0601ef127701a0e7317b8fe48d54034b49f7a6634b85c8a79ec73917b89f6f0

SHA512
6a75463475d21337be6f5e7b16e059a4b6101a762d7a1bd125a5a9b9929f705bb0fff9d763f457ae522e4c4c7acddba01e8126410e9f58ba8283e34c9b1c4591

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
0a41b682fecd80fa62b4f5471c2696e0

SHA1
1e05b6e034b6905fa8e52d09145d1bc2bb3bc493

SHA256
2b8b33e40fc266d09729ef772958183bed25ec4d3122a1ef4ee24550b7537e91

SHA512
c838a8892b348ce5ae8a3aeca6461f14ea4e4199c36f66bfae80ccfb72123af0e606b9d6a0a0e54cbe382bc6fbb70926c666f1fc4ad36a937f6a2f4213bc7c6f

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
d4c5b24d5a43fdc288e5cf0739dc0e78

SHA1
f6ad72b178775ba6a933fdaad0586315cf71b33c

SHA256
f6c8098929beb9ccf8c3241613228656c61b126fcd7fea066b7932badc8b0dea

SHA512
b3ec12e4649713c5f9a6ece0e307bd0d89f65af7bddd5c17fc0aa1002a8594993c520c805c1cc25a66b15634ce91aae1e573b443eef265ff1558ec8303ea335e

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
b7cab20623ef8e314f9dfe60290223af

SHA1
cb22b02aae6915496a6a7394ac162e3d53e50ca5

SHA256
e8e1e65862e63df95707da2a072f9b8d44f6f2c689bb8fe7cc904dd2d7128a5f

SHA512
b3ea7cf664fc88e05d87ca82b6ac77f90c8233fdd694ab89703740351126f4f1a75eb32165689b7364658b4faf216c5f2aeda7d2318df83cbb11201bc90f3d5c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
467a22db0cf8a294d7130cce34cb6d95

SHA1
a84e384197df00aaec1f027173371d2424169918

SHA256
63ad3620182a2b48c8bd350190a7ebb3197e2496eaee2b8dd9ef912f05a863a2

SHA512
73fd0064b0362ce422d5827a89b67ab36195c0740c38788ab9461c2930a4662c265ddb58b8a5abfbfac756f61e6a5a4dd774ffc672969238115a36ae82c2a1d9

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
a44d120277b416e40def6e5e01686fcc

SHA1
ead8a5a15cf0898aacdf349fdd44bdb4d3587a4b

SHA256
968c762405334ba44067d2958c2f20fc9f2ff916de1d672149688295bfe83766

SHA512
cde7e363802ab7eda520b454460576af8b73e09be80f99050bca310b579ac558ae264ef93977fe982ab8b9fe470af7b18e5b89f3ee5f4bc45c6e58bc0c73e2a0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
15c2169f3785a1030f8cffb750ff361e

SHA1
46be4a6890afb9622358df58680f019da90f527d

SHA256
84b69a173f2f194f91f2aab5fb84f10b19e57c41daeaf4736f7a8935949ee874

SHA512
3e7a064098fac371ae569760c4cb7a1b8a3545d75867108432d4842908eac608ea8c8be44aea9f9665151256cbe2551492fdf2759445f2b7835a34ff38f32eff

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
19a5a62743af6ee8ebef9827cfe47bc6

SHA1
68d1626a4ceecd1776bcfc8a96e90ed9f0b5edb6

SHA256
519deeadbf999a54f8d9b6e35509d694e45baef9eb7ed7add6806ed6d4f3a78f

SHA512
f3eecccbc0ab340de7758f0abaab553b1697118b425532e70cd6b219648cfd947106697f807fbe6bab13ea0c7baa1513b170cb523dc342e4c655d3c9dbcab14c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
fefd7ce469946572fdda30491fd4d59f

SHA1
5787c53823d5371fb19cb4cc40f50a185bebd9bd

SHA256
8ce406dd835529d3dfc2ef0fed37e39e387085f571ff3b42e7328f4d436e8cd5

SHA512
1d1d5f51b0ee428b4e92d34fc2996ddba36a741c82399a8a6aad4fcfcb12a8ec69e389c873330533ef5c59392045370b3d8db3df927e4e3b750d1deb0e9eaf67

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
23d41614eb9f5e495cb94895fa862516

SHA1
cd7ef855711fc8d37c278121facc056a20f27dac

SHA256
fd5827e8a8fc51a0769a6f20f4babc98fe4de2b6fc57de29c2a8c4cee6777495

SHA512
312cde4afb2fa00ad11d913da39939b1f36acd46e5bccd816ff421e0a65115622343243ec71747460c53ec73541a47ca44da7f3b4e119bbb58366fc8cb47c9fa

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
eeee0e841668df56e9828cfc67e1f8b7

SHA1
0c9693665e8a5ee15b4568dfb3ea48476fe30753

SHA256
32e974915e9fc188936dbb53829386fc5746ed7dae45766924efe2c402750149

SHA512
3da8248b3a74a4aaad0712d7c6dbacf2351e0a9e450c370a5cfa4bb110be35d23187bf4aec4ae2bba8611039914b64f49170c54d1ad85288e24b75986109e977

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
6bf65c247f304fcebadfadba316dfe79

SHA1
d6c8cf35c63e5683bb64ca6ae9cc9d3cec4190b5

SHA256
f638f9b34ccbe530e746bcd07a120f01418801d6817005dbd6499e5630fb3b17

SHA512
c33b5e7ea975250003e33c16ec68e95e6c8472128eb186d0656387420bdb0cf82ab0d5a6b9f0444da9b82fec03f42b18acd4ffc38eb5e5d0516a5e3b12796777

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe

Filesize
4.6MB

MD5
1fd1876317f4fa9ada0cd942788c8967

SHA1
8ac982ae77d97264d73c6b3886ce95613ba5fc93

SHA256
e550dc04ee4712b5d55248ceb8f23b623f28363294eba0e1c6a567c4e851ade8

SHA512
bde7190649a696b5cb63c07e545978c3d06337050f928df40155669108e2d37107a3fac2ee1a9ca252cdd60e9d0338c584432db14895559a97d673c5ab56282c

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe

Filesize
4.6MB

MD5
ce611f4f5367c1d7c17aeed11b33f740

SHA1
f6dd89c1c689b03da46623d5e1dc3f4cbc3c0b2c

SHA256
5f28ad377f488a1a3850891da555da10962c06c24b19e3f23d1434c1ec4fb88f

SHA512
3f2a1c4b1581339d580e05e59174113c051a6aa98ad0151c0f05c9d1bde84c23778722d69a4e980fd870657420e2c4b0a374c464e5d40fa03f9a2452c68ae532

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe

Filesize
1.9MB

MD5
59118cbf023f682983437b91aec75989

SHA1
ac4c205ee5f15d36bb9e8936ffae0c5febe2b786

SHA256
41f4d21ab206b372adfe981b77e4595461f69d61b5ba0da286c08377dff5f175

SHA512
9a68e9ebabf02bbf76328a4c3c9e6c980bbeacd176827b76d63b08e7704b65aefd9cef1b563c15ee1c0d09ac5cd11f59e6148a176ef7a2cc285e843472d98af4

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

Filesize
2.1MB

MD5
7ebac9e0c1006375ae15fc8178a5d0c5

SHA1
b500ded42b9835d9f4e146738d70e0ef7d5b8d21

SHA256
3356da73b88b5f061260ce849b0b2f379081dd1fbdfef1cbf89a6e2cbd634cf9

SHA512
62fae63faa378f1f653c80fe1822a6d2365247c09c4a5550b8d108e147172e2f7694edac5b27cfe9cdc0c735d1f816a14cfc6abba6cf8e5d13ddaf6b90041265

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe

Filesize
1.8MB

MD5
1a5cce039e2c8633c5cca4dc92383d44

SHA1
ca5760759d435d158740c98af87bb221425e598f

SHA256
68f5dab969c8b9c350bb43f823fb2eb6c05bf22b905bc928b7b0bbb0b4d0391e

SHA512
ba40a6fd941cc2ac4388490e509850395a510ca5845d80c266590b50d1baddf806cbe43d14cd480122f9a6bc12fc3339cd50ffcd0792c840532083807940e0c6

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.6MB

MD5
f15ed00f83a84859e4470b2397fedbb3

SHA1
b11f3cfb80cb677c4cfaca356c16edefa595ed0f

SHA256
cd5dd7d966d0b8d6ed391627744e739690328120f2857a0beb612b23a73c60c9

SHA512
8bdb402dbcd0730850462ba7c9bce7304a62715ae0ae08da9a76b6dcee07452bc862d53100a10dc3ec5825150c760a10fab2939c3927ec3d670e378747ed93b7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
c0d2f3f39e63968197d3d5c4038af997

SHA1
cff03e9b77958bfa2e6bcdb541cc35dd21a13c77

SHA256
0da9d2a40781a2ef81886ae96cecb34b6f3318b7f737a37dfca5ec20cbc9ff35

SHA512
3bac076babef319738b0989ef20031d76afe3e7d83ffe221753d69b09b4d3e5300f00d63289569981cff45a7645a803aac459641fb8407f18da4dbdd54e94f15

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
fb030b98e220eb104cba6797bec727fd

SHA1
09f8948b311293c88437f3a0cb84bedb7e9306b4

SHA256
b806502ec93f5f64b6db3af86c02559cc2f3ea30758ba873c397f573158514a8

SHA512
ed3a1415ca57178accfe17ba4ba2e0152c90ed32f854c30fd1f929d8a38a4c90c8654b786b01b7e7bc86d714b5042a33d73b63f0385c361f3e14dd13707945b7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
2dbe1dd8cf6f6e9f27aae2935fa32b1c

SHA1
2464f24e569b6771a0cfd9e332dd0d7d0224801a

SHA256
f1e46d30a30e3a5b93e1eb94d055c7fb0039481fb3db82b3d913e129d8028c7a

SHA512
f703329a62492a27057c8566a6374c88f16a07f3d33d7fcbee02ae3cc64e1ed601d9a9841852ed42d7a25cccf162507c2dc1b7a50f569cfa5b18ba9f8c4b5ab6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
e23b0d09c76bc4272509503be3ff5937

SHA1
b605df1e3165b24a5c9fae3c95df2cc7c8b02a5b

SHA256
a7460d6b4de25789de14294c0bb41324e1a1415c46885fdece2e1c31f287850b

SHA512
f4761361dc016a897be2739b04d12207e76774999bdc1ef60417c9b56ac7fff0e96a512cc1598380660f8cfdfdfee0e799d04757cbfa96dcee67d3da1af7d9c6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
5ed3edd6ec7bb563baa51a8e7496657d

SHA1
91834ea1bd9b3c950ab905b38168b3934ee345cd

SHA256
a1db1066363a4710c5ad9a549c82b3bbcffa2c08f254eea50a2efc58246fa7e2

SHA512
ffd38c9f436886fc7e07afc815088c4ac8619815aae84d7c091b450005cf818203cb344e507296c409ea36fbf1267c1172258125f423859c0c748ff03de9262f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
3d133bb6d1d0aa3de469f5ad69a60470

SHA1
639e87b130be38bdacf23761c5b15f2e5d4b13be

SHA256
796960a033847896d74098fe1a45684a9bab010c24c77f84dc1660903070b8d6

SHA512
5a562243eb6968622264f56c90d31c6451d36b08861928b61e7a5f76cadd6907fbe462eb65f93d878fb809364ee2ce527185f37ea1c7be915a072d13b38f03ee

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
61a23d9b09dfe8d5bc8c6923025424b3

SHA1
a6f388e387c4eec3bfdb2cbc837b4c4242218bbc

SHA256
42afaba56810f71eba8177b5e8c937b5813af90ece549f0fd97f2ba24af288f7

SHA512
63a9d7566754f8802a43c22e1ed709663909b79ea16873d902f2ae7e09bb0d191b15952ff35c771179dbca0f283b54b371e8d3bf0c688b211b55ed30ecd1271f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
6afd937b9a36224a51a5f76c8dfe904e

SHA1
e922691bfd810e1e3fd0dac00519a79086d4e8f7

SHA256
c11c79bf69f5cc0547c61b07e0c17231998ab05cab792c8f32d5accb509ef779

SHA512
f05751e14cbcadc542bd29526c05e778da9796fe905373969f9383eb5620d744cf3274e9eeeb4b2a73d56b7ec58aa9557109f13011a7e8318a3d4f3c3579128c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
19da11e44f4c5840e42ddda4ebb7a938

SHA1
feb9aa4442abe12560d5e0763b770517de535380

SHA256
557aac31ed3360a1edc138b4860c1510f5663c367254a920fd175ffb5cdb72a5

SHA512
3d196c0436155016ec2d8a4e4c6341f72f6543f1e2292a556781102a17a26b79d861008f47bb0b2920e6daac6406222f19ab64cdd84c2a4a1d4483054785c109

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
d7bc7d02e29e7112bb90f1145653c5ac

SHA1
15f83f1b9c64eab3d31584381b89530c823f4f50

SHA256
3de3b37577c4ee21ff47af40ddc61b920c720928489035cf245737dbe3cf4d3c

SHA512
450b0ada8092e1d3ae061b9a6f54b8d4efd91fa7eb12b731ec259a0ea3784e30fbe4b3959ef299f12d322ab3ea410bda7b14eb3647a4d0c44679b5a1364e0434

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
bc97599f57726e61767a3abefd14a986

SHA1
3b5396c0ea26e69c2734aad43486c4542bd0af8c

SHA256
39298c8173b2a97d2735e57b75df887f7734e987cfcc481f8d9d3fcc01eeb366

SHA512
a82b4ca431175627f982c364cc2ee2a4e725386ec2734419dacfd6d5651e5e6ebf6f07b5d14a9369f115bbdcc1cbb0d86489fed4cf248a1f68b77e611d93e3b2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
8c5d0ed0fe380390f34966273a67055d

SHA1
9916078c6a3884fe81fc3e3fd3abadd3a5069897

SHA256
57a038e382a28fead0a08bf9b88eb8115c39397ce7420e4efc712e2615efdbbb

SHA512
57177e4091d3e99c50dc06ef5a5a833db3782cc0ca67dc38d906a37d328460581e4467ddb40c91605772663d6c13dbf483a47b6884d41027054ceb0452e181fe

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
17e26a1fe3ee848637f95f44cf98f602

SHA1
1f55ee15dadb3f6e632cc940d51b9d37e5fbfa3f

SHA256
6bbbd318328e89423de397bc367a97bcf73c1e3bf965e3258d19890da513a1f7

SHA512
e16ca40dc26dea7d5099dbd1ba7a9426bdfcc1a6fe85ae521ce40b2a4f98557edbe0c2c5afe3e9ffb5470a6401fe2daffa5703b0a49026adca87dfd18d702790

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
3943ad3366f70ab48ec6733efd51be90

SHA1
422853794bbab98cb6991d501b89c4e4be8f5172

SHA256
fe30bb8fda7aa7e80befae78a4636e7c9d256d66a2480dc50621ad6003fac41f

SHA512
a8d7b3b7b0665c35f2ec3d33f2c0ceb4b9d9fa68b2055dd96b850867595403fd4c562b2353ba9e2e939d36b0e213ade5dae7cee58904d5d3be7c5bccab6a9103

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
73f912353178c68af7dd6e0b8b21c494

SHA1
fe1a4daa28fd6ebe4f9f00be91a2080f231752e4

SHA256
81681a148070d49cd17f386caf58fc9e79ee8cd38f8c187087108b291e31342c

SHA512
18cde11440a0234753811751323d8aa04df350c2716a36345b732e5b2cb77a6183e042c7ce5e42f4359df4c7bf0d349438500e4f8939301af69ec6b252ee3820

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
669b3f8a3b79ae617456f31e651500e9

SHA1
8d389dd4036ad03485d8ef383643d1f345b249af

SHA256
56feb3c0142f4196cf8c4dca2d9519c2133e10ab4cfa63f20b212eb6c8861c1c

SHA512
6dabf388b15bbe118b8590687bf6107a1dcccac143a7cdaaf46ef2ad94553be913e6229abd457162702f51ea812d353e3f3415c4f3965ddf467c89e99087311a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
e0cfdec5ec507d1e445c247a310ca420

SHA1
9228f3b0fca9bc57a19b9856d6aa90ba01dc5f33

SHA256
cfbb28aabecee9fb290866d6ba58b7c414902dc973e0afc6903212d6910d692d

SHA512
36ef7568aad0e85c710a81f8acb5bbb99441b9f88c78093eec0d17518ff6ab003e5e83ec7b6ded4b4dd91098c74509603673c3f37db3601c10d9896ad6307f36

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
b913de6d4745c771a0fc4d89a111943e

SHA1
db7098d1ae40823636f5733f739b2cb4c131d6b4

SHA256
3b8188ab287863e1151ffe0133def086db51ce1f3bc3a06c8f4107865e592ef1

SHA512
327e147abec853fb28885c86db1b04728ad20717564024687d74b08e1b17cd72d274f6e4366858612451adc628744b6d9c300ad9d44fe53b115170be48197693

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
42af89135313193ef65f4155741be34a

SHA1
61db57a5f9b4403d250c7e9ca1dd428118f19dee

SHA256
b4a39ddbf28ae2ca1090bd9596f4d4cb463ad20423841817aa7bc3e64d58dc68

SHA512
07725657fb276c8c357053b70cfcff4fd79452847090577b1ab127c85a90a01b573bbb6d751a51043d38ae8d1ee7b140d93b5a621b394019811a289f14ac01d2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
90a81c45fd66201983dbfcc198bfcddd

SHA1
9669f6023649d15b1edafba832206926bdb87e36

SHA256
beaec429dbf94385f15cc5e49363d6f826d79f54d2f6a511060fd3708c3805bf

SHA512
639001ab34f87c0362c9a56f4666eb3cd7297996cb789ec1f7911965d3abd00ad7bbb425fa7fc932415a5d4ff3afa62e4d94760ec5af0446ab53edc34055ed4d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
afc893204e0665ee0195172734778927

SHA1
913b45f269c279366072e097e121c72d954b4e24

SHA256
0badf724fc0524aadc5cf1ec5b6469128974e53b0cc92466af88112e15761c06

SHA512
2e5b7cb9553728f3bfb2335a0deb637be8618c7a85c114fd75e21cd1e6486a83471887ae5996d2a68699c2787aed8563c61b0aea1c813ec35306d1fca0e18f3f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
ae0dc665dd87c24d77907b86be721f4c

SHA1
72d497a40906bdfc3c91e5b4b7eaf4aec8a9ecb4

SHA256
8f40c8e0e7760fa6ec65fb707d58be41532340dc62c1ee2f701a8bd5df2527da

SHA512
2c21a853bb89e6427d45bd542e86095ddf7b3ed32860af1e896bd45a289748c92fc6d38e99e043a9a3b1ee0b0ff89a041da13ab78220d6fb3e4df70ced3a0777

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
673dee3d777fa57c06cf745df432c154

SHA1
71c0fd194f7fd122afcec25c698ef29c47442490

SHA256
15baf2c1e14731090c11f6e023e809570bd52d3db1a8b3f869d00621426e7a17

SHA512
f88eb4011b1a4ed85319c35e49e7035c14ca21a90a35f893192e073d1a2bb251100b8c9235ae17ae0e6c89678737dcdab23822e52b012f3d9de7f452919df212

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
2799738901cc4a6c106c305887040b36

SHA1
03a798a8bc507a16a552a154871dda5776bcdeb7

SHA256
c029d140620e09d117e416185c1243e15296c15b27dc1da1191f8238398069b4

SHA512
87474e506ec94bf20de989be89ff8b6ad0275a3094e59bee2d5527851404cc522af6f5904bd0e177cc52dc72190a6054169d6daaa0daec9cbde588a19e618480

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
cc49fe0bedeb3e5f01e80e8be4139640

SHA1
5579c3340050edecb179faa4918b7457e2e0e160

SHA256
b7b1274244eb3adf5905c55a63954db79701ced262154572abcff50727322562

SHA512
cc7f35a96ad767cfcf873bda8d4d69b72412d22a7dfe9c36732e06a65b9fdb4e327c5438740194df5747793ca15bb7e4e892b727a6fbcaabb26fa4e070365924

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
84c8bc9fe07edded1c46707f89ddfbe4

SHA1
aff335f1ec3983f9d3e783bcb2350c6c75070df6

SHA256
ecb281d2267bcc945ea7e12b1fccfeecf691cfe7d2a4d75360b6dfdcecde3673

SHA512
25ccebcd066f45cf6abb3e0bcda5fa6a5f8cbbcd6bded625450be72cb502561f13027a53d0594cf9485d7e7f16b126dec389a21ecfc3d7bf84562d80dcac7a70

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
82c8a590699149abd180640ba57db976

SHA1
624e92a39b7982c2465a36652300637e1028c541

SHA256
e7a7034dd3acc96978c7c4ecdf303c8a234da5c5d823548770b625ccc8fee728

SHA512
7be27251fa940a3c5c9b24e8115b0e7aa6761c2d9d6ee799af0b415461fcf0df20b41f06bf8f6752541c56041f3220716e23147843cc00c98a6b3876c312a5ca

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
2ca10f5b9ea3a0ef49365fad42addbfe

SHA1
4ff2d45553a1e1e6c6d9c4c20ae575dbdf468920

SHA256
8e7037925229966ed6b10be7cc87d19c8d97f323e0f8a271665a93e4f2d2527c

SHA512
4537f0202d0a0c5c7d2f73c56ada3999bc3677ec58f72a561a7df5c21b528df600b518ae51f1a7b4bded0bd3ab9f76ee4a928a2c162df16a861df16d4abbf804

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
fc77673699fcf6a23ae227c64e5465ad

SHA1
fffaab193aefa0ca173f6b2b6dcbf9b393d18637

SHA256
7234b29614847009794ac7e7cb0b4568b77e0cde03c8759bb9f3747b30593af5

SHA512
2561e7726a355600143c7813654c740798dc1234ba4be03d8bb409b0cec2e4c5654f9c0ac07b77c9de5ca42cfd0a1a6ebabf382d419ec65b2e1d0a9473cf5d9d

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
102ac83462f334618853db01963d5be0

SHA1
6b236558d17e7eb5004e7577d9b27906a246e81d

SHA256
5940a98af638bbaf263b407ab7cc455743f0ae87287c750e4dc4bcc5830e32d7

SHA512
ffe0c49cf822fb43e98de954e04b4969ef316944849baa0cee25bac6ba57f6b648f3bc7f4f7e817b1b65e0ec91357dbd7168f64feb152b7b5ab67969d70adbac

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
661f0ef82bacaeed2a83cffef124a451

SHA1
d7bc83b28115a4ce2582b6b8c385b5c3dd0c6efb

SHA256
f0f183c6700ec326ca908cd221178bfafea410cbe7ec7ff90ffbc8583deb1a66

SHA512
fbcd3c7dc45024eff36ebd94218674c94d8a319109925e098c875ee4695a42cbfd032b6caf068b62e4ce921954603de441d2e9c63161537ffbd4b581c8df5f3d

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
e03ff9eb8ce324cb851739bb487c9b87

SHA1
c1228dd21c0cea1d7315d052c69c1974bea57da6

SHA256
c1bf7bacc9c3e71b2ceff2865af7177e874e95449885e2dd7ee6439261d6304b

SHA512
658712eb7b729c870aed0dccd55b975e0d0730a10b39a9be516c9f50dca9eb4a09ac40451c58b7f02ea80d00b8e6bfc74276157edcb85ea30638792bff0317d9

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
5e87e052b414754c488aabc7cc607ac1

SHA1
338b6bdb4fe286d91accd7d5888b4815b9b7bccf

SHA256
e3b2125c7b5aa0603f926d8f3607894814ad50a7c9e5d627d7d89afb96c475ff

SHA512
1345b48cacd82b100df815e3e019f4495e684ffc89fd87971ba0e0d01abdfb4753d643456a144bc52f427f0f23ed264a1d70f15df37715a205513797a80506a2

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
18dcde1051505978941ed6b94554902e

SHA1
e7661138a71aa7ed0cfcaafe8e21b16e35ab4371

SHA256
c5eafb1be77ac41a699d95d1fa22c09ff3786c8693be34e116cfe377d79ef6e3

SHA512
5260f279b2d8de1b23401c6c8d6a9db671add83fa63ee6e7126fb1d8715954aa7fe7f66f9c6324d55d65ca1213be9f70f209676d634301c4c6f2c3b230c7ed5b

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
560be9e0290377be1e69230eaf007c94

SHA1
fa0bc11796244d5e4e7ce9fc1c149e2938ef0802

SHA256
a1b75509ebae207ee906f3b83da3bc6c22d95e3eaf1921e6ba2472389f152be7

SHA512
0d0872e0399fafc999af60384c5bd2ecf15460144dcf03f3ea78cf67ef306f3917e3566da87506d206506e38b57e7d2396f7d0f3e4be1ec765b07d53985a9dcf

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
eb864233b9166e732d8ed9094817c5cd

SHA1
f9cb1ba40978c814f9e07d3031693668ad3a2601

SHA256
8e543cf3d44a18a3bb6f85622a0981c1f9bf3cbdb94fa3f2565748811aff984c

SHA512
922bd716e5b3283518251ceda704fa5752a232aeef17ef26bd29db651edd6e5cef63795d54d629fabfc49c7217a8de0f17293680258e05e699486b0a490df545

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
eae2f9e5c71c77e93a729a67b83bf31d

SHA1
00d0a43ffde8a892d00c184a700edc23b87c2a73

SHA256
cd1258c82c1bfabf31114fead5ffc9ccfee096ef8c2bbd842f5eb7b8caa8bdcc

SHA512
406bd22c5d86f98b460b761d10a69f4be58a0e1cb32deebead2c7b1e80785fd724a2c7b2996a2f65fafe690d607bfd1572133e1d09adc7ef80f2fa4bbd6f8c1d

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
fe78ee2a84a185ff36e09a09352555df

SHA1
d5ab3eec936e0f1e1e9825b409a9cc42e40b88a2

SHA256
81e15ada7b3f4bed81649e67361aa3f8ebc28286898eb3bbdb411ff70ba5b1be

SHA512
f0fc096a7aa191f839ff41fb7cedcb127b19be8136165b373812fa5c2bf7588399f10a5b22115ea106be3cb85472039ef7babad86fe358740422d56ed559ce16

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
7523ba2a2a7a34d52f21ba084fd5d417

SHA1
e74a8309e7885768c4fd956ae012b556d63df23c

SHA256
8e9ad06153ffbdbec7838d8da49bf2c69a64202abf11ef2f9110fa22e914356c

SHA512
29981c02bd82b8e0a13a07cd29332b3b4f01effa965c877367f923dc4b050188327ed6f5735fb7d8dc1aaa5047504836ae8a643a9f5cce5374b9899fb8057293

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
544fce55cbd4b7786917e885ef5e7d7b

SHA1
c119235f8af7d2b3a53cd0824f79aa4faa7a1a81

SHA256
6cf1fa102df323de92dabc2dd18a50a8b06a43a965627b329448fac35533a43d

SHA512
842e06a257fc2306414ae6fb6c87e01b8239955e7467d2c4dec2e0c0e0a7953d4580fc1da83777d64b7743dd05b3d8d3bc86f89d5115a3735ecd31ffc737f9d4

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
e2d7f84ba7eab2143cf958dfccf61a52

SHA1
18d7252457057ee8a8074eed639b878d1cdef8f9

SHA256
36f03a8531db2b43d749871803b155c047c38e653a28975b9f95d0426e2c97a5

SHA512
f2b6c3a528730afd840414de1b1f44f90cd995d70da5c7dec7c2d8c52c5d01250e6e246b723210e486fa0d40f63994d9b71350a4ed28850f621af1d8243f6530

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
9f6f0a0f8dc44254ef08bb91cfb08fea

SHA1
046dcc27f08d922d3a225ea6a30f7917d90420a4

SHA256
26465e8023e17aa6be71843b3d128ef4f88a3e0f98943fad1ba22eacf2200826

SHA512
40bf6178da216a048085c85d1b05dc3eeeefd555b6c7e53ae5076fd7095329c849ee44e137e6f0098c316acae02c6572f3f9e80fdce27f9e4a1210ece48774d1

Download Submit
memory/1552-245-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1552-247-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/1552-575-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1552-252-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/1580-45-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1580-54-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1580-53-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1580-238-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1584-13-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/1584-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1584-21-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/1584-236-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1664-313-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2076-452-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2076-576-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2540-257-0x0000000000A30000-0x0000000000A90000-memory.dmp

Filesize
384KB

Download
memory/2540-256-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2540-328-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2708-311-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2788-444-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2808-454-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/2808-577-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/2824-41-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/2824-237-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/2824-33-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2824-42-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/3108-241-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3108-78-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/3108-72-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/3108-80-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3112-442-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/3316-446-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3324-312-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3352-65-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3352-68-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3352-57-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3352-63-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3352-70-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3412-453-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/3564-382-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3744-443-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3756-8-0x00000000023D0000-0x0000000002437000-memory.dmp

Filesize
412KB

Download
memory/3756-1-0x00000000023D0000-0x0000000002437000-memory.dmp

Filesize
412KB

Download
memory/3756-31-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3756-0-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3888-445-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/4848-455-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4848-578-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4900-309-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4992-567-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4992-323-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download