Overview

overview

10

Static

static

3

Request fo...on.exe

windows7-x64

1

Request fo...on.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-05-2023 17:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Request for Quotation.exe

  • Size

    1.5MB

  • MD5

    67683d83541b578498d12ddc5828260e

  • SHA1

    679904b6c6101f399811885b42e98c4c8c564e6e

  • SHA256

    9a3e3d21954d44054b67a726ecc1c6e54a231f4accc013fa91d0830ccf134680

  • SHA512

    fb3080919598e0bedaa3b429e86f498bbbfcfb257a9c92dc9f6c197e2da9bd17328cc762bd97e7cbb770f0d6f1e8c8c05107a59f6204ce8ebc5ad4996e8e709b

  • SSDEEP

    24576:sLOOmjfJ7uGyhgAzbOQ31ubRVTkK09CDg2bCaUwFDyfCTdNuuVIF/gwqb+:sG17uGmPOQ3oNVTkhC/bCaUwpy2wuV32

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 22 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 31 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 43 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe
    "C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3992
    • C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe
      "C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1200
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        3⤵
        • Accesses Microsoft Outlook profiles
        • outlook_office_path
        • outlook_win_path
        PID:4820
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:3772
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:4816
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3368
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:844
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2796
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4144
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:4972
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:5008
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:5044
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:1908
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:2536
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:2932
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:3288
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:4532
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:2216
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:4636
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:4192
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:4324
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4204
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:1432
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4720
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1520
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:4188
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4504
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Modifies data under HKEY_USERS
          PID:2076
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
          2⤵
          • Modifies data under HKEY_USERS
          PID:4976

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
        Filesize

        2.1MB

        MD5

        478a6559a7831eb70e0ec03671944903

        SHA1

        9a636f413e653c50c0dbcbdc0955b7dd8852a3d1

        SHA256

        15e05124224809817ce409f45b3b58d0b04849d35d7643f1144515c7a621d9c0

        SHA512

        a236a139d2760efb14765ef072295a5d6fc6d3602123f4cbb241ded3a58074e1c7730f1d9b2d0ea4f6e11c771ba6a44b8fdcf922a0174ec129c5cbe417faa293

        Download Submit

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
        Filesize

        1.4MB

        MD5

        0dcb97447ff1ea187045490043209765

        SHA1

        90e6618f95d261d8788f8a045aa63e25058de78e

        SHA256

        e00092ff0a5faa853a0a24ea621ae899d7429ae10de0fef007d022bd689f199c

        SHA512

        4f6ea27c7328d5c8c0f4136ed0daad61c1f7809f9e47a1fd0a569d1fd0a2554830aa2cca7e5c6045ef8860b36ea2557c5791fded32965f1f0efa7abf38904544

        Download Submit

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
        Filesize

        1.4MB

        MD5

        0dcb97447ff1ea187045490043209765

        SHA1

        90e6618f95d261d8788f8a045aa63e25058de78e

        SHA256

        e00092ff0a5faa853a0a24ea621ae899d7429ae10de0fef007d022bd689f199c

        SHA512

        4f6ea27c7328d5c8c0f4136ed0daad61c1f7809f9e47a1fd0a569d1fd0a2554830aa2cca7e5c6045ef8860b36ea2557c5791fded32965f1f0efa7abf38904544

        Download Submit

      • C:\Program Files\7-Zip\7z.exe
        Filesize

        1.7MB

        MD5

        805b35f577a7b6d6170a55e96d22203b

        SHA1

        17c26bdcdc6137c4273f61bcb6fdca9eabf4cde4

        SHA256

        31c8658a77f343b24a67bc3d8bffd7407d6d54a0ae406030f21045986a6f61f0

        SHA512

        6dd26fd26f7ac6cc7afab139f7719a6cbed09d00570822a8871b77d3289b03392f09fc814ed10a40a6032effd440de507ed9ffd4c5f59f4025d9b1440e76e860

        Download Submit

      • C:\Program Files\7-Zip\7zFM.exe
        Filesize

        1.4MB

        MD5

        203c4e5ad7be6e253defb049f0cc11b6

        SHA1

        bcd53ea6555fbe2627e4696f34ca05bfc895949c

        SHA256

        d6369d85ec12773f2734b65198d6e9a5f6e65894247c609d02669df737d672cd

        SHA512

        07cc128312c79fae737fefb7f65a4bcd45d56f394405d3413fd8fdd71dad1d4d5897ea29b4355a36059ef0c3af179290c2fa731799b3a0cb44d8fc358b2449d6

        Download Submit

      • C:\Program Files\7-Zip\7zG.exe
        Filesize

        1.1MB

        MD5

        f9229b1824e9e265d9cb187559ac6ae7

        SHA1

        b34fc594d3c193ea8c0d905b17e01e21478c7e63

        SHA256

        7a17b6330b0ea799599284dfefe49a6f72ffbdc05274239ff0be2f632cc7fab0

        SHA512

        8a89411bd3a7a9d8097cdbc21c9bfa84fde046e3aec319c3926bcced861f6e5dd2ebe25f580a39340053bd88e6c0c6e189a59f4254fbb668afd40da01e1e51e9

        Download Submit

      • C:\Program Files\7-Zip\Uninstall.exe
        Filesize

        1.2MB

        MD5

        970252d0a5c23aafbf7119683ff6ff39

        SHA1

        e03599894bf113d9f8938d2fee14e8fa39a8973f

        SHA256

        0f8a2146fe2fa87a01f138277d5e2f0ea4cb1370c416b131273a4e0ad8e95424

        SHA512

        1256cdf3ed3f0a7bf84503a6f1636fc8f6119f9024d3f2185784ca9630ec0fefdd8af994148a8b09590b1d53ba45203733f08cf95e65639495d25c0fdaabe1a7

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
        Filesize

        1.5MB

        MD5

        101f74593b5c80f4d91f39ddb8159434

        SHA1

        7676bc69f13fd5450af307bc4ff9f54df2ff4e3f

        SHA256

        63e4f2c043d22e54285f42f48a2e4978188eda8df27b4d6953b592d79a13b571

        SHA512

        fc0ce391c30a2c96670eb3bbabfc0760e9fa5b54b16700ef2624f75be4d20160575a0d13ea4f8f2d60280f0c7231a61cc38f39f331c68ec0f7d7e7a3ad123e45

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
        Filesize

        2.9MB

        MD5

        907321283e421750cd4534a4b21f1ed5

        SHA1

        541b3dcf7dd3b0ea03cd4cd7f177f7d28ee3dcee

        SHA256

        62e6f5f23cfb78735865cb62410ac029e59b8ef1661e47a7367996a35c69f7a4

        SHA512

        6b56f9d38bc45a527fdb0154cc237347406b4136351d31066e2fdb7d6dbbc924ca9a6521e04428852063b3474ac2eaad407fa38185814d9ac6ca2cd55b1fdb36

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
        Filesize

        1.6MB

        MD5

        5799ffb416867da6f086a92e8e513a4e

        SHA1

        ef680fb4f800788682ae92428435cfcb269883af

        SHA256

        41141033e43ce4dbdb359ca917be56947d676dd3ed7ee616c4e11225cebc9be9

        SHA512

        75c41763336c21b796dfade7168fc2599a39ac3521e867e4a8013f9156a8ca7c308e65890723154a8c9bd54595fef589546976cfcf8eb525581b9bbe81f0833c

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
        Filesize

        2.6MB

        MD5

        213d511e2f631cdc303db962f96161b2

        SHA1

        2a8519d0c6f87d73ea9251ba30743810af103584

        SHA256

        09071d6743c9d3d85063ef9c546a19fa569b43b48c53a2e6d3f03874743bf613

        SHA512

        b4e43bbffa1a55d94d5851ed9f037961d0888ef40fdb0c5577895a5965b26da6a3f44865b564ccfc21d50f5e19b6f08d8c319bb99f63d429fbe1620b10f341e5

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
        Filesize

        2.7MB

        MD5

        c876403dd8c873f5a717510d8c8da740

        SHA1

        41f8fa86e32aba932346f2b6d3f93b3e5b46454f

        SHA256

        692d6f9df1b8739278ee533a6d3ab5a693b3da74601baf404972201378d29ac0

        SHA512

        58dc4b2c44bf724ff43e3fb202b4b51939a0f3a3069e062e99596eb4286979745e5d1b58871d244ff333150fdf46666ecb9ee714196041ad3309c6c1111549c8

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
        Filesize

        1.5MB

        MD5

        7c3c03286216ff130c814b4ff6b1c35d

        SHA1

        53257eed7090b0c55b1b511819ed07d0f7a82d6f

        SHA256

        187b6bf143e17b9c172fa63dc345d497d82196c8418f9e2f9ca84388fbd278d2

        SHA512

        834663404ffe526a18d7b3a56dc898c1aa226d0a8ffdfc9836704e20d0d93a8cda8f7f9e851d58b0bf6730e0626e60b2a1c359b55abf7a5589236ccb6dae9961

        Download Submit

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
        Filesize

        2.1MB

        MD5

        ccf4232437a8b7458f0a5db8d3376d7f

        SHA1

        0a060a3840099ca1cd8599072a7c44a0633b4925

        SHA256

        e412d51f6c10a39bf49f164e4e54859ec8f1af8eaa2f4583b3ff2209654fdef1

        SHA512

        272bd94d4869c187809ac67a306cb7a817a24f3c86fcbef32fee3be77abbc14a4f39bf465b04645fdabf197aa59611e73cb3d6db2291a0d71c6146beced76ff4

        Download Submit

      • C:\Program Files\Windows Media Player\wmpnetwk.exe
        Filesize

        1.5MB

        MD5

        59fd6d2bc7fa683e6c2ababcde15d51c

        SHA1

        19550c19683d4e3d5294fca7a06d8a92c9acfd96

        SHA256

        db787fe19245896f059e3bb41286f90a4c9f8a4c904246919cc61797781d4409

        SHA512

        9d505e54d7479073443a5426a3ae27a6d6fc8254c73fa6ce3a72ba85104dc07ccc3d6e9175c968322c11e7e192b1ebf760cf0bf9416c20caf3ae6b2a88af512b

        Download Submit

      • C:\Windows\SysWOW64\perfhost.exe
        Filesize

        1.2MB

        MD5

        2a904b4a2da233ae068a5a9c608ed76d

        SHA1

        f2b4af4ea3dae6f50906e7dcb6116614330b82f7

        SHA256

        807fcb8051a118ba17f8d4f91b981015c7fe083919380bc8c6e7a555c8e0a701

        SHA512

        dbf29f8a5ded29a08192c9e0f3f73e2e3913efe5f91f4d9378f39a650f91f9787c1b0c19044caa17dcca38408f8c4282f6946e0ac8ab561d5b6594a8baf5a5af

        Download Submit

      • C:\Windows\System32\AgentService.exe
        Filesize

        1.7MB

        MD5

        ec37eeee0a3c63c160d4acead02b12d7

        SHA1

        9ae4eb35b647413a8ea41af862e33205ae0c3967

        SHA256

        dfd3f5d49b8c39b4e689b0315df6e0d25acec5ca7b0c71ec187aef48dc460ad9

        SHA512

        381f66a9c0b251a6333f032d2a18cb193abda4213daff59e2b38f2ee491b362677d399c262ae48fbb9768c02c89d022fbacfa634cd98672fec735b45f44c8c87

        Download Submit

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
        Filesize

        1.3MB

        MD5

        0ed4107f9125f0ccac0084278b122659

        SHA1

        92e87c9ed4a82023de9aae16b65f7de785a0c841

        SHA256

        9f6d3603d75119fc76bff8b13774147f17536bca4f1499866d7ed017c6300eca

        SHA512

        ed0b603645157170bce298e10b9cf16bc91e6f02c8513a9d6a3cab49b1ffe8ffc3d6517e631b000011c09c2ec50d0ee39169554c16ce1db1e1a94613fe1c9d04

        Download Submit

      • C:\Windows\System32\FXSSVC.exe
        Filesize

        1.2MB

        MD5

        e52d6de8299fd9145299cb78d3d44246

        SHA1

        fb229a1d775f7ffd548c04a2260bc2f59df829aa

        SHA256

        ff43dc4688bde3045de1962512fefd7cd803c5dff0266f049b47b3fe38a87f1e

        SHA512

        2d4fffaaacb6c3ae7fe06a24f49ef5478ba84f443f1702ee34e478aeb35b1d10349bf53ba5b3e01492e4fc937b5efbe76de63d6f7f4d1b6ee9501c77773eb173

        Download Submit

      • C:\Windows\System32\Locator.exe
        Filesize

        1.2MB

        MD5

        5dcab06e98d70d7d5ab3118e07e29f0b

        SHA1

        05c89ae76be609683a757c73153431874af7e500

        SHA256

        93aad4249dc912574f6a7d98adeb88e918695e53e1857a76fea2e621d46ba282

        SHA512

        741c547b28b61b188e5a1026a27208fcd2fb0b3fdbcd02f661846208fa6a5f46e2bc4e0689a26c94dc15c2b3e93e4c5686ca8cfe75a0c2dee90bce5d497df546

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        b2ab1c16666df92d7d41b43951bbe6fd

        SHA1

        93ba29a8c132736ac1ae3bcc4a639d0fa51d9047

        SHA256

        cc9922df5d8e14d163cb3e897c6e8bc478dba3bbf5222e20267c27704b1bbec1

        SHA512

        8818a274c922a8eb12927fb271ace446bdda191048b177444d1c46c98dd56496c37407158f26f5a72678f821be84c5e049bb2e96a894c463fdaaeca5730f988e

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        b2ab1c16666df92d7d41b43951bbe6fd

        SHA1

        93ba29a8c132736ac1ae3bcc4a639d0fa51d9047

        SHA256

        cc9922df5d8e14d163cb3e897c6e8bc478dba3bbf5222e20267c27704b1bbec1

        SHA512

        8818a274c922a8eb12927fb271ace446bdda191048b177444d1c46c98dd56496c37407158f26f5a72678f821be84c5e049bb2e96a894c463fdaaeca5730f988e

        Download Submit

      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
        Filesize

        1.3MB

        MD5

        db23f24dfb716c52a9a9bc007e0db327

        SHA1

        51b8caf8deda72091b894de6acd127bb7ae6bc3c

        SHA256

        8e84897be8b3371744deed96517c84bf40601504644824d21eeee2055076d600

        SHA512

        2ee6ebef4b64b82f533ce4ba95fb71c3c162a45e1f3e955fdb952942627df65e7a77e45fc56024062caf3afc2668b3c5d0489479e708cd0ebb8a605614f71ed0

        Download Submit

      • C:\Windows\System32\SearchIndexer.exe
        Filesize

        1.4MB

        MD5

        2dceab5e1bd322bd10a51cc56554094f

        SHA1

        ba7d238655fb2e6e10b6924264afc752be735bb5

        SHA256

        1040dcc5aba49665624fa89da80fe3527ef474938a887313a5a22287bd7b39a5

        SHA512

        9e6cf6fe07a65cd93500d7735f955b46de61c07dfd9e429f1291582c28b223d5ddbd0120221efd570677c561be68378e66e4986bc7f32e73ca950da452ec4ebf

        Download Submit

      • C:\Windows\System32\SensorDataService.exe
        Filesize

        1.8MB

        MD5

        1944c67753a70004e29679e95f38d211

        SHA1

        eaa357743ce2b03ebdfae94d97af3ef485a03938

        SHA256

        52626ae173c7498d1905384efd01ce05b338d2c829a787019d0038d8e2f25f6a

        SHA512

        d4838fe5f6b7311ccffadd2d0c4bbe902cdb81104291f2f89a69a669934cd07f768d8e71652a6a059fc97467d96b37360f08706c0c6261b1e910a173a8eed608

        Download Submit

      • C:\Windows\System32\SensorDataService.exe
        Filesize

        1.8MB

        MD5

        1944c67753a70004e29679e95f38d211

        SHA1

        eaa357743ce2b03ebdfae94d97af3ef485a03938

        SHA256

        52626ae173c7498d1905384efd01ce05b338d2c829a787019d0038d8e2f25f6a

        SHA512

        d4838fe5f6b7311ccffadd2d0c4bbe902cdb81104291f2f89a69a669934cd07f768d8e71652a6a059fc97467d96b37360f08706c0c6261b1e910a173a8eed608

        Download Submit

      • C:\Windows\System32\Spectrum.exe
        Filesize

        1.4MB

        MD5

        e2baf06a408cbc94d1e50ad4d80555ea

        SHA1

        8baab3a773d4c1bbc1b01511ec3bda1348655488

        SHA256

        809651ad6f98e88be259f919280932cfd9213ab24f2e0639683840f8f0a10d6d

        SHA512

        59a6a928254cc38f0de96fdcb01af27413992576cf9d55c74b2e4336a9137936989a6cece4d93d69dd238bb022cc4cd387279a9a931cf742545d7283e550adc3

        Download Submit

      • C:\Windows\System32\TieringEngineService.exe
        Filesize

        1.5MB

        MD5

        381e27323854065cba5a49c42a241e4b

        SHA1

        f22f63877e36016335e1a9d188b95da2b1864ae5

        SHA256

        426a70404de75e8dbdc315ec79e05910eb8c86a0331348fc8513a48ea5b90b14

        SHA512

        9351a51f976467a35a0fda44a36cb196a68645d56f26c0a25d37ca4b85d4b194a63549fa94c8af831aeddd4ca8d299a45de8eecd307a2753636d99da6c7b31df

        Download Submit

      • C:\Windows\System32\VSSVC.exe
        Filesize

        2.0MB

        MD5

        80571988b0ce98ad2f57dfdd20d94441

        SHA1

        272a3a154f3b8480d151b37ac84129a337209ff5

        SHA256

        6a28e5df0e18ac22b0ac10be3438a4729111db7280fc61661a40eb7aa5990f9d

        SHA512

        fc30ed2081500adea78dffd3439defceddb302ea69d4418a5f874ce6c7da7907fa839904cfec3d507c5aa1b58ba195bb31ee69c1bb7b243ed28ea5e9de2b527c

        Download Submit

      • C:\Windows\System32\alg.exe
        Filesize

        1.3MB

        MD5

        0febb28716426ffac235fdd4ff1e2ad2

        SHA1

        4fc3e6632c46f0bad7329cf27261e2c67f3ccb7f

        SHA256

        9b64142f81a1dedf489eee24d841d197d3d194a475fd1507b61e25d25249ff53

        SHA512

        186362b4e42bc05c05337f71eeff800c138180d24f57cfa08f06746c1abbaf29e6e143fb6007573f36d32f47b06526649dd49f0a06786e65bad78c2ea45910b1

        Download Submit

      • C:\Windows\System32\msdtc.exe
        Filesize

        1.4MB

        MD5

        4f4fe89a7c8569f1da37278d5ad62910

        SHA1

        7d0011a5aa8f749619b117d758ee7ceb4248d67c

        SHA256

        f69ab58e13379657057e8604422510d7786346d364e346105e4317cbf314ad57

        SHA512

        9ce0af4d2daaa0ed061be54f0fadcf33dea6da06f47d2e779950e727342d91f054ecc4c2f067119d38a10a7cf35aefab2fb4bc98acdd70a8322cd530f79150a4

        Download Submit

      • C:\Windows\System32\snmptrap.exe
        Filesize

        1.2MB

        MD5

        48719a23874d756d92bff2c69cd50700

        SHA1

        20e86ff91a5d6e97169842be912c1b487d12121b

        SHA256

        429239ff4b56c025e31d612d24127c32874ac4ad47823628da43e9c004c14250

        SHA512

        843b66a98db033bb2af15dfe1ddbfa85db9d708c37db159174972c201f7d928d070cab3660099ea5e49022b471de136c0c91bd71a46201730e5f8a4a61185cf9

        Download Submit

      • C:\Windows\System32\vds.exe
        Filesize

        1.3MB

        MD5

        cd1c3cad5d52979180cd0c6831d81827

        SHA1

        3529b53a212c90b49dd2a07498e36987e299c95b

        SHA256

        0d03f6e0995218df36c6ed71c7f5d1b9a184c5fdbe30574987f0c5edfb006286

        SHA512

        30ddf70c1ec46120c2241229721a32949079779b50f0eac45d53c8b263dde93601ac822bb2b681d7ece683477caf00057dae61eca7765b6cb8b950d0ed5918ed

        Download Submit

      • C:\Windows\System32\wbem\WmiApSrv.exe
        Filesize

        1.4MB

        MD5

        6e07e3a22d91c49c46c52f87aa2d669d

        SHA1

        1ed519763d47cd0818f35f15e1109a9ea0820d97

        SHA256

        2ab4fa868e7fa605d7af350e97a4017b7b6e3ea536d07c9f1d3df60c0e449350

        SHA512

        d0de7b273fc11a878e13f34dcb69fd73e69d74af2c642487ac6bfc2095a61ecb18854933084429937a723f3aefdf5db6ab240f855f616f904fe4c60e7322cef4

        Download Submit

      • C:\Windows\System32\wbengine.exe
        Filesize

        2.1MB

        MD5

        96bc7bab7b23f66ca39545062896957a

        SHA1

        df72adf67bc6a2e0c099acfa67b91405a76ec417

        SHA256

        082d8fba34b8d89f4842e3168538d3a28899b2e3d38815f51ec4c5c7e07c40c4

        SHA512

        3296054463e6845ae96a2699ae4eae631dae8650bf0082e074c850dd85b74c7f7bdff49b59687598aee25363f2b3df76cdcfb00217accd4f682034661d267298

        Download Submit

      • C:\Windows\system32\AgentService.exe
        Filesize

        1.7MB

        MD5

        ec37eeee0a3c63c160d4acead02b12d7

        SHA1

        9ae4eb35b647413a8ea41af862e33205ae0c3967

        SHA256

        dfd3f5d49b8c39b4e689b0315df6e0d25acec5ca7b0c71ec187aef48dc460ad9

        SHA512

        381f66a9c0b251a6333f032d2a18cb193abda4213daff59e2b38f2ee491b362677d399c262ae48fbb9768c02c89d022fbacfa634cd98672fec735b45f44c8c87

        Download Submit

      • C:\Windows\system32\AppVClient.exe
        Filesize

        1.3MB

        MD5

        0aa9192e312e0c08a4988f7764733558

        SHA1

        cf573f8259ddf4c62daeb8914a66b7651d57ad25

        SHA256

        b2feb01e80f0885a0e90db95188809211c197aa14279e3c0b9910d242b7dce15

        SHA512

        69c68fcba1da32e925a14a81f1c4ee753238bbe3e353703ec343fccab19d4449ea97b582fa69d84008a7aec12aea504000962d3a3843817a7d5d994a0ab50c72

        Download Submit

      • C:\Windows\system32\SgrmBroker.exe
        Filesize

        1.5MB

        MD5

        fa8d0617f88dad9f95fd81d4e2cd068d

        SHA1

        e037ae6bfd3c72bbbd346da58fcc24164b362c55

        SHA256

        5d12cb7fed1b28559d63d877474339eda63158d4e25abfc37d32c0ee26f34143

        SHA512

        439514fc2fc9775d774a0b24d5c4c124c428289323b5f14f12c8b527c2fd2e935f2b27ec7b0c2fa9ac21b8fd5e3152ce0db5f80b5e15e871566bc2851eec0870

        Download Submit

      • C:\Windows\system32\fxssvc.exe
        Filesize

        1.2MB

        MD5

        e52d6de8299fd9145299cb78d3d44246

        SHA1

        fb229a1d775f7ffd548c04a2260bc2f59df829aa

        SHA256

        ff43dc4688bde3045de1962512fefd7cd803c5dff0266f049b47b3fe38a87f1e

        SHA512

        2d4fffaaacb6c3ae7fe06a24f49ef5478ba84f443f1702ee34e478aeb35b1d10349bf53ba5b3e01492e4fc937b5efbe76de63d6f7f4d1b6ee9501c77773eb173

        Download Submit

      • C:\Windows\system32\msiexec.exe
        Filesize

        1.3MB

        MD5

        ce71371c6c51a1d7e26c77bf4a4b0e19

        SHA1

        e7f557c78ca22345f266dd5d7681fa982fc21838

        SHA256

        94d074c1526c52215f53af1b5540858892a4028d88f55969cc6a34d9606d9646

        SHA512

        53213f4eaa0ffd85e9a18f313df809fba58e71f25a131a722e4ceebd0dce3f8af5fa89950cff80e4f25fec12eafa1c616a61329895bfc978d72aaca31cd4a9ca

        Download Submit

      • C:\odt\office2016setup.exe
        Filesize

        4.7MB

        MD5

        86c5cf3bd634a1360166afba0b71e8f0

        SHA1

        8cacf9ff5d1d21eaf13739d5f85f7beebb745a44

        SHA256

        2258e413e35ae886df623e5d371692a348f5aa9d2d39040547a3feec5ddde02b

        SHA512

        6b0635041bb615460f1c22a2ab558b7981b5a7e959ec16b97b00e176a9859a679a8ac31c4b0c8faac54331c3d23f7fcecf429320109b3b5866acb86f119515d9

        Download Submit

      • memory/844-194-0x0000000000D80000-0x0000000000DE0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/844-197-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/844-181-0x0000000000D80000-0x0000000000DE0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/844-187-0x0000000000D80000-0x0000000000DE0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1200-143-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1200-160-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1200-144-0x0000000003040000-0x00000000030A6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/1200-149-0x0000000003040000-0x00000000030A6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/1200-140-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1432-626-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/1432-361-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/1520-407-0x0000000140000000-0x0000000140216000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1908-518-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1908-260-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2216-320-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/2216-582-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/2536-278-0x0000000000400000-0x00000000005EE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2796-199-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/2796-406-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/2796-191-0x00000000008E0000-0x0000000000940000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2796-201-0x00000000008E0000-0x0000000000940000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2932-546-0x0000000140000000-0x00000001401EC000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2932-281-0x0000000140000000-0x00000001401EC000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/3288-299-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3288-541-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3772-164-0x00000000004A0000-0x0000000000500000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3772-359-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3772-158-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3772-156-0x00000000004A0000-0x0000000000500000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3992-135-0x0000000004D10000-0x0000000004DA2000-memory.dmp

        Filesize

        584KB

        Download

      • memory/3992-138-0x0000000004E80000-0x0000000004E90000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3992-139-0x0000000006A60000-0x0000000006AFC000-memory.dmp

        Filesize

        624KB

        Download

      • memory/3992-137-0x0000000004E80000-0x0000000004E90000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3992-136-0x0000000004DC0000-0x0000000004DCA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3992-134-0x00000000053C0000-0x0000000005964000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/3992-133-0x0000000000220000-0x000000000039C000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/4144-211-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4144-216-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4144-205-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4144-461-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4188-408-0x0000000140000000-0x000000014021D000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4188-639-0x0000000140000000-0x000000014021D000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4204-357-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4324-342-0x0000000140000000-0x0000000140239000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4324-605-0x0000000140000000-0x0000000140239000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4504-642-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/4504-462-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/4532-319-0x0000000140000000-0x00000001401ED000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4636-339-0x0000000140000000-0x0000000140259000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4720-382-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4720-627-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4816-176-0x0000000000660000-0x00000000006C0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4816-380-0x0000000140000000-0x0000000140200000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4816-177-0x0000000140000000-0x0000000140200000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4816-170-0x0000000000660000-0x00000000006C0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4820-389-0x0000000000D60000-0x0000000000DC6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/4972-215-0x0000000000CD0000-0x0000000000D30000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4972-218-0x0000000140000000-0x0000000140221000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4972-223-0x0000000000CD0000-0x0000000000D30000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4972-229-0x0000000140000000-0x0000000140221000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4972-227-0x0000000000CD0000-0x0000000000D30000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4976-774-0x000001C21D810000-0x000001C21D820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-607-0x000001C21CF60000-0x000001C21CF70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-794-0x000001C21D810000-0x000001C21D820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-795-0x000001C21D810000-0x000001C21D820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-776-0x000001C21D810000-0x000001C21D820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-775-0x000001C21D810000-0x000001C21D820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-777-0x000001C21D810000-0x000001C21D820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-773-0x000001C21D810000-0x000001C21D820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-772-0x000001C21D810000-0x000001C21D820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-665-0x000001C21D4F0000-0x000001C21D500000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-609-0x000001C21CF60000-0x000001C21CF70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-664-0x000001C21D4F0000-0x000001C21D500000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-771-0x000001C21D810000-0x000001C21D820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-770-0x000001C21CF60000-0x000001C21CF70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-705-0x000001C21D810000-0x000001C21D820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-704-0x000001C21D810000-0x000001C21D820000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-703-0x000001C21D4F0000-0x000001C21D500000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4976-666-0x000001C21D4F0000-0x000001C21D500000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5008-481-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/5008-231-0x0000000000CB0000-0x0000000000D10000-memory.dmp

        Filesize

        384KB

        Download

      • memory/5008-236-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/5044-257-0x0000000140000000-0x0000000140226000-memory.dmp

        Filesize

        2.1MB

        Download