Overview

overview

10

Static

static

1

Shipment invoice.exe

windows7-x64

1

Shipment invoice.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2023 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Shipment invoice.exe

  • Size

    1.4MB

  • MD5

    eaad3c08a1f393d748dd5e1a615b2b3d

  • SHA1

    84a3f6c915201d6a662ad227114754aea6c2ee2c

  • SHA256

    e6b2f93e2124fa13a05e54b0f0f9327ccdcebc38ee774332c22f34bf60771cef

  • SHA512

    2090e33e11e3a0ec15052b4c1f32574da80786655f22c766046c536dd47f9b2608279a9562d5cf5107a1a28b0ce78dc0a13c934643919f067c8f6a89b3db489a

  • SSDEEP

    24576:vzOB9fWDrP3eS3OzAMgzZba9W4tL40ze2mLpNPT8EWAinrixydMvD:vzOB9fW33ekxXzZba9W4tzeJeEWPiqM

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 22 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 27 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 44 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Shipment invoice.exe
    "C:\Users\Admin\AppData\Local\Temp\Shipment invoice.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:456
    • C:\Users\Admin\AppData\Local\Temp\Shipment invoice.exe
      "C:\Users\Admin\AppData\Local\Temp\Shipment invoice.exe"
      2⤵
        PID:1652
      • C:\Users\Admin\AppData\Local\Temp\Shipment invoice.exe
        "C:\Users\Admin\AppData\Local\Temp\Shipment invoice.exe"
        2⤵
          PID:2868
        • C:\Users\Admin\AppData\Local\Temp\Shipment invoice.exe
          "C:\Users\Admin\AppData\Local\Temp\Shipment invoice.exe"
          2⤵
          • Drops file in System32 directory
          • Suspicious use of SetThreadContext
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3096
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
            C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
            3⤵
            • Accesses Microsoft Outlook profiles
            • outlook_office_path
            • outlook_win_path
            PID:2316
      • C:\Windows\System32\alg.exe
        C:\Windows\System32\alg.exe
        1⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        PID:3516
      • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
        C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
        1⤵
        • Executes dropped EXE
        PID:3772
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
        1⤵
          PID:1952
        • C:\Windows\system32\fxssvc.exe
          C:\Windows\system32\fxssvc.exe
          1⤵
          • Executes dropped EXE
          • Modifies data under HKEY_USERS
          • Suspicious use of AdjustPrivilegeToken
          PID:3312
        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
          1⤵
          • Executes dropped EXE
          PID:2312
        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
          1⤵
          • Executes dropped EXE
          PID:3372
        • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
          "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
          1⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          PID:4504
        • C:\Windows\System32\msdtc.exe
          C:\Windows\System32\msdtc.exe
          1⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Drops file in Windows directory
          PID:4388
        • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
          "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
          1⤵
          • Executes dropped EXE
          PID:2884
        • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
          C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
          1⤵
          • Executes dropped EXE
          PID:1500
        • C:\Windows\SysWow64\perfhost.exe
          C:\Windows\SysWow64\perfhost.exe
          1⤵
          • Executes dropped EXE
          PID:3412
        • C:\Windows\system32\locator.exe
          C:\Windows\system32\locator.exe
          1⤵
          • Executes dropped EXE
          PID:2296
        • C:\Windows\System32\SensorDataService.exe
          C:\Windows\System32\SensorDataService.exe
          1⤵
          • Executes dropped EXE
          • Checks SCSI registry key(s)
          PID:5116
        • C:\Windows\System32\snmptrap.exe
          C:\Windows\System32\snmptrap.exe
          1⤵
          • Executes dropped EXE
          PID:3360
        • C:\Windows\system32\spectrum.exe
          C:\Windows\system32\spectrum.exe
          1⤵
          • Executes dropped EXE
          • Checks SCSI registry key(s)
          PID:1276
        • C:\Windows\System32\OpenSSH\ssh-agent.exe
          C:\Windows\System32\OpenSSH\ssh-agent.exe
          1⤵
          • Executes dropped EXE
          PID:3708
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
          1⤵
            PID:3904
          • C:\Windows\system32\TieringEngineService.exe
            C:\Windows\system32\TieringEngineService.exe
            1⤵
            • Executes dropped EXE
            • Checks processor information in registry
            • Suspicious use of AdjustPrivilegeToken
            PID:5096
          • C:\Windows\system32\AgentService.exe
            C:\Windows\system32\AgentService.exe
            1⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:1520
          • C:\Windows\System32\vds.exe
            C:\Windows\System32\vds.exe
            1⤵
            • Executes dropped EXE
            PID:3084
          • C:\Windows\system32\vssvc.exe
            C:\Windows\system32\vssvc.exe
            1⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:4068
          • C:\Windows\system32\wbengine.exe
            "C:\Windows\system32\wbengine.exe"
            1⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:4276
          • C:\Windows\system32\wbem\WmiApSrv.exe
            C:\Windows\system32\wbem\WmiApSrv.exe
            1⤵
            • Executes dropped EXE
            PID:2488
          • C:\Windows\system32\SearchIndexer.exe
            C:\Windows\system32\SearchIndexer.exe /Embedding
            1⤵
            • Executes dropped EXE
            • Modifies data under HKEY_USERS
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4892
            • C:\Windows\system32\SearchProtocolHost.exe
              "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
              2⤵
              • Modifies data under HKEY_USERS
              PID:4400
            • C:\Windows\system32\SearchFilterHost.exe
              "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 900
              2⤵
              • Modifies data under HKEY_USERS
              PID:1316

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
            Filesize

            2.1MB

            MD5

            9d4d9496de582999ff93a0451dfeecab

            SHA1

            4882eec1aafa837994c44bd3b39ef88a833bc02c

            SHA256

            4219d3b76fedc9f381c1b0baecfbe2b42632474392973c9deb45e8984dc1ca75

            SHA512

            9abb707f8616dcb1f0fd9690a29262957f4cc23f9fd05d3e03b3527991ed4f53ac81278a2b7fdf53ca2a65cf2b203db2905ff6bf3c9cbeb01ae624e78ca78160

            Download Submit

          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
            Filesize

            1.4MB

            MD5

            864f811c6710f4aafdba4b83bdec71c2

            SHA1

            6575d9e672a9f128cc3fed651b45b1d59404014e

            SHA256

            2cbce3251d4d4730acbea693c25a155494787481a3bd1d8bb79d468c81738f9f

            SHA512

            bd058e89314a1faaeeee2aaceedd853463039f5a1fd7f65f27615ca84e22295e81e34156909f752aff127d6e628396989ae4fab949db5abde95176c8a3dc6c0c

            Download Submit

          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
            Filesize

            1.4MB

            MD5

            864f811c6710f4aafdba4b83bdec71c2

            SHA1

            6575d9e672a9f128cc3fed651b45b1d59404014e

            SHA256

            2cbce3251d4d4730acbea693c25a155494787481a3bd1d8bb79d468c81738f9f

            SHA512

            bd058e89314a1faaeeee2aaceedd853463039f5a1fd7f65f27615ca84e22295e81e34156909f752aff127d6e628396989ae4fab949db5abde95176c8a3dc6c0c

            Download Submit

          • C:\Program Files\7-Zip\7z.exe
            Filesize

            1.7MB

            MD5

            f51bd8b29db00ce3d0d8c8749f0f41af

            SHA1

            9a05ed50d04d8c48105c4debfe4753659c055efa

            SHA256

            718b921582f608eb369547c8165495d744b2d224c346ad5ad623f79009e9fe4d

            SHA512

            1d8c072260d9003fa41c362c57bc3e63a7dccc2b99cf765e1b3330086f3f40210e119d7d39b3acdf583c805fa7e43e0af3f57bc1a61e11e4e475f2696a4cb542

            Download Submit

          • C:\Program Files\7-Zip\7zFM.exe
            Filesize

            1.4MB

            MD5

            8ce3420d56e1c12a525686db5bd3662c

            SHA1

            2e0d927a1de7544469468cde19f4c58683f9e32c

            SHA256

            d1fb7de4741e94962dfbd1f5c9b223834f30ade56133b20aa7eeb24519d1bfe9

            SHA512

            083d8ddac17e08430879c5dd5a4166e3dd061193724913081ec5021f9e216658a78e444f0b69c367c454aeaedfe1dd89424d564e701623b8ac63ef53c610521f

            Download Submit

          • C:\Program Files\7-Zip\7zG.exe
            Filesize

            1.1MB

            MD5

            01de7288691663330947b9b125e02e65

            SHA1

            6712c2705391db537d375fdcdcd6f54866ebf510

            SHA256

            a6ef4d2d87a48b27fc20fcb92fb0326f89ec4e0ebca64d3866e74aa1f1ce8182

            SHA512

            69731eee5abdd188a8f9f854295e4d6a3d3722f562ddb34f9606abb9e26220266a0a72377b7b38949adcb88bec9c51e531ce450aa888ddd86883f9d1cb633da9

            Download Submit

          • C:\Program Files\7-Zip\Uninstall.exe
            Filesize

            1.2MB

            MD5

            8ca8a3809dace77e6f270ef0c2a29187

            SHA1

            7df01337dbeeaa6883a7e4d2d7778d563ead73c7

            SHA256

            dae9b748e0370cc7728930b643fd6ffdf8c10d550644596faa672b0eb96af8f1

            SHA512

            f1193ba37696c0f6fbe4664e0606c6e2f65c79a93f72fa0b0348d5b72e15025785bf673e574ff0bbb71be30b9b56de828edb14075cc731d99c903d51ae47f067

            Download Submit

          • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
            Filesize

            1.5MB

            MD5

            f8be40f95cdc562fad9abf5cde8fc8d0

            SHA1

            11c7270500c07a1cbc73f9533735c4dbd12685d4

            SHA256

            f59be39b6eeae0d70d4199bd95b74eae73ad7468b4d23e8ce0402d36ba66b0b8

            SHA512

            18e6fa81f787a24957a4dc3abe92f009b5c725eac61dc222918fe7fec7880476e511f3c1772a6327a63779234d452d09556b507c375978a2f5fab6bc08e490cb

            Download Submit

          • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
            Filesize

            1.7MB

            MD5

            8ca681eceb6fed85fcde25bc8eb0a2f5

            SHA1

            3dcece85b9e27ebba67e1c4db1ad8dd767af5785

            SHA256

            c229ac0fadfd3ef75180749172b907b6c8e8bc6aac454e1d20e1ed21413fb05b

            SHA512

            b727049158620a4a813dd5729504193e7683438c5c60a14e0a568fa43589f7d3b753be5ff230c552a2c717452836c3e62ae6ead18bdbae67ae1d678d767ee145

            Download Submit

          • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
            Filesize

            1.7MB

            MD5

            3db7cfc4c85afefd9cf66b152cacdca0

            SHA1

            c8d9487bbe5f835f034cf078d0c64bb6ea759b81

            SHA256

            4d3cac60fda16c03b31a28bfe8fdb48efc37121dcd422c67a060a94ba43fd3e7

            SHA512

            93b6757f8ae232afdceb25a96963411fd36572442a66c78ea8071d736e6bdeaacab5a1c6b1dc5143b1ba3089d6242bdadcc86d1ae3ffdd58da8226b05d054487

            Download Submit

          • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
            Filesize

            1.5MB

            MD5

            a12c3bd904747ca5d86c8229a737a32f

            SHA1

            1b33663814c5e0b5d2e56f262a0ede7926469404

            SHA256

            abc2625eb69759f5e823c1bebe6e35022789a3602a759a14ce3b16ae5d590ade

            SHA512

            17276057dabe11219231c38ac9ca7f47a1555dde28c20f075a1cfaab7f76df84dfdcb0d145160a6b8c1070b8d6fbd2fc6066ac2dbd668f3eb0b5097b1fdcc482

            Download Submit

          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
            Filesize

            2.1MB

            MD5

            b926d9ce95e5e7eac6defdb4789f9cfc

            SHA1

            c3f667cdef5989179a6090ff16161dbddc1793fe

            SHA256

            cd7b5e42da6af8d978167fb3ecd1a96d86c9ff6c3547838d6d6f2072a99ff36b

            SHA512

            10233b0ec8e7dd3b92ccb4101cf1a3c053f32aec421bead00aab355ae9f6f1837534d1fa5307ae2b47103380bbd1091d82f78ff6b419b1fffabe36bcf49847fe

            Download Submit

          • C:\Program Files\Windows Media Player\wmpnetwk.exe
            Filesize

            1.5MB

            MD5

            a730d222573c28a3c9c057ffad744fdb

            SHA1

            cc2d02d0070cdcacfc0cce9b0452b8a516d0518f

            SHA256

            7cf17a0ff2fd7ffb7530b4efaf501f11c1a096ca794d51ac89cdb7a804fb61c8

            SHA512

            4a9af29b635bab044c4f3a6e93f7fb1198f9640052fac9ff8d673795fe2d28e8fee310098a7563cc374be5d9166c1a1321ee7929eb383c842fd9b77c72b1adb6

            Download Submit

          • C:\Windows\SysWOW64\perfhost.exe
            Filesize

            1.2MB

            MD5

            41216fc0093ba5d1f92f4a7b182d7143

            SHA1

            95b968676b977a617c2a6b33f7f71dcb537893b1

            SHA256

            c65e32051ad8d12b8a462403bc656b71b58a915b36ca540048c68fa13e392525

            SHA512

            22498632ccc03df00e94b07a31bb06f4a95e88e02fbd4e6cf43a795ba0e800e9c144b7a20ef38411fd08875e35600461adb9113e88e46a227f572c8f87b3c81e

            Download Submit

          • C:\Windows\System32\AgentService.exe
            Filesize

            1.7MB

            MD5

            76eba76006c58271cf5a8f77e4321234

            SHA1

            2a095d00b5f96ea942df869a131f20e0abc1eac1

            SHA256

            f084ce77443f8d9cdca047ef58dccbd160bd532814c4d795a7845a31428b1e87

            SHA512

            5989c80d66984c43c6485b6235438c8ab32cc62fb9b7f61836d7c38799c7b6bb1e5d943ad422b60ea6ab5de7acc47cc23ba79a5406671bf7b7363aace5d08e95

            Download Submit

          • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
            Filesize

            1.3MB

            MD5

            aa00151da12bb65ae1d1c86161f2201c

            SHA1

            04ae82cc9faf398e2dd3d4584168edabf7d09ee8

            SHA256

            db521f6e87d14c1a4b198d1ba9f849f9b7147b27a7ce9fb35540562ff5911815

            SHA512

            64298e8466d87d1fb679dc2948fe8e0a534210b1d062777586dbaa2576692c11864b53e15d3234e3df22e845d06ca544bbd2fec7b14d97feee12099120776984

            Download Submit

          • C:\Windows\System32\FXSSVC.exe
            Filesize

            1.2MB

            MD5

            cdf20ce0a8acedb3e48cb856467abfce

            SHA1

            1604f3d3629156e90d3d72364bc1c0326d2870e4

            SHA256

            2828cec74c5644e02472663bc37b59054359b57a64aee14ff687c1299c91837b

            SHA512

            0c8f873bc14143f323eec7ce6f2a082a2d65be32861ece077ed0d9abd761d421e763a51ca4e93d8315630d7c056dfa240e9805f4ef1b14b7ed4471ae81df1d67

            Download Submit

          • C:\Windows\System32\Locator.exe
            Filesize

            1.2MB

            MD5

            cf7c8da8470498696295b59cb6b97d5a

            SHA1

            efa987b26806d572a49fab2e795866cdf2a2e9eb

            SHA256

            bdd019e1577f30caa2f925b1261baaeec652102caac0b59488add287cb9687b8

            SHA512

            42866b1fa1c50d88c1810f40588e95b4ae1674db1d35cbb0f319810d05c7b6c7df8dbb68260f8135ca7aaa06c08a7ff8cb8801d47a374327a0082c4bd699008b

            Download Submit

          • C:\Windows\System32\OpenSSH\ssh-agent.exe
            Filesize

            1.6MB

            MD5

            5dcdab9f1677189df488cfa0432ececc

            SHA1

            ad5a1914a019946a7b7e1b4c4cedfa8d505f55a0

            SHA256

            31e1f6c1f5646024305b6a0909e9d1aead0058f6bf2124672e9a0c361fbee921

            SHA512

            00f31917b87dce385db4f88f34832948dca038cd549e6d4d676a58d9526d98a190458717a9384746a8004cbbf117b357b871a0f3a02e51f9264e8d7ed4376581

            Download Submit

          • C:\Windows\System32\OpenSSH\ssh-agent.exe
            Filesize

            1.6MB

            MD5

            5dcdab9f1677189df488cfa0432ececc

            SHA1

            ad5a1914a019946a7b7e1b4c4cedfa8d505f55a0

            SHA256

            31e1f6c1f5646024305b6a0909e9d1aead0058f6bf2124672e9a0c361fbee921

            SHA512

            00f31917b87dce385db4f88f34832948dca038cd549e6d4d676a58d9526d98a190458717a9384746a8004cbbf117b357b871a0f3a02e51f9264e8d7ed4376581

            Download Submit

          • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
            Filesize

            1.3MB

            MD5

            7ff5a317025c385928560632ba09c5d1

            SHA1

            f3dd97190882a29ec1f8337460b245d7fe8a8eec

            SHA256

            50ed8f849e7f8115b8049f3f16ac80802495bea80705e330b4c488c225b459ec

            SHA512

            e4fa9d3019e704cced5b1f705619b63f949a45263d6efd501329200bd6b25c29bf9fbf5dc32086757226442be2609315c5517d70dd8fa23d07612844233c4501

            Download Submit

          • C:\Windows\System32\SearchIndexer.exe
            Filesize

            1.4MB

            MD5

            0146c4a5648d97327dd06ef82d07c65e

            SHA1

            28c9008b5715d999c251d2fa6b14173db30b3bf4

            SHA256

            9aba1574248e0ae64eab96c25f9ec2386d55811971ec9cca9a2e532ecdc2a846

            SHA512

            711612958006212b7de2bd3f89c59d38103472d7a9bcdeea68c9d8295bf6651f5bd5869afc93bff1354750d739fee995fffd47dade0ededefe6425621e8e4d73

            Download Submit

          • C:\Windows\System32\SensorDataService.exe
            Filesize

            1.8MB

            MD5

            612bd7b65ab0f54a3419cf132d60f1dc

            SHA1

            32b3253c43cba94a637be3d6026383e1aab02a00

            SHA256

            6cabe9e880c2c228f53c07ee9a4961daa98b1fe9c16a7b5795a41fdcf7fe627b

            SHA512

            afaecfeb2529c8b666bdf7a52b6535ec97475fc077b9cd6480e5e2e30e3508d7601025414d54e6761e2e852b54474850d965b4ee985af76e95dafa70604c79fa

            Download Submit

          • C:\Windows\System32\SensorDataService.exe
            Filesize

            1.8MB

            MD5

            612bd7b65ab0f54a3419cf132d60f1dc

            SHA1

            32b3253c43cba94a637be3d6026383e1aab02a00

            SHA256

            6cabe9e880c2c228f53c07ee9a4961daa98b1fe9c16a7b5795a41fdcf7fe627b

            SHA512

            afaecfeb2529c8b666bdf7a52b6535ec97475fc077b9cd6480e5e2e30e3508d7601025414d54e6761e2e852b54474850d965b4ee985af76e95dafa70604c79fa

            Download Submit

          • C:\Windows\System32\Spectrum.exe
            Filesize

            1.4MB

            MD5

            01b993c4289f63f93265c2fc8f9ad037

            SHA1

            fb659f891490e27eac3feadcd5909785a097c797

            SHA256

            4eee3bb903c412f43e90cbdd94f858e340a256c681f0cdeca29e9da15d11d3b9

            SHA512

            a0a5691a19e2209fe9157b7375bbfeb909ed334575cc62800f06a4a8b88f7359075cc0eaeab54512bfb05d58fb819518dc4433328a577a6306a6ba1d76b7d390

            Download Submit

          • C:\Windows\System32\TieringEngineService.exe
            Filesize

            1.5MB

            MD5

            3c831df6c3ed5ea030ea40cbd49ad8f1

            SHA1

            5008210bc3f379792c3728eb5accbe19c4e7d110

            SHA256

            3c521eec9b53b70b0291be5e0809d3e0b46a185b3d31a575f6532a8a820ddd4d

            SHA512

            ec9062ceb477bc7a4df13bcbbc968886c265c0c008a97226eac59417030bc2ed1cd8934d330d991bf327d5a91b97b53c1d2764c62613470bf468f4476e5dc604

            Download Submit

          • C:\Windows\System32\VSSVC.exe
            Filesize

            2.0MB

            MD5

            b57229a4cf268eaacebcb874b897d054

            SHA1

            7b98026179532c7f4b9b0a1979ba23217ed087ce

            SHA256

            b2eaf650c45d240d0d5b1579bad01d42fb1e2ec63c76399f00b942e0471e5f37

            SHA512

            ae201a546a2a752a6e026ba4d61d4421753899c093f593684940c2d9c93c27af63779997585da53819320a5dfc36dcdba129cd3ecee3e4a8bcc2bdf58b1aca11

            Download Submit

          • C:\Windows\System32\alg.exe
            Filesize

            1.3MB

            MD5

            83eefb0b2886a142a21076c86f077b08

            SHA1

            e9f667b7d56d03c9ac433129d673426cdb484a6c

            SHA256

            1f61b3fcd666fa5526ce0b0ab061c8a8f35328c26815c06173fcc1ca3ca30809

            SHA512

            cf6b1bab2d70b48e0a642bd03fa733d116b46bfb29d8725e77d4ceb6ac15880c995aa8b54991bdc263b312c5cef26f885ebd392e9aef9632fd722c1dc81a2282

            Download Submit

          • C:\Windows\System32\msdtc.exe
            Filesize

            1.4MB

            MD5

            dc2b1c731ca2720bd83fbcd80b1ba0c4

            SHA1

            492ee0681000a74833c055310973b962c265de7e

            SHA256

            1bdc82e62e5927f2759dd7d29b4ca402649cadaf4a03e7d3bf7e24ae0f095713

            SHA512

            0275af74ea5de055f51e2e0b1071d6c9ee8f268a6cbbbf06e71ea2f94a1a84f5a71f478195048b640879ae4ed375aca7f8a4689480ade95543e163d10d7daee2

            Download Submit

          • C:\Windows\System32\snmptrap.exe
            Filesize

            1.2MB

            MD5

            1d0e4da24291cfdb995fd764f0c11a29

            SHA1

            205c094a096e98ae758e1978cba6dd56875869f5

            SHA256

            05ea4c97b4a6b87a9f2c328ce1f104bd8f2923caa686f748611873043fd26733

            SHA512

            5fa5aad514fa2d8e3914d472ba018a9b6c9b7dc5c1f2766bbecb5c19fc47f9fab69b571a11baa6083b66e65c5a4c8c94b192d5f6ee72a76a0434891d7704da64

            Download Submit

          • C:\Windows\System32\vds.exe
            Filesize

            1.3MB

            MD5

            53642f4cf034a58689429d7364e5ed1a

            SHA1

            1c0478ad7ec8dff1876e388c2eb7e558aa96ce59

            SHA256

            7394b2c310eea398af52cc32968b611b4f2376f43efcb2cbfb5dc21879e6aa00

            SHA512

            bb951f8915fafac94965bc6ee918c21f81c81c2389040e68076b1680f175825d254fd3d5504c05f1e9c5ccd8b7207c3bbf421b0478e84c0b5e8be77e97528f1d

            Download Submit

          • C:\Windows\System32\wbem\WmiApSrv.exe
            Filesize

            1.4MB

            MD5

            e04c6cba70c4f161a7d3a36128fe7a52

            SHA1

            48f13b979cda73f2fd0b99bea91dda429d1c8219

            SHA256

            5ab0c9fc30f38f9908cc0e8906b2acd9a202954d7c7a88b52a1364df13400e5f

            SHA512

            7016f9204d1589bd183a728a5a7c746a9faa7e291b2c0cc8848a90785ab44006373d6f9e6ef688532863bcf0aef736147863f845675bb57ae3c0959ffdeb364d

            Download Submit

          • C:\Windows\System32\wbengine.exe
            Filesize

            2.1MB

            MD5

            eb9350c7aad63e5da149594d119c2b5d

            SHA1

            34bd8618c4acd7184ef6177e5f8ddd81e90033b3

            SHA256

            b152def35ebc3a9bbd4b17a7891f29e30632fcc810a02b0c1fb6fdd6023c7f15

            SHA512

            827ec2a3e8aa55157d5e7b8d3b058168b9e14f0f16a0d51def5f725bab2dc38ec105952bc80c14719a67cf65bb6d49e7faa3d785b0118bc47a1bec5b21f7e28d

            Download Submit

          • C:\Windows\system32\AgentService.exe
            Filesize

            1.7MB

            MD5

            76eba76006c58271cf5a8f77e4321234

            SHA1

            2a095d00b5f96ea942df869a131f20e0abc1eac1

            SHA256

            f084ce77443f8d9cdca047ef58dccbd160bd532814c4d795a7845a31428b1e87

            SHA512

            5989c80d66984c43c6485b6235438c8ab32cc62fb9b7f61836d7c38799c7b6bb1e5d943ad422b60ea6ab5de7acc47cc23ba79a5406671bf7b7363aace5d08e95

            Download Submit

          • C:\Windows\system32\AppVClient.exe
            Filesize

            1.3MB

            MD5

            973af8321ba41f7cbc8df2e985fd4bef

            SHA1

            cbe1b5902e391ca5c274837466ec7a870bfb42c9

            SHA256

            3b66059ef75b2aa2a406f84350be04a5c30a48d38b5d188ef2dc0fe445a6437f

            SHA512

            2d985c7ba2b3835a8e6dbd6c50885b67e14b388b1045a2aaeebe2589d57e8cc58fd63263f1e98918a50d69cdc4070ef38fdf33a9ca033221aec08cd621071160

            Download Submit

          • C:\Windows\system32\SgrmBroker.exe
            Filesize

            1.5MB

            MD5

            13b4493082c9a32ac5dc791ad1e25dfa

            SHA1

            ea1f3045b2236d7d4b672a33e652130ea5c4ecf4

            SHA256

            3ed79189530b60f10c02d66860701fd462685c4c94ee9b87b34c2f12484648bf

            SHA512

            345cf77c5970865bc33cc1ef187d6af6fc6146c90f6b629fcd4b6109f69b7654578caac3fb69965f3b3bebf90cd3344be917e9586cf7abeeb4b469fb2be68a2b

            Download Submit

          • C:\Windows\system32\fxssvc.exe
            Filesize

            1.2MB

            MD5

            cdf20ce0a8acedb3e48cb856467abfce

            SHA1

            1604f3d3629156e90d3d72364bc1c0326d2870e4

            SHA256

            2828cec74c5644e02472663bc37b59054359b57a64aee14ff687c1299c91837b

            SHA512

            0c8f873bc14143f323eec7ce6f2a082a2d65be32861ece077ed0d9abd761d421e763a51ca4e93d8315630d7c056dfa240e9805f4ef1b14b7ed4471ae81df1d67

            Download Submit

          • C:\Windows\system32\msiexec.exe
            Filesize

            1.3MB

            MD5

            774593002684fc2e225d9faa5e1e9476

            SHA1

            1bfe5aff4b7e793b82b03c2673f769651f3d92f6

            SHA256

            2815b92a15b2ad35d1a9e6e986cf4c3e8c478d1782c429ec65f5d52ed507d9af

            SHA512

            996a3f099cf6a48bbc485f5cae5a9202733d843c9bd21c75d5bdb3450d705198f90794226db2c065c8a01e80361dc693a46460dd632389d2a5369c4abe372856

            Download Submit

          • C:\odt\office2016setup.exe
            Filesize

            2.0MB

            MD5

            8f58bd4a95302d583403137d87678b68

            SHA1

            a171ebd15c8300970a67654ed14ed994982adad9

            SHA256

            b6b24c2aa9994f429161126543c7d3bd15677a00f6682edcfdb68dbd69c978d4

            SHA512

            87a7473ec6a851075c16c8dd51016586b126719d20eb7b829eb060f9e8d8c4bf6a7726ddff77e9bd52e47b8f986f41801183eeb0c7fdd48491a9780ea2b7fb54

            Download Submit

          • memory/456-136-0x0000000005440000-0x0000000005450000-memory.dmp

            Filesize

            64KB

            Download

          • memory/456-134-0x00000000054F0000-0x0000000005A94000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/456-139-0x0000000006DC0000-0x0000000006E5C000-memory.dmp

            Filesize

            624KB

            Download

          • memory/456-138-0x0000000005440000-0x0000000005450000-memory.dmp

            Filesize

            64KB

            Download

          • memory/456-135-0x0000000005040000-0x00000000050D2000-memory.dmp

            Filesize

            584KB

            Download

          • memory/456-133-0x0000000000550000-0x00000000006B6000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/456-137-0x00000000051E0000-0x00000000051EA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/1276-596-0x0000000140000000-0x0000000140169000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1276-334-0x0000000140000000-0x0000000140169000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1316-641-0x00000223C7FE0000-0x00000223C7FF0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1316-642-0x00000223C7FF0000-0x00000223C8000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1316-703-0x00000223C7FF0000-0x00000223C8000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1316-643-0x00000223C7FF0000-0x00000223C7FF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1500-262-0x0000000140000000-0x0000000140202000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1500-551-0x0000000140000000-0x0000000140202000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/1520-358-0x0000000140000000-0x00000001401C0000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/2296-284-0x0000000140000000-0x00000001401EC000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/2296-572-0x0000000140000000-0x00000001401EC000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/2312-198-0x00000000007B0000-0x0000000000810000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2312-192-0x00000000007B0000-0x0000000000810000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2312-210-0x0000000140000000-0x0000000140237000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/2312-497-0x0000000140000000-0x0000000140237000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/2316-200-0x0000000000A40000-0x0000000000AA6000-memory.dmp

            Filesize

            408KB

            Download

          • memory/2488-615-0x0000000140000000-0x000000014021D000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/2488-408-0x0000000140000000-0x000000014021D000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/2884-260-0x0000000140000000-0x0000000140226000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/3084-362-0x0000000140000000-0x0000000140147000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3084-605-0x0000000140000000-0x0000000140147000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3096-144-0x0000000000400000-0x0000000000654000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/3096-382-0x0000000000400000-0x0000000000654000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/3096-150-0x0000000003030000-0x0000000003096000-memory.dmp

            Filesize

            408KB

            Download

          • memory/3096-145-0x0000000003030000-0x0000000003096000-memory.dmp

            Filesize

            408KB

            Download

          • memory/3096-143-0x0000000000400000-0x0000000000654000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/3096-140-0x0000000000400000-0x0000000000654000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/3312-180-0x0000000000D50000-0x0000000000DB0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3312-189-0x0000000140000000-0x0000000140135000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3312-186-0x0000000000D50000-0x0000000000DB0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3312-204-0x0000000140000000-0x0000000140135000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3312-201-0x0000000000D50000-0x0000000000DB0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3360-313-0x0000000140000000-0x00000001401ED000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3372-215-0x0000000000190000-0x00000000001F0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3372-212-0x0000000140000000-0x000000014022B000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/3372-499-0x0000000140000000-0x000000014022B000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/3372-206-0x0000000000190000-0x00000000001F0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3412-282-0x0000000000400000-0x00000000005EE000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/3516-406-0x0000000140000000-0x0000000140201000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3516-163-0x0000000000590000-0x00000000005F0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3516-157-0x0000000000590000-0x00000000005F0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3516-168-0x0000000140000000-0x0000000140201000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3708-335-0x0000000140000000-0x0000000140259000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/3772-188-0x0000000140000000-0x0000000140200000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3772-170-0x0000000000720000-0x0000000000780000-memory.dmp

            Filesize

            384KB

            Download

          • memory/3772-176-0x0000000000720000-0x0000000000780000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4068-606-0x0000000140000000-0x00000001401FC000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4068-386-0x0000000140000000-0x00000001401FC000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4276-607-0x0000000140000000-0x0000000140216000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4276-389-0x0000000140000000-0x0000000140216000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4388-258-0x0000000140000000-0x0000000140210000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4388-233-0x0000000000C80000-0x0000000000CE0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4504-219-0x0000000002200000-0x0000000002260000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4504-228-0x0000000002200000-0x0000000002260000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4504-225-0x0000000002200000-0x0000000002260000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4504-231-0x0000000140000000-0x0000000140221000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4892-410-0x0000000140000000-0x0000000140179000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/4892-617-0x0000000140000000-0x0000000140179000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/5096-360-0x0000000140000000-0x0000000140239000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/5116-557-0x0000000140000000-0x00000001401D7000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/5116-311-0x0000000140000000-0x00000001401D7000-memory.dmp

            Filesize

            1.8MB

            Download