b20aa75eb5bc6f3be0722e925ba62e9e229c7a35c83063c7eacb3c7f98baea91

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2023, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67d31412a1449cexeexeexeex.exe
Size

7.8MB
MD5

67d31412a1449c15c61a49e751f7e4c2
SHA1

14236b09262327b9a8d35a499f06f29fdfd3b92b
SHA256

b20aa75eb5bc6f3be0722e925ba62e9e229c7a35c83063c7eacb3c7f98baea91
SHA512

7f9c8c51bd0867b9d61ea3e97ba57134eab460338e2660aae1cdeb597cd59dc26954f01afd5f4aceef574aee9602826917d0876086e7b453b8215bf49c145175
SSDEEP

98304:oz16s9EwkidrwQwPdz9u/ZZmDZJErNXQbZT7wIX0RFbH:oz16gBrd3gu/XmDZiN0ty

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 15 IoCs

pid	Process
2424	alg.exe
4440	DiagnosticsHub.StandardCollector.Service.exe
1788	fxssvc.exe
4916	elevation_service.exe
3176	elevation_service.exe
5056	maintenanceservice.exe
4372	msdtc.exe
4592	OSE.EXE
1364	PerceptionSimulationService.exe
2956	perfhost.exe
548	locator.exe
3740	SensorDataService.exe
216	snmptrap.exe
4616	spectrum.exe
4772	ssh-agent.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops file in System32 directory 28 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\fb14649eac07e206.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\msiexec.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\locator.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\System32\msdtc.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\serialver.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	67d31412a1449cexeexeexeex.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	67d31412a1449cexeexeexeex.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\67d31412a1449cexeexeexeex.exe = "11001"	67d31412a1449cexeexeexeex.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4440	DiagnosticsHub.StandardCollector.Service.exe
4440	DiagnosticsHub.StandardCollector.Service.exe
4440	DiagnosticsHub.StandardCollector.Service.exe
4440	DiagnosticsHub.StandardCollector.Service.exe
4440	DiagnosticsHub.StandardCollector.Service.exe
4440	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1196	67d31412a1449cexeexeexeex.exe
Token: SeAuditPrivilege	1788	fxssvc.exe
Token: SeDebugPrivilege	2424	alg.exe
Token: SeDebugPrivilege	2424	alg.exe
Token: SeDebugPrivilege	2424	alg.exe
Token: SeDebugPrivilege	4440	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\67d31412a1449cexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\67d31412a1449cexeexeexeex.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
PID:1196

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2424

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4440

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4428

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3176

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:5056

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4372

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4592

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1364

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:2956

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:548

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3740

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:216

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4616

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:4772

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4648

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
fecf6fa99494ef5de32ab9f690adeace

SHA1
f8bcc3fa086f6f43353fd9cfa7642ebd20590517

SHA256
06ad239b4086c526c88706bdbe1ac52cb3a6ffacedacffdd4a96b511d88f5a1a

SHA512
bc64e351aebc6547b08e8723daf76036990d4de8a426eb596bba4f7c05c9c25b029b86ab50f1e72ed318949ecff000cd9f99a93c0811bdc3c6f2012a4dc16261

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
a20ecf3181ac223c35df25651f687395

SHA1
c5b48113b63600e9df08ede52fa7cb30f97e2ca7

SHA256
a0fc345cf437a1a452fe3d62e34e4da95ec7698f8a50cbae499e3fa66498bfae

SHA512
29e0331978bb19b1abeeb5b391a8e317a4b203ee5db70437e368c759cd301c0e5ed2c62d1e669772af626351d838f4bc5edf101fa46b945b80a3a457f21e0f35

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
a20ecf3181ac223c35df25651f687395

SHA1
c5b48113b63600e9df08ede52fa7cb30f97e2ca7

SHA256
a0fc345cf437a1a452fe3d62e34e4da95ec7698f8a50cbae499e3fa66498bfae

SHA512
29e0331978bb19b1abeeb5b391a8e317a4b203ee5db70437e368c759cd301c0e5ed2c62d1e669772af626351d838f4bc5edf101fa46b945b80a3a457f21e0f35

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.0MB

MD5
efdc6c4428fd465e513f5e2ffcff216a

SHA1
86c0438d0fc17edaedff8ff3d72e9357db1ba225

SHA256
c9ba55c05166fe5541747ef59313258aa2686e70e1f7200191a29c7ba507243f

SHA512
12acc3c62cac43b958ab6f5e4b41191df585061459f7c9f77f7005ec5a9e56707ec483d56c4364e50e0f20179e73790846f041a47ff06eca1dc23e6c82513f6d

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.4MB

MD5
bcdc3abb906f891e80788a10f8b79a18

SHA1
34c0a838ef44fdaeb4bc3cf575458c923a8b5723

SHA256
ee7f68d150fa831d9ba44850c8d6a82306e5ef715ba1904a153be66d4690f3db

SHA512
d7922787971422d21f0c67a37990770e414a2ab62033570dc23ed479b6ca848ce174944e1c7a6d8f14c867b60c0d2d257f9d48de05a219b2d60ed65d43c02d1a

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.1MB

MD5
1527da47330c2991705630b6e632c449

SHA1
035c4099f465360b7484558fe68ca4f414255f93

SHA256
72e038872ee3fe2e5b7b95a75f36b1d4ff49d8dac26f9bed029ad6398d641837

SHA512
4eeb2f952f11cbed4572ea5d6ebdd598573cab0ebc754baa8524fb2a10d02da3db47413fc39dc9974461b7df08db392ce87e9373401b30c8562661c43cb69ed3

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
583KB

MD5
7af3086b6e3b228938df7266405defa9

SHA1
90c4a657d813e82d342b448f1045c6dd2d2d3f1a

SHA256
66cb55603af9766e9a5655ee51f37968522075ca1b3f314fe9b24d4b41f66fbb

SHA512
de7c608c3d5b044b3adc142fc720ff89a2fd9de7d9212258cfd5a0d7f027194583f9e28ea0ba8e88734d1969c0de0578a1d1d120b09f17b49dd0542559787c6b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
860179e18adbb1839c6582d303ee3bda

SHA1
0aefca756360e4647d408dabe8f3e6d05451d3e2

SHA256
9dc5669320a3024252d0cce57926877d2886f436f7aa5591dab78fce87fe83e7

SHA512
ad962f55bb0aa4e817a7ede7adee3a2b6beeb4b5778887a7141f96ac367c513b33b2197ee26b666519272c9a04a0b959d1e5212ee9736687ce46f1317bb1a01b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
a460a0bd3f68dc00e53382cc6a9632e6

SHA1
cbb6fce80dd20cf81f7bfc684e7d3ebc85b05f9d

SHA256
56c68b36907ceb3e797a47519d581065d1f1ff33fb78b3883c1c21e6587062a9

SHA512
71373d89d998dcf249c5fd4b17f047ccec61082c24c59794dc5ea0e97730eeedeaa69f147b95bec1fc64d3047c43f1600fe0232ae5a262f81e0f52820323966f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
549fd448a54a0a48a710c8ab3f494719

SHA1
1c972963d0238b5add702d119549451bff805cb5

SHA256
710c6feafa820f0866c23e6aaccf805d156fe16d3d0a9ff04de671d87ab428cc

SHA512
5b7bb0caef1b40a479a498f2d6495bc79a20cb3e21db816ebf2c93c18699d9203e47823cd6e2ed823c8c878e6a7221783c725bbd343eec1d48493a8bef102ef9

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
0a34e1cc91457bf93e2f75e0646d2e3d

SHA1
62f8d1bf43aff9cf37cf71cba3b7a4bce67232ac

SHA256
83ff489ec568e2f0465882152f5fa4219e310c6ad54feaf8df577e65d15ea355

SHA512
ceeb2e9437622e7ba76d5dca86940672df0dfb130ed5aa9eebff1637cefa1796ca17af2fe48ef63b4d8f50ed2b99ecb860402c05ff881af6a3fc82553098d287

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
c15fd287132b41a9a23a36bee674167f

SHA1
362567d3faadd2c2089b7c0f1f1329bdfc738a55

SHA256
5f2885b4632cb3bfe13463008ca1816accb4c5a805adf139540a09d138befcbd

SHA512
6cbc2660af8f5b7a59e312affa974ab388a7c9262a945e19f4d1f6c19a12554e0d599a230a8bdcfc111e9656af1c654a68667cd885bce83611f2c83faa1c7482

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
088345ce6da235d58d1b69a474895674

SHA1
4f3ffe2f6ffcf2e526cfbeefa69a65c030195810

SHA256
481efeae69782ba529535578af09a8bceed876b553444c638c1ab15c3fa50673

SHA512
b2b15777f4e1c7dde1dab034b776756079b05c3515226718a35116751b411deb457d27ec919dd01be25b3f20cfcd9a5c471993d05e46d9842bfd8a8c0157b0c2

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
21ddcde3bd726b1d9a8c7a0b0540460a

SHA1
a6556c429a31bdacfec3e3132f985a32b5d1e04b

SHA256
768088082fa0b5b119ec988dfc4094df9acd66e05eb785eb68365880ddf3a69a

SHA512
0d84f566f27815560d0891cc64a723b7e28282f7772400b0b5474fc49a4198b082200c4c933b590f4fbfb70fdb75d22af20135749396ece0e671b21b459ffdf3

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
c8d7be9f8ec159a77e57bfbf2aaa8553

SHA1
2f31bd9479962242908e37c0209c3851cec2c556

SHA256
3021aa4b72524de2259f546879c3b269cccb18751b45edd7a1e68ee029785cca

SHA512
1c01ab81a4dd03328b6aed79bc083a25369b25819c464ecc7d215ddad4b73559fc9fa69602df62d7d875f913e9c363a8a75bc09a72b127b16d0cfd52f429d312

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
1dd5705bf572818ff710e984d76b284f

SHA1
b40093aff05e897615f5b8b30336fb9922956fbe

SHA256
2a5c90bdf696582b36c38ac27fcabf03715bca863bcd6649d86a49bf95348a8b

SHA512
4639935dadc56686a319e294bb387de9e75747347b03108017d231832817cbbb2329f5e868a3a0b723dd73f489f39ac16134e427912f84d2ca65bca0257594a4

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
f20c97e20f6260eddc53c070a3e36303

SHA1
f2e71574551951cedcfb184637897f56e9e31bae

SHA256
0874ffd149e9daf4fc5cc47cd668fda2d8a019453f81ae617fbf410c449005c0

SHA512
ec1087715b8d8e3afffec68522fc98cdb1ed5fb2cf022b84261618c7fdeb9ef9799df24d191d473d808a59a2033f53c1ffbab5debbc5d11c14d413b14fe9efbb

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
69a6225e96ec48ab74721df7f84a9155

SHA1
aaeed7d4f7793dd689ca401c3a7c1b05eb2ee420

SHA256
d60af5e045698949b91fe2c19702f79b3288e43d71672fd79232dfd36033ce66

SHA512
b4b558adb866170d28200e81c839f54374e7d7174f0fe35e40e0c83e7438badc447864e29f438b4a2eac89e262a1445b3b2cb2ea894009251a91efd5b05ebcf8

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
52c59441ee18aecaeaf2b823ee3a41d6

SHA1
67beea56deaa1151afd8ef97ce3da288a2d74742

SHA256
cafafedea59e5ba68984214bd74e289bb13e05a5b5d0a7c7a6df08edb9b1eafe

SHA512
3c6a3274c5c8fcb38e92e68b9d59bf3a06cb266fd39bba4e9dbd4c02bee270d87f20f85d05a145c405ff66b144d491770ae77f5397c1d793ad306137e6ffabef

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
aafcecc961a5e351f1abee02e97678e6

SHA1
566bdf37410f1b5227876812560d061ee44674ce

SHA256
8afcf310818a196f1bdff46e06d99d70b62b17f1c417cd0c98deef2b6339d916

SHA512
ea8308eaa296ad2c76f89260a53dbdde596746aed8640877ff2b40e3d3848e1fb111e18b8c6ec083171ab22d67a334eb05344d5b015edb06004fa7bd2766fb87

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
288ca95a62a6f681c20d0fa121857313

SHA1
dd9fe68720e248c55384be4a0d3839d4869aa7aa

SHA256
282261fb0baa7e6b25cf24f6a7c290e31359d72ce34f5766f2654e6ea3f84f40

SHA512
0760f434136d3661c88724b114e0f30b5a8924875bee6f32950abeefa4dc23b6fb40c5dd4e5861c9c11bf303484ffbb08d50f64fd1ce1a2945102c26eafb7445

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe

Filesize
577KB

MD5
1219d3eeba21370502876a900db482eb

SHA1
0807dcb29858f22a774106cf5ea345b39359e910

SHA256
46d98f8345c2a974d17352dc7953cc33b0d6b2326f43d53382cb653fcd787836

SHA512
168ff18f94dc05c642a8fd23ea8531f0b3f4a29bda49d64e64f17454e7d826d60f2cdcc31d860235951b2988c3181bd775a2852ec5c41e2b0be954c88fa448e5

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe

Filesize
577KB

MD5
ec7410a856fb23387d2ccb36fe414c04

SHA1
95e3f66184b2bd92537d23a69f5dd4a0c0b6f360

SHA256
c4eff157e5768ed3dea645b507144ea6726cd441259bf45c266fd51b5d0f3f70

SHA512
f8f68b5eb2d29972f3133e357b534947245f98352d918e85e663cd76b039223558b757784e4c2c26bc529da2b5c29823695ad997f31c8a974265b8478f7608c8

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe

Filesize
577KB

MD5
0ae5544a779b68d3460c52f031cfde37

SHA1
0e67f65478ca57d95a655ae62ea1c0b7a5864801

SHA256
9cc48e8ed3322172366ea1199437dc05bc53860853ee119307bd457c366d8b51

SHA512
73d18bd00a706a34fab6073020a3aad6f44b34793be53ac188abc62593650a7036b58f6daf39d17babc83c3f70cf9cd7fe5be9af73306024a9052b6208fec844

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe

Filesize
595KB

MD5
9cb3021958c683d7da6d7e078d2edc56

SHA1
803476a318d65fe6298fc7d2af7c84c303f80bd4

SHA256
6665f50475dc2f297a54489abf98c625d5dfc3e7d5f3e239bef15c797627c942

SHA512
0bea2f6613ca4e01b50adf1b2f9ccc8a75885e0a32dd02bdad78083bbf8a0f69472100d37f038979cb0d74ba00a71ca44df4ea4cea97a6ae08a11a23ea110495

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jar.exe

Filesize
577KB

MD5
4f345bcb68b778678e65ead0012b8169

SHA1
9f49cc7eedb4350cab888d7d399349b7e0d1521e

SHA256
e387a4029bdd7db29f40aa82621cc8afa0813b11816d7dc4e2222b28e8720f93

SHA512
6cf7815c33be88148b0d5bb1d4218338549a0b64cc68e38e778a96bbff8f350c545a84fdf45d2ce8063c473ebbf8e629a96989edb9529770015e6cf1cc49f3af

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe

Filesize
577KB

MD5
bca2c580c4628805792f8ff9fd0b9d77

SHA1
763314c55705da79ce55b3b63f94fff34f34e334

SHA256
2fdd3f15f97f6221a87e9a25f1364b5088f6ffc420a672b58eba747699b5b3a4

SHA512
9ecd121e7ecece346aac65d3369627053787c431c33900049d9240834e76ae0e3a2fb5f58307012c850db61842ce6b9553f32b0cf451bfaed6676a57a3909bc7

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe

Filesize
577KB

MD5
86a44eb3c095439a3f280b61f1d7722a

SHA1
72ff0751a04a49f18839a30eb73cc7f5bffba844

SHA256
9b6f6f90bfd7c6f47e530c070605faceca32b783405ad5fcad85dbaf8064eea6

SHA512
c2f2779fbeb0874b2c6464851a8d86cf258e91c68d04b2eb72e593781551644998dae5d8a5fa5129fd0c64b758319a17430f5b8d0fcd7e8a992f3fc5cbaa3c6e

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\java.exe

Filesize
762KB

MD5
5735c487734bb05a91253205fb1a3b05

SHA1
882388fcf347e89ffa9c2972e6375338761320b0

SHA256
7b516b185e484266ed0227c1422ef8ae69c92e4ce87adacc72f2e8cc29ec2e84

SHA512
cb836713e2fae70941d3ef41f2a38f1bcb52070f3a92df64cee87fbf4ab6ced06f404bb4170f2d1ba383fc16fe61ab4b4b5103a9b5b3106c2f07fb0f5b7b8579

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe

Filesize
577KB

MD5
ee2e2e42e45409998d6db5d49ee61aa2

SHA1
590c7fc20104e88c57e0ca520462a2ef1a63f962

SHA256
1a1031a595f93653129619981c6faeeac63d8ef46d5a2dfd34b19d68f32320e0

SHA512
e4eecd969d8435292d933fa72e79793e8a96371d7d4489b09c375cc8e135c3bfb6075fbab2c38266e0df720042b245a2094f5ed9110b742275251960ce54bdaa

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe

Filesize
577KB

MD5
7e9283d2b52859bd8451b265fab32473

SHA1
d7bb93ffae6eb142578493848dbba8bba40e27f4

SHA256
a8353130376a778831ff6f6aa1ed4ae01f238a6f3bad03f9f88cb0347901bb56

SHA512
490865a80b82ca973aff8e2cefebd8cdbdaff3688daf50a2cfa5471e2768a4148587b0c65023443709fd115d7f21a6f1d1c32bf4487cb5b56d228e0ccfa6a2bc

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe

Filesize
690KB

MD5
debe0b39394a814ed8e507b217f2d495

SHA1
5c07b5af724fa873abc13047deb21b5172fef6f8

SHA256
0666237a0625c733a406a700e9f060734bc0cc5325ffdeb582d691bd2a9b5e57

SHA512
b58aebee90a2abb0729b907313ceb158b2454080e2f1db8e21b72cee20ff40aa848ed75ecb961b7c0f112fd45f3551e7c7b3615d78fb3e3f993acf1697d41ddc

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe

Filesize
577KB

MD5
747ced56ea034c52c0a4ff2b3765f61b

SHA1
20e8edbfe3465cea1e662fefd092a99b830e9419

SHA256
90739056765d818516e41d813d7ed0f13bdf8d9a41a9b91a3b44e8b7cee80a9a

SHA512
c97394aa9235bf41491645853910961c58c526e9395e7dd94abf605b713a8ff1ebc3c380e324152cb8813d7dec02383b1e403c741369e68254f4a36d418e8784

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe

Filesize
577KB

MD5
92d68bbe97c8e87ff8c8c564009c56eb

SHA1
76f8962949c2b23ecf2a4dec3daed6fd5a8d77fb

SHA256
87f4914ed4f0fb3a3f6827905166895366ec5a387adf19e0c1e9f24633c89cfe

SHA512
5c9f34ea873083bb5535bef2319fd54ab5b6dbb2203ca875863f968c6be99031f6630bcac0c5d2dba6df47bcec24e7166e221be5f844f8c4a12fa39067cac2df

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe

Filesize
690KB

MD5
3a0643b054b76650ba437d3cc228e225

SHA1
3a35adb73b5b1c4e7866ff7921ff516efa9bb037

SHA256
ac9baf4511b47cbb6d130e9e090e350f196f083246767e0239398da4fb4b5bdf

SHA512
fa2243237c9d43b0cb996df8337ee935fc2da42b3c40bdae3fc559b6b4cc388138b67a2f342c4253630b6d1ac20ea65091667607c42ba319a224d6689be2ca2b

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe

Filesize
762KB

MD5
7b8569c20ba61b33e721e8a1b5229998

SHA1
1d2d0ea590f131be4d88202adfe7f722a2006a7f

SHA256
a8f3f6a521cea92657f35e55113c23423029ef685e818b5ace523445b6d94ee7

SHA512
385d0fc389a8ffed0c8276b094ec52b14f7c1a0c5b16daaef06a127a0b4fb06053afb4096df7d1130b44d598f9fa6468ef9b4e6e91c3baa4c37b00840a733348

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe

Filesize
878KB

MD5
00692bae91f55a49b888437e55bee38d

SHA1
3ed8c60798e3f272b149c72f29cffde7c816cd16

SHA256
3522bd4955b2afde0b8fb436ddc1e6bce4a006a4f51ffe5b8c68ef3c61133070

SHA512
2d58f08413ca9f177ac23e4471d2462f4bb2a3c7a8bf02e76ae0ce029630646de442c7631167115ca6ab06fc1c3133381126dbfc51ce74d6ea93da0e5bc9acdb

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe

Filesize
577KB

MD5
a4a76efaab9d443825cecbeac4e8c9ac

SHA1
f6c82fe8355eab1c30872edf841a3b1abf51e808

SHA256
1ed2a41ca5cf3ba096f2b9006385d40318c6b3af68854c21eed3f114459ea5d0

SHA512
204aa647867b69412b8dae0192b305eace08b9644a3b227e1868308878b50ddb8edb641e84330398964748af8dfda10ef944f701f41307651bbbda36098f2368

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe

Filesize
578KB

MD5
474534940b233994c135525f9b462f68

SHA1
ad970b1094e38f7febe15fd2bb227a30a211bdf1

SHA256
2ba972e47364bc07533eebcc04991e033214506547f8cebb4d7ebbf609568a1e

SHA512
ca91ccac8f73c98bcbbebcdd63ae17991aac7476bff2ffbbc345ed6d95f802c6e7b8cf9640342408955a3900c8e58f40af748007f4ee9cc62a5f42094d60ebca

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe

Filesize
577KB

MD5
2c715094907b2d1389a972ae24826159

SHA1
4242b092fa420925d23c0b4a512c6e13cde251d9

SHA256
321d86f0d49f21a68afe0190c84c272e07e422dbaa5d5074b25e4a2a273187d2

SHA512
e2e137ea8bd074d6ce5eedd7ae9d88f5fdc0556fcc9d404927db875fc71fad5f5bd36f5acd33ab32a1cf89d23b8ff50b3289ee479783ff8909f221ea9bf6dc60

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe

Filesize
577KB

MD5
9d97d70b808918c35f36a23e6b47382a

SHA1
35cdcca0a7b6489c2bd2a9e7658a83f573d7934f

SHA256
559ff7adb32cbada227bdc33784ba6f36665d5d662aaaf6b777c817a121c9746

SHA512
13e6961b8defb06d792063e0d828604eb4a7f30116d55c47d7ab1748b22c3ef4cda3c256e2f0e4077b1b55855699dba235a7932afbb4a79501a015c9924e1f87

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe

Filesize
577KB

MD5
27ba65d6408dd1a0cf2fb81f265e3333

SHA1
866cfa38691f537d3f2be74500de24ab8b5f66ce

SHA256
263598272ef07b297437671cc2f89280c298eadf2c804a39a0deb46cd58b1647

SHA512
428445c2c8b60d2204294fdede257c4d8af10823be707d7e4ea86fe4002cff8434be8210230f82cd286b5b5896c9c30e539c641ad688d7de0c1720e3fa991119

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe

Filesize
577KB

MD5
bd9548c7683a9203d52cdcb3d9da155b

SHA1
979a1a031b5d6337c96dea2df498c1caf6906247

SHA256
ef028a33acf1fb3044b8afc3e2996caacbbdc8f15f23b128410393d59538ad82

SHA512
b8c4b408979aeb634ec18b12f6e3e4c8805ecf2f2db53648ac1a7af9d06c8099ea529220282fbe09498bdc5b855c8f2c46bbd0ba2a6c718958c9516ba08f203f

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe

Filesize
577KB

MD5
29f779e896b1224dd082c84158806ffd

SHA1
3bd2aedd660864b4e80170af59a516f05f192aea

SHA256
af64b40a5900b1a472d70d7beae091ee3cbe8a2968a486e3f72715bce9c8ffb8

SHA512
d66fda5dada50b5f4e0319a41879843685041089c30000b24f7babcc0d3bc1bb5163ec3af9dca95025366e5d7e6882a152918327caa9d173f29383789bf1f636

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jmap.exe

Filesize
577KB

MD5
d9d6501b35b98b3860561a978e1ce3ef

SHA1
459d56148e681040a524cb3d085f69e826cd3b8b

SHA256
bd1e86ddcb3465969cc4e8cfc93e643cdc74946dde40c25d9cb278f43e529307

SHA512
1323efd2f67037c6d0cbc24531aa1e716434c0523a67026316271c05f9883911d2a0cf7c0a32811e790e0c706b8e9dc6df27ac408a3f0c5038c8f2fef064e882

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe

Filesize
875KB

MD5
44f41382090c947cb04d69021742db4c

SHA1
dc396983ed175604b4dcb9d2e690f93fa1cd6827

SHA256
93edb12229daeb960c7879739b0157c8935cd6237f64760179b7e87bdd01b6c4

SHA512
ba056c7d019b615c00af84603cc69e43b741e87ff26b9b60de8e0e69a633b2a6f3c24b1e26e285914365db2796fa40fac88df97595472d207bd270262625f29d

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
0a667df69efefd8f031d55033d36dfed

SHA1
a8f837e823fb00b55cddc7c81eccb45769b2e1e9

SHA256
f2548f429e506d50639586f9a7dd51f07f8c3a582b852af787136f63bc75f7b2

SHA512
60f2344663a9fd9e805667ad071c86a2208d28986b0aa5843f706ffd18d211c371902bfc382dbe533615f6c15cc7025d3a8016c0c42abb0b7419a86552c3c19b

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
7043ea4b01fe426aa2d22ac8e76b0d81

SHA1
ae68a5c051a5b265440f9b733d3b5bbc03b1203b

SHA256
60d71e2906d8047cd7de1944cdb6e19b7e8cd73608a9072d4b29490dda43cee4

SHA512
688757eda41c255fcaaa58773347ffc8e0662891d7bea59426aa28288e7e8560a1dbc68fe1bc4166aad022833c75d9c81189d20579860d787e486ccbdba8fd5b

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
bb241c282df1ad56add88e7b56b2cda4

SHA1
215affc29114c2af5cd03cc74ef67c3a8fc8b878

SHA256
336e8516c4b2362c244891add48203a78215efce6d4aa909f3e22d9d0fd79d2d

SHA512
98f8469231f12a32ce4c54f2c9101e13d44a9b05feaa6072db7bcb24051f6d391d96b363663847ba105728a8fb11528630e6dc10002f02a2ee9d4a64e243ea60

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
fb9435b5b1766ddb614d2ecb71d506b8

SHA1
aae1081bd897f5c60dd57d3a36c2964c67399e5d

SHA256
a1636adde4e5df89d4fe71231b7d6472586d4384aabc6fa103b89d5707b83716

SHA512
e0af94688f5286d75b3f251b91ae1cfc98ebc1756f9aafc1e0f909a5eb35abe26fe1eb34fd62d971cac9b5f52f271742a7d3581add8c5839a418da9a99e3d9a8

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
3109813c3f7b08ca54303b8d0f8502ce

SHA1
489353c4be2373425602b710bda9de706934ce84

SHA256
3526d2139125973b2aadfb736070199c36a1b0c48922c433e9f07616fb681c0b

SHA512
9c6c5e8493a2c12d2f2c19e7ef43e88ed5a97cb301cc6692fbcc13c353a87c4152a77c1eebfd97172e7b3f9a574cfc95ab3cb8f68d2f95466970943566d2e879

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
3109813c3f7b08ca54303b8d0f8502ce

SHA1
489353c4be2373425602b710bda9de706934ce84

SHA256
3526d2139125973b2aadfb736070199c36a1b0c48922c433e9f07616fb681c0b

SHA512
9c6c5e8493a2c12d2f2c19e7ef43e88ed5a97cb301cc6692fbcc13c353a87c4152a77c1eebfd97172e7b3f9a574cfc95ab3cb8f68d2f95466970943566d2e879

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
3cd2b76e2ce9eb573e8d96cae4701c6c

SHA1
8b967015c0315b739d397ad4426e57729b7574d5

SHA256
56ee72c79b1ecf3e8a3b4953dfabd0c06f4fca78b880cc95ff69ce04d60f3207

SHA512
ac7ec59223acfa38f87c2d45220bb10e4135ee5266204f49ba886a8a43fee9f40233df499715d68c3a5037c9ca7cc2b726920ad4877e6f12dbcaada217470fdf

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
cc194690ec878a9afd64d4880975af89

SHA1
85c90f90b2afa5210114dc91eadbb42f1aa6d783

SHA256
58ca5137c686c45577c2be08b2bef2c752395cb75fdbcdd95658c7bb1ac914ca

SHA512
18109294e5d07a3dd1caa3402f7056ed570270f7dc4f2865b3ab4b1aec52b3ae88e3b1cd7c5883310541dfe3ed71aba4769e3b0d5616d486cbded59794a9a101

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
cc194690ec878a9afd64d4880975af89

SHA1
85c90f90b2afa5210114dc91eadbb42f1aa6d783

SHA256
58ca5137c686c45577c2be08b2bef2c752395cb75fdbcdd95658c7bb1ac914ca

SHA512
18109294e5d07a3dd1caa3402f7056ed570270f7dc4f2865b3ab4b1aec52b3ae88e3b1cd7c5883310541dfe3ed71aba4769e3b0d5616d486cbded59794a9a101

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
ee7c6ecfa651b979ca486ace14e7295c

SHA1
ea94ccec3d12a8daabbb3650dda033ef5928c06a

SHA256
2cc3ade039fabcbe07df5aac6bf70fc94fd585fcaae1b6cd5a8f1b96a995bf9b

SHA512
1670ac49344df95b90379be28dc3214bd1178635cb696e82bb57a5284b57f05cef4f5618d9774e95b6d1dc42bdb7a366b4750862f304cbd85bd4a3d57c306262

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
b2ec61f606025f1df9a024bced9b9ea1

SHA1
a35d1ad70e0b85c4a9b8328be50966bc11276fd2

SHA256
91b94281bf47d44d46266be5316c2dc17ad63d83b755e6db3f6cb3abc5040d7a

SHA512
a8936bf8b94fcfcb30b31b2be6fcc14b8428f6657228fde9dbe3fe87c1a04151ab63423422034ed66eb28073a5104a601b9a1ce5f44e3e6e3a0756cda05073cb

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
eff56be9fc6e199dd73304bfdb20570b

SHA1
8a469d14dfea4b85a3dd8b1f1c396660de4d427c

SHA256
351f69b0aab1a2579e9919c0e27fb332e28f657be95ecbae2e1649d825954b39

SHA512
03ec045e16a732e54e238b0551925a3e4d388e0ca0cca1afec4238ccef429b2b2c0ec749849ceebab23f34a64e8c8e6f59b4061bcf66e3986a60633ab4ec5685

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
4a8c769428d702b7ec8c9688ecfb8b72

SHA1
cb2bad520668c02ee1539450fff111714d07fd76

SHA256
1e5d4f226f43dba93ec55283820419c9674f671fc9a46e58ef059ec6ba1b7be9

SHA512
6c434a10344b8ad698e99d391db5141df0411d5259124f0586e77c2b6e6a4b6666192b51b224e1992ba1d0c8eeb9a641add88a34cbe589e9d9ef87332b39127a

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
adb2e18b4b4938cdfd5b4c8b394ff174

SHA1
2305d9c54235891007c6fb6bbc80e5c18d5bcc0e

SHA256
60eff4bf18aebdf4754b479ab73da527c82ac4a34f27a0a6e98c1e5ef8942f65

SHA512
5ad34860e7d545a9179fc0d65f7f16fd50fe43c8389e88a862b012d5ff35a8dc8959d8b93e7f6a372c9b4f3334947ea9aa0112c7085d03bd578c55d4cd7ac670

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
d2b7f2ae0661281bfc6f66249f6e93b5

SHA1
d2a9182cbbc984d111fb70872d4513bb86000218

SHA256
5b4efbea6bc16f1eacd8dd69013892c00e40d9905c5db4632b44799bab5a8b78

SHA512
405330f59e799f1b649e67349f6da0f357f7ce9d118ef1026e7dd06fd9921884723ec18ebe2d5e8a621d3a02e2bf02fb83b30f6983c0526040f964fc8c5bfb6e

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
1.2MB

MD5
bb241c282df1ad56add88e7b56b2cda4

SHA1
215affc29114c2af5cd03cc74ef67c3a8fc8b878

SHA256
336e8516c4b2362c244891add48203a78215efce6d4aa909f3e22d9d0fd79d2d

SHA512
98f8469231f12a32ce4c54f2c9101e13d44a9b05feaa6072db7bcb24051f6d391d96b363663847ba105728a8fb11528630e6dc10002f02a2ee9d4a64e243ea60

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
3adad40726adf600256d7695b8f00591

SHA1
a7ec111fa308bb7be5fef385894320ac260c8c2e

SHA256
e7fd129508674226f05492863935bfb75be38cd999787addf665300a6c919d82

SHA512
d54c84b85aacf6ad7dba2610f819efe79d5912bb361ee9b2900a633dda47173b304183e489f995e3f23eb51728585925dc0fa5619caa9bc99221101419d9e0ec

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
0878dfefabde0fb9505a8030a633edab

SHA1
18cb9dc4d7f312e4ed782f03fa457bd3a480e677

SHA256
58e66099505a20b96c45af91e0cd69b1d5000976995dee503388ebdc254edf3c

SHA512
71fbf344250117c9786386779c7eaefb0d120f59b950843674044d8a398bb7a366020d67b49476b8f217fe4d48a534d30cd8346d5a9918ba110b11f538e5c1b3

Download Submit
memory/216-296-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/548-291-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1196-133-0x0000000002A90000-0x0000000002AF7000-memory.dmp

Filesize
412KB

Download
memory/1196-139-0x0000000002A90000-0x0000000002AF7000-memory.dmp

Filesize
412KB

Download
memory/1196-319-0x0000000000400000-0x0000000000BDF000-memory.dmp

Filesize
7.9MB

Download
memory/1196-135-0x0000000000400000-0x0000000000BDF000-memory.dmp

Filesize
7.9MB

Download
memory/1364-258-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/1788-177-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/1788-181-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/1788-183-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1788-171-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/2424-147-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/2424-162-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2424-153-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/2956-260-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3176-201-0x0000000000190000-0x00000000001F0000-memory.dmp

Filesize
384KB

Download
memory/3176-475-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3176-220-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3176-195-0x0000000000190000-0x00000000001F0000-memory.dmp

Filesize
384KB

Download
memory/3740-294-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3740-481-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4372-221-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4372-476-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4372-219-0x00000000007C0000-0x0000000000820000-memory.dmp

Filesize
384KB

Download
memory/4440-452-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4440-159-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/4440-164-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4440-167-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/4592-257-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4616-482-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4616-299-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4772-320-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4772-485-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4916-184-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/4916-190-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/4916-192-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4916-461-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/5056-211-0x0000000002220000-0x0000000002280000-memory.dmp

Filesize
384KB

Download
memory/5056-217-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/5056-215-0x0000000002220000-0x0000000002280000-memory.dmp

Filesize
384KB

Download
memory/5056-205-0x0000000002220000-0x0000000002280000-memory.dmp

Filesize
384KB

Download