9c023bc20892ae1dbc625c44d1cbeba595fbc692decce0dcbba9f2fd873cf123

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2023 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c023bc20892ae1dbc625c44d1cbeba595fbc692decce0dcbba9f2fd873cf123.exe
Size

3.1MB
MD5

f0788aac18f187fd1072b6be371c2c3e
SHA1

5c922aebc6549ebf38b946e85cb64dbd20d0995f
SHA256

9c023bc20892ae1dbc625c44d1cbeba595fbc692decce0dcbba9f2fd873cf123
SHA512

ec5532ec9cc5118e2fecda316c43febdb3b07c3edbfda9fb8d66e1c51555452cf88b50d708d7d70f9c9f61e58e9ab751f5b6292cd0156c3328a2ea429f774466
SSDEEP

49152:Qo9x9WIopy5fysTn/k1MqS92iOW4XqOFC3E1gEU9fXDmg27RnWGj:n9x9P2XqONgLXD527BWG

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
4780	alg.exe
4544	elevation_service.exe
4172	elevation_service.exe
2676	maintenanceservice.exe
4596	OSE.EXE
5076	DiagnosticsHub.StandardCollector.Service.exe
560	fxssvc.exe
2076	msdtc.exe
3464	PerceptionSimulationService.exe
60	perfhost.exe
1448	locator.exe
468	SensorDataService.exe
3036	snmptrap.exe
1556	spectrum.exe
1944	ssh-agent.exe
3652	TieringEngineService.exe
1096	AgentService.exe
4900	vds.exe
1552	vssvc.exe
3696	wbengine.exe
5196	WmiApSrv.exe
5352	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\cde21f52bb593ded.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	9c023bc20892ae1dbc625c44d1cbeba595fbc692decce0dcbba9f2fd873cf123.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstatd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\tnameserv.exe	alg.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	elevation_service.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f60b286ae5f9d901	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c6f8146ae5f9d901	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000bfbd196ae5f9d901	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@windows.storage.dll,-21825 = "3D Objects"	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4544	elevation_service.exe
4544	elevation_service.exe
4544	elevation_service.exe
4544	elevation_service.exe
4544	elevation_service.exe
4544	elevation_service.exe
4544	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
672	Process not Found
672	Process not Found

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2244	9c023bc20892ae1dbc625c44d1cbeba595fbc692decce0dcbba9f2fd873cf123.exe
Token: SeDebugPrivilege	4780	alg.exe
Token: SeDebugPrivilege	4780	alg.exe
Token: SeDebugPrivilege	4780	alg.exe
Token: SeTakeOwnershipPrivilege	4544	elevation_service.exe
Token: SeAuditPrivilege	560	fxssvc.exe
Token: SeRestorePrivilege	3652	TieringEngineService.exe
Token: SeManageVolumePrivilege	3652	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	1096	AgentService.exe
Token: SeBackupPrivilege	1552	vssvc.exe
Token: SeRestorePrivilege	1552	vssvc.exe
Token: SeAuditPrivilege	1552	vssvc.exe
Token: SeBackupPrivilege	3696	wbengine.exe
Token: SeRestorePrivilege	3696	wbengine.exe
Token: SeSecurityPrivilege	3696	wbengine.exe
Token: SeManageVolumePrivilege	4720	svchost.exe
Token: 33	5352	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5352	SearchIndexer.exe
Token: SeDebugPrivilege	4544	elevation_service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 5352 wrote to memory of 5988	5352	SearchIndexer.exe	136
PID 5352 wrote to memory of 5988	5352	SearchIndexer.exe	136
PID 5352 wrote to memory of 6016	5352	SearchIndexer.exe	137
PID 5352 wrote to memory of 6016	5352	SearchIndexer.exe	137

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\9c023bc20892ae1dbc625c44d1cbeba595fbc692decce0dcbba9f2fd873cf123.exe
"C:\Users\Admin\AppData\Local\Temp\9c023bc20892ae1dbc625c44d1cbeba595fbc692decce0dcbba9f2fd873cf123.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2244

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4172

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2676

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4596

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:5076

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1116

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:560

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2076

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3464

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:60

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1448

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:468

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3036

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1556

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:1944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4444

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3652

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1096

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4152

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:4900

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1552

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3696

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4720

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:5196

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5352
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:5988
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 916 920 928 8192 924 900
  2⤵
  PID:6016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
626120f87b8da8872aff3a34eb2287db

SHA1
113f280eba2f9fb7f7e495ab217e3b54819c0ae8

SHA256
969911f9a12c98ceac862f35b271f6e34a9905b524946edb284111de3558a5f1

SHA512
50dd4acc3c4116730544ec5ef1bff24d40da6a298513c6dd8f782c1fb0fccbbf345fc841d36375509c62ca92756dbbb4ea8550ba25c6b505aa0e877a51df9896

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
d45dabd142be6b562d880a20431be225

SHA1
106e9fde9e0a2824f2086f1f538cca2f07574ded

SHA256
12bcbe454b0248cf290805e70fc863963309dfd40457dfa69e4b62fc2ce4ea8c

SHA512
eb82e1bcddf6f51b06b6a1add6474bec74e73a3205f18b36ce21d8677a11ce0fc59e8c2624195eb5c896d9d5cc76354139d5870d9ca2d70f569a5821439c3e32

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
d45dabd142be6b562d880a20431be225

SHA1
106e9fde9e0a2824f2086f1f538cca2f07574ded

SHA256
12bcbe454b0248cf290805e70fc863963309dfd40457dfa69e4b62fc2ce4ea8c

SHA512
eb82e1bcddf6f51b06b6a1add6474bec74e73a3205f18b36ce21d8677a11ce0fc59e8c2624195eb5c896d9d5cc76354139d5870d9ca2d70f569a5821439c3e32

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.6MB

MD5
586f4e9c338ee2e87b4d4d007624c67b

SHA1
35484079c07e3e47ba7af85eeed1d1ca214ebdbd

SHA256
7f4c801f11f60edb4e8fdd98d34a4c08659f05e584c233257e163053192b30c0

SHA512
65aac8973d3cca234404d19e3a79a15a593a4f7a5d76992e987a6100cb2e2c0cde9d38d5e643efe0ea3c089b4ac14ea91b4478c4942e702083d0616fba607db3

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.4MB

MD5
c451e1d6341071d12e2c5a33e51a6956

SHA1
f064a64575d522ae48c3f1e8600df61fe7cb653f

SHA256
b092b51dc35a530c25d8644c2ef7c05465b9c0c48ef080b8759f99f8f773a167

SHA512
8471d3593563079be426f52209990a564e990f1c3ea7c620522cdaabb25078f8e0b013838e0744b0bd8f59d33d76173ac35600c744af329c97719acd74d5e039

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.1MB

MD5
1a57a70d575d048de42ac1e920041af3

SHA1
8987b4e1ece1a0bc66fd176406a836d29cf5530a

SHA256
f7a8759fe12bb8f531eb54bc2bf01162820e663db50475b63b7f07c7d771baae

SHA512
e53cdb14104425a1583675514fe69fff441e2e14404d4f9a4325e7ba49979aeb4e5fdd4b609ac5c14c9eec572d05ff89011e5b8d3409035da0ee80d0f874d06a

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
689eecfeb3064f4018eb83eb7e74aaa1

SHA1
f04227c8af04b04059ca2fdad02c396b90536bde

SHA256
baf3f0e98425b9d990221a7af568ea04c194fa8593c0538711680fc5337303c4

SHA512
8ea3d15c208cd6f6a273a76359491d094e37dc500c9540db2c6c2467618c903cfeab75a04e5483920a90b50cbd3758e8dfa3cc8fbbd0c7312a0b377c2823b255

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
0ec6bc06d5b882bf753776629f068e71

SHA1
93eb4cb1155dc36b4c909e936a0467c9493926d3

SHA256
cc278bcb6c8bf845347522f4d389ef92b98350c0edcfe33f8403072306997626

SHA512
4dbd850eb22ccd8d6b3c6501a2985b8030f4a8cd2b9c37e07c3ee6343179377f060228b26876ff33d80b5e0bb21240a0ee56655e19928b73eb37785a9b405dbf

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
c3c4202bf0bbafa6485fe84e10bf744a

SHA1
e5cf0836e0b8d93f4f6a07bb7e14cfb5265768d2

SHA256
048481288fe45ccded7e4bc114f1d0aa1ef0cfc108b41ab022e89a4a28df4a68

SHA512
e3adf053e8c67d881cad16759f7ba0f037c2505c960201383e487027c57b876f670b4d2f05e2bdfc10fceebbd158eae15771ba6e0c2b49714942dc793264ebc4

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
bad7e31249fd2d44bf8c3f8ebea920b1

SHA1
2630886b0e92ae8b4cc6a35bda72654ed8f13bc3

SHA256
e31f2c7d33fdd377f1a3d64591b3928f60c1a8cbb68a92a7a4b2c895532c1528

SHA512
9970ae1827c22328231d66cfa1d52a5dd9b7b822da69c321a121efbc098df68dd9e0d15d6f7ab2c70c1dd383150a2b38703dc11dcb0d46a5ceed7d49cb8f134a

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
70ff7ddd421960eca7eb6632a58827c8

SHA1
b84b0b9a37d1aca135e89c1abc991ca9b5a0359b

SHA256
53c487e1ebbe3d11109f26dab8173ac4b1b6711edd4fdb07f291b7d77aab7aaf

SHA512
26a86713a5ed7334571789eefa49293dd1e8dda71e86eba5821c836f4458c783e8e245c7bc5e6cfe011863e275588d3520cb5e28f04ce816a63fd3c6035952ef

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
36842c86f68b914334c6a9324c8da2f2

SHA1
1b2e9b3027ce1e60580ae3bba60320cd1d02012a

SHA256
ba9d4e58339f02a2bdb5c6ec771d814a459e6ca52e2a8101914fdf8171adde17

SHA512
a2af465eeaae5d4e369f7e6f392134d03c5a8097b065d4da8ea2ac57965c0365ee6d6924fa50cdb6719eaa5920645fb0791c1d5631fc63b6ed07fb41a572e7a3

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
41090e80d418315b610cc673869a401b

SHA1
d9e73a49865b340784bcd395dcbb707b77ff5159

SHA256
279dd59470440696eb5947fb4f60afdf4542cc74c9732f6d84bc2a4e160ee01a

SHA512
b5b52c9549d266e3be946b9d756144cf37005d225c203cb927e5c876d9abf7413f3a6ac671cb8bcc9084d583ace8faa84b6cf7e4ea049e8fe6016126d32bd1ca

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
7c8f8ac74319b00b22d9eccbdcfea01b

SHA1
bbd25a3919c662fc40a92e6b0a2f42567e0e560d

SHA256
3c77668d4a1de5782406a0118d090bd31bb66d7b7f8615fac4b8674e69046154

SHA512
b9676a774e47a359474875be99b084194b76aeb9e7f65fed6e230daab8fe0d1b7f71b78c4319ddff0b3a2183c48809373b068a4c8b89f525282586dc1ae69254

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
f5ff7993bd3e91c0e4f41d693a1ebfad

SHA1
c56361fa37651836f05e7a27232822a12a851237

SHA256
043b2ef2a389ce7443581f7759e90a4398b861674f2341764b1747d6ba5656b8

SHA512
bd8662c72be18ccf4d718a7384fbb08b507cf838694c8320fc869eef418ce61e44626cf7a3a193250f1d3d217784ebf457ecbdd4aa430304841ceac98726bd51

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
2bf8e1c7325e968360883127916b26ee

SHA1
0246d375a9b0c8ff8fd69f6737773b52e80a49ac

SHA256
02a7428c202d0a20a642663d0c445581dcb013f453802b76a77d229f97e014bc

SHA512
f6343a4e4495e194b1a9de24393b57196eae9f7b4177a87f1484f94f4d425b7e6f857d45614fff3e45ee51add2d12e23a80d9c2110e15d3f4f386ded915eedcf

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
b54536b415706cd949f31b03ac95b811

SHA1
904d45661fd6754f3c7c6923ba77ecf3e6170b58

SHA256
f611c35715a256618552a9b79bf21dd53f316cbf85ae4b0f487f561882a0c46f

SHA512
df07ff6d3264f842a7d91a0c8ce2980585d913d85b4dff530bbee361d76eb486c836787f41bb9564183930f039d4bd45362e2e9411147218a26091cd96951b03

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
8cea317259c183e07b569937d1be2bb2

SHA1
79b5de53d53a7999cb0f64e8fae9d11e6d9dbd1a

SHA256
13025335d692b421f274bcc52790eb1da26de54d26568d7150af1c31e204e111

SHA512
132c0799b61e1401ebd809bc52933adf13cab1ce2db882e323e67b77eb8846b43293efcabd44e28aecbdb04852a4539b8df9edfe6edc18d52bc0528e2dc10ea3

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
11c028e29cd252f43ad87714c04a6d03

SHA1
618a2e097148c5f329aaf743c2517a5eeba99c0a

SHA256
e1424702508cc05521ee34eb149ecae91c697b637272b29daaa8d950728494f5

SHA512
18dbfa754beb5105cab351d586d846e9d664808bbbdc9c9146b3eece2183ac90c56532c4aefd404a6e8833dd38108a6333ccf13bdb238437b9ee8bc590640b0a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
c5024d45044362a314858fad23ee857b

SHA1
86157824a10d12bf41cd0ce62c084a856c2b027c

SHA256
e2c063571d23f86c3e10808c9881255c01a60d80a29ff9864ed52d21394c8a8f

SHA512
dda63a69da553a7ac6fbb3330de58c2b2559a0208e9017800ee698e896685479ea63704c5c663fac57573522cb778a14ba9df1a1a05e29ce735444e745c707aa

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
d7ac923f7d9883ab66c7113436e482db

SHA1
f98df71483892ff7215a3d5b256019b9fe5fd183

SHA256
8c2063773098ab4b593414137b9f5a62856d1b7243c74c258d43daf887f56c05

SHA512
e32c650dda13d491878acb340c5330ed5e5f351e74cfde89eb82ae46708f9c49b7d5da9e5f7c7c8279df4949f5180ffd625d3167df2620e39a7b5cee2966572b

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe

Filesize
1.2MB

MD5
1441f91a5d1a7acef75189f831c6b128

SHA1
a4b697d1718a95bd1fa51c72fa688aab760c230a

SHA256
c806deec4ec3d8f1815256d0f154ba7a69b1e20bd7e0c0c29f94d4b81214c2d7

SHA512
c747ed5aaec597bb91dc877a2c6040df13b9bedfedc3f739f6ecd41187fbe5dcd1715386f6007d9dcb97c06b3d97011cce8d88343b5d700e8ebf3b05fef60a51

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe

Filesize
1.2MB

MD5
fe41e22c5dc3fe7579dc1a2609b92e51

SHA1
420e6db47b61bd71f9659880641a29fab1990cdc

SHA256
f99b81f76d93ac11ee7c287892577b8738828eb738977456fd909fba55f4895a

SHA512
f1543e4feb771d4d26ba064f38ca88b36d704e1b92f3d8a7c30964267d5762270621c7bef67e7f97be1d030f3e269c95afcca514511f7dc5ef5a40f749e7a499

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe

Filesize
1.2MB

MD5
51c0df058e81ec214435ac5f445df34b

SHA1
51744b8926142f3c9931fe4ab1ed3933770dba5f

SHA256
737cf018b01ba8b1e1d1866b762073202c4ce6044c917ce694ce11094511f6a8

SHA512
e49f2f9d6863e8dd049b5825f8836139fc48f56e55f48d9b5301f5b7ab9b0f0cd0caa94af75afc9b71691d8c83e07fcb9afbb8523e22d9b94016d1168f0580ee

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe

Filesize
1.2MB

MD5
9a8d44ca624c825e24bdce991816ccf4

SHA1
bdd7fb654eb688adeef7304c6b3e22785957213e

SHA256
b475df19cfdb2fbae6dbb23e43f7787e06f86b0fe9e7a03d676b913da555207e

SHA512
b5e13121f4cc032f9ec4c045c7dd5a3d5829dd406a06cf7b60089da60df6fe26f372a3874b54bbefc6ef93ab84ca320fdf86067cf9a769d27e0c243cda72c696

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jar.exe

Filesize
1.2MB

MD5
c99ef811cd313aa532762ce3e7914af8

SHA1
1540d6cc43c0178ee7dd9d7f08957792cca046f0

SHA256
2777ae81223f146b25d96a2b3a7e4240da0205f181a689b9cff4696464080ace

SHA512
4ead64b59b94f78a41a0cb56deec21ac306357af52307900cb627f7655aa63abe572dc7ffb7ab0ad7181d7e5c98e183d525691714e7e0b1fb02ece1f84174ba7

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe

Filesize
1.2MB

MD5
c529281006a934f29222930e82d6345c

SHA1
87984e771c9c94387da3bb6317fe20981c2b8a67

SHA256
16cb3ef7df6e681c1a5d2df591addf3fe66471604d19a5ec45246f8fff1a2ffb

SHA512
5315f453e7617c2286a0c083f449fac2562dbfc87bc7e0c9a65d7945015ffea84e0e4e0b0a9cf5b902182b38884726580f7149390642cf2bdbcd55296e35437b

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe

Filesize
1.2MB

MD5
cefe722a1d12475e99925edabfa66362

SHA1
224792380a04fc7e9fa982f103e73d68c8ad534b

SHA256
bbacc27484c2fcc8dda58ac7bc8b80524357123aa27442de4bee83acf2e52f25

SHA512
954a52618a0c4d770e6c2f9d795f7126af48c8819f965f3e7ecd995123d2ace6804442a063e4c757f8ae6e06d276ebd69d90f7f4821e2e2b34c0d74169914a04

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\java.exe

Filesize
1.4MB

MD5
d1c2b3802d5ccff810caffd703697dd2

SHA1
26e38afa361f4255ee06cc5729192a063e313d47

SHA256
c946949cdbbcc1522b2d426a8ac82e13fd4d359d4a65681cd9db05ccbb26f492

SHA512
c85efda16c3d9c72a37bb01ee8655c61cfee6ff4832ad4036dff2c73b785e598c1dc104edf0e069e2eb3ddfc5d702ff3ecc4146a9cd02fe289deb0bebf047148

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe

Filesize
1.2MB

MD5
b89cda92e7e29204ad5874d4c91ebb01

SHA1
34a7470a0427ca032110bd95a0b2deb2c8c8ec0b

SHA256
d41d9811bc511a024b5d4520cf4799abd1be4e0189484b0012dae02c6e63acbe

SHA512
f18e73e768d656c7f6e9cce69ba9e56df5d31a3095eefec9ab8535634aedd54b16570269ae36617debc6a97f7826024816de4e7f834f69246cb2654f73b5001f

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe

Filesize
1.2MB

MD5
6ea322968187d55c3b4f2a1beb37e90a

SHA1
1aa854b6f6f95c5d4adf01c61fdeb7f5eb25afff

SHA256
4a328c74497c1fd261d03694f1216bb1ebdd1124132c02fd2d0d5b842d5f0af6

SHA512
2c38cb3ec98c3da5ed7660da5fe33e3872b09c4910c23be093fdcd773e3d79b8ed26d46b0d29a63b0ead77ad16365d68ab96d8f466d74fc311d16ab701b08712

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe

Filesize
1.3MB

MD5
01bb2c4413783e2a19f38524467e63dc

SHA1
9523eb025887d85a92767b5eec11a9f5fe4c0971

SHA256
b761bd19d2e6dd425f77384c59e360ef8c520704b66f9de90d0b6db53901a3be

SHA512
e4201856e82fb2637b6fd5989d48992fcba9aa014253ac66fdda8379cc4a6a0081d55b2992d2fddcfe864fb2318ab9a3394ddf98ccef5131899e5cb67523daaa

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe

Filesize
1.2MB

MD5
30ed90852488a9f019c9ddb4f847c045

SHA1
745978111c141298545f8dd22d9016527c9aa74b

SHA256
b5d1845c95b16d5769e83b81a8a0ce83a25b7cd36bdd93b5d0338d5a950613b0

SHA512
5461991561d51b6dd3459b811d785201a271760cf685b7a616768f80205c8e9a97e551e9a8690f0e4b41b6e21adabfb8c1efcdeef9b2bfc8edd01987b6c6a925

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe

Filesize
1.2MB

MD5
d54e235aa8a5a5b919d2584bbf7917e3

SHA1
5d96ddff48f4c6fb07c7a9c4843f556f7081ca4f

SHA256
2c9e8200567c55e3f0260f531cc21059ef1c3e8f2fdfe690c25d93bcbd2f3859

SHA512
d4f3258a8079701aa3b1c2587b6232fa468be0f72df71558c9bd49691771bc48b5ee965f9a46804ba3dc5a638c531f7219da16d566303b8a681d4fdf02ec18df

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe

Filesize
1.3MB

MD5
30df150e27193d24ba858eab513f4b2b

SHA1
9622f49b513ae9f4b96554e6ba1da7e7656a88e0

SHA256
f47adb4318cb34a90663e897cc884871e82e48573051232af3028725685fb506

SHA512
63eac2a816906185d01b8e271dfd7f4bf2f6dfdd12620b9f3d88440e00a690e949ec98108455dbb2eae776dc1e4047448227099ae000099f04287e8aa73942a7

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe

Filesize
1.4MB

MD5
dcdc8b1275b3ef120d954051cf22930e

SHA1
67d71922ea4beec40050775bb79b9daa5134a774

SHA256
4ef692bc05024240c2210f78354b9e943f8988bc31cb004c3253d2da683ab652

SHA512
fcfa1630cde94876ad9edfc0a8f32d07785c8069628cfc06273cee935c18dae8febfefa35449ee31b46bbefa33b131092bcdadae96d0ac6fa3ae175de684a614

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe

Filesize
1.5MB

MD5
e1e1f8b22ae23b52c8ead2a2829a3dc4

SHA1
f723aabfef06ab6c294b53f227475460375c12d1

SHA256
ec1d1b48cd4033fe5dc144fc35fcfcde3a614abb147364ffeaa53fc9a4375772

SHA512
dcb84fa8f107f9092d79378570670314f7e04cf5367a5b81a53c557e83a34edf7bc0c761c0c8d4ee6d89ccd6c919ce321ecf75a0f41c6538ad33f4acc0f7b069

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe

Filesize
1.2MB

MD5
5a889c6515368625d61cf9b8ec02272f

SHA1
292057e53478b7ffe93b25c8656962ba8fda310f

SHA256
8d6ef0c372a724d69d45bd47e099b9796060fbaea3943fcb1eff39be6d5b0d9f

SHA512
bf11a1c8bfcd115339d451a0eff830173fee8bc279d6abfe79aadd3aaa1003f2f2117d93fafaa3cf8997fafa62cc8fb668e6a0f55db77eba73eb2dcc5560d91e

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe

Filesize
1.2MB

MD5
e4efc3d90534a5d5fb6f7aff32d8ff67

SHA1
0ed5b939f40ee5b5698fce47d33d0682a11c0a81

SHA256
4368fb918b98096fc39791892129f278e1cda1d480f71923fbdb72c6a726ae73

SHA512
6b32dea3cf8b4cfda23dd2eb20e876e8a9c2c6faacd70f6da5df908c9662ef6c1df1e79ecdde0032aa8b14ddb2e66cf815634c1e19425e8fb51d20a61f8b327d

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe

Filesize
1.2MB

MD5
179897bf8b8fcde56740f5dd575a03ef

SHA1
746fcd3a2af496d14d7ec0f177a0635e38871c68

SHA256
bb49bf8827cd5e2882a20e4136bc24d9946053eead40af342ca5279a1a0abe23

SHA512
c7831a5a7a4e86040701f6c7fe5de5f867820ce4f0e59b3f359fd421d7c8c01979190cbfd81f6a456ac7f7b9927174d58ed9de33c9ccf282125d2dd18bca063c

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe

Filesize
1.2MB

MD5
5ec84fa0ff85ae5734f4f88c13fcb45e

SHA1
eea1ff55112915199a17b5516ae9f91171a38e99

SHA256
45092a15b65819dd6ade99e3fdce446936a40dca1998cf430214b2b4eeaba15f

SHA512
adeb29e81292d580fee840779c6638055a81ec10e9dbe851627b41dc6ed369efb5b5ee66dd8116c68f57505173ac8d1d7aa232d18977ff3f1848026022dec4f3

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe

Filesize
1.2MB

MD5
16d2dab5007a4819dd437c09e42c0de0

SHA1
89995f66f1b80023ea54775c3d5efd6c7c1c469a

SHA256
f76643349a9dcb7df1aab2adc6068262428b61a0379f0e9b7e8c64a8d6c562c3

SHA512
4202597aee6d3b02427f3a36cfeeb1cf87575529bf2df1f72a0fdfa385095b726504c136f7711369bd898654412021324531cc4088e2450c3b3c955d7be85536

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe

Filesize
1.2MB

MD5
1c3e85c0e2ca8536677572b7d491c36c

SHA1
7e135fd6f31b9b3f7c98931ca91852e5f877e9a2

SHA256
dd22c683b180f6e11989ba209e4e56922e4270a4534ce6839c1ea6962cb0780f

SHA512
754e415aa51318fb9fe08ff856ee765d20e5936b247cddfc2bf1fdbf83bef3c1f46824d56823bbf7711cc133f663d7d95ee2595749add4654a9d0142ecd6665c

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe

Filesize
1.2MB

MD5
94fe4adf03af117927869567d6e8b659

SHA1
75bbd179e654e3ed0a270ee45964a4560634d9ea

SHA256
eaca2ebf1376ed6943dc4b8e36e043af1faff8a7c4de62838e201971f6bd1649

SHA512
e7042e9e8450a6942239cb2609afaedac9af20e998447b463c19cbb7aeeae7502e4bae7c4688a743ab7ebd7c994e36a36d7095e765f99995b5c1197aeca28577

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
787f5f7623f2db1922ac21db752b3030

SHA1
ee5d5fcc48c95cf783104ee5aed1d117bd68f7f3

SHA256
59d4440214c1e40e04f7e7e9878feebd88930342b0e7b061ee7abc8f36e57eaf

SHA512
f49a192fe4c5ae06423b3a1b43500339c0a9c2e5445f85618cbd5d6b404c94c1357a810ffc64ec2deccb0902927b5adb68d5c01e7888759d3916be4ebc4c0358

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
b4dd74a04e255bedaf17142f9c3d0b25

SHA1
c351a5a1482fcc9f8820f83c27f951ec05bb8545

SHA256
3d04ab6c6048ebd2eb2241cb98be47693aa4657a81c0d6ec26e6cdba51aab87f

SHA512
06f97792a3fd019bc9e43618b4d2782311214d2331b0e04cbd743922ef4f8a6e3446d7d193dde95e6cec0de2a2815f959b380dae8620281ad6e5313e402a1451

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
cdc537c4ae66d80727f4353e6dee9a96

SHA1
2d3177107288d23c0e843ab83d821c34708cbb82

SHA256
ace1c41167a2760152449f6e5c7de1c5aa3bafbe686e17faad5e0211332cb9d7

SHA512
5bbfde58476bd0ae05a8d480f24e89cf384212716aea00131045b5f58d93c3f0f39f5ba9053a90be8dac5a46647269c6515b9289bdf1b14d49ec5cbf4ae486d7

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
5e8f5024bf3e0b760727fa9ca295c4e3

SHA1
9702b5d643560c7d5e6e80d5f109f4a5aae2c18f

SHA256
f4883867b19fc22206a42c85712af0ffd64cb52c03e95127eb91f72cbeaeed3a

SHA512
70d2055bab7943f479c1807811512082ec7c024c667e0ce020796987766edeb1b64fad4b0f6666c9fcbd7fa44caa6e74aa1a8bf83b22aa58da85af21235f8be8

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
39bd4ec615a6953fd726395f0cc00478

SHA1
45ab721eaef9063a46c73aeae047e513233ce114

SHA256
c6b05b69e4df5644572d871d06298245247d80e2e96ba3999ff79856ccf549af

SHA512
f81bfa3442ea0ad11d97d267d482c799e1cab10c1353f4e4b86c1403c37bcfb2720a8417559572f9134102a3da68d2bf593df671163df234630b91b0d4f613fb

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
d540e540c5925f735ca7de75147d8d60

SHA1
f62aacb98a43b4aa6a957b42efcc7fd9a3ee798a

SHA256
42dfbdb6172bbd810a78fb7cdd198bf46ac30d5244ce9bccef4ee3d2ffcef554

SHA512
2984598a9e97a6e5348baab4ffd0017f335d32dff42a6e2f5678cb4c951959d0d854f44f6b8eaff4dc5d79fe13db14945521ec290515bb1234349e1ab3e069c3

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
d540e540c5925f735ca7de75147d8d60

SHA1
f62aacb98a43b4aa6a957b42efcc7fd9a3ee798a

SHA256
42dfbdb6172bbd810a78fb7cdd198bf46ac30d5244ce9bccef4ee3d2ffcef554

SHA512
2984598a9e97a6e5348baab4ffd0017f335d32dff42a6e2f5678cb4c951959d0d854f44f6b8eaff4dc5d79fe13db14945521ec290515bb1234349e1ab3e069c3

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
a85583b10f05db650ad032b959880e13

SHA1
517c05856821e95e3c6f45cd72807ef4507b229a

SHA256
cde0c5a353d77d859d28443bb8e62f9a56bd3039dab252cb95e672f5c26d1f44

SHA512
28bc3a00d67b7ccbd91e1f39664e259c13796a932c7d0c34c53d17cd6ebb86f48901b2fcf52cd1ed5b13299223a68fa23b3aad4749f23b62a09eecf35b8ce554

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
3bdff050b3fc5d7b9a547ab1ee093633

SHA1
526b5dfd9b8c0d79007a03379f8a327c39a367c6

SHA256
20b795ec5badff3954734a9d315cfdd51c1100b984b62a5dcf78e3d76681edf4

SHA512
0a5717d73dc58a708a91ea535cbdff44b6eba0120dc20fd6a9313f8f8de9b06cbf2815141f7c2c03a1c38e978c891965578ff749d3d83caad916d6c7640538a4

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
8e07b70b6610f2a6a4a5759e7b1667c5

SHA1
e5a2574512f18eb7d840a415f4e40bdd25008ade

SHA256
dbeee19d91b32eb412d6f2e648bd7da7714e134ae39a9cb56f91f9b4d721d8ae

SHA512
c6384e34aa0dfaf9295bd09dce61287cec9b2fbe36aa48ec037af0510462971cfaf27de82f3d35ef1b74e564dea46ae67fa52b87622c93d806ec7c514df9f724

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
d1930a41f2882a5fc28db36998bd888b

SHA1
ae30a614b41a24f39200e26fe7c882a6feb82483

SHA256
64e310fd7210ae6b903304084c9790a21f13f0d0c9aa7359593618e9c96d81ba

SHA512
972ff02abbaff06d989bc0f41f29fc37e8f244bacdb70751c1364bec03f7d63676ac5d95f70dbae462fc97212ec4451a74bcd13dc41a67ab5954b8d43d61c169

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
29496065a8e5b2fdc4ea382fbf78cc0c

SHA1
4767fe3d5d68fd695b1b98eefb64d5b6d5bae0ed

SHA256
eeed0201279079a35552d8d6edef53010350c83141b27890ea0feb8f9ac03683

SHA512
1b87f49ada176fe7c9de348b35285ed52698fb558027f4ffd57a7af0033f279f5320b25dfcad768acc76747fdc572cdedec2a20c6b658c7484f907e4db916100

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
2f725803d6b1dc10341a6018b72c35b7

SHA1
d98b1f48016d1e62f531e19668bf46486edc6c59

SHA256
dd1e9f1b475530f3e513966d2f9f3df2850d01e1a976c4407a077cda15efdd3b

SHA512
b04b0fd2b752535a24bf19cb4f07a165d1bc39414800528491f7c1fe87997b3a6425758698a44375fc49fce032f1816cb8df98f9b2dc4e887ccf284ed19a288b

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
4b006b20e5fadc072f9c813b850206dd

SHA1
e98d220d8e3875b5a8794bc0beb3fe6218e85d9f

SHA256
a8f6f474c9e3249dd765dde09833c5aa77a4a2aef9fd2caa1ced8c79fde6c861

SHA512
3b2a63c74495ac6f1f98136af82d410283550906f224ce12a1b575ca0668359a4967afd6b4b288fb3ff62accbc0570dbe2d4d09abc8f31d72b524009f19ebd8f

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
6d411d8a95d24cafaa055734096100da

SHA1
e96072c2d01ba61414d844e176f3d75de979e283

SHA256
83dabffac051a56cd24826ee556f015f2a32313f2cece1e9172663fb2ff1336f

SHA512
184f0403c9279c09f00b0acdd3cff0c2b9e055cdd1b2b6401bf130251db9f0bd5e4fb73bdbfdf998290e6718d6833e282ed37db0bab68d4ae11eb340c8bc7dbd

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
f08909bad596a29051c75dda3e6c8a68

SHA1
2104c5b3987fab1bb23dfbb60e39f21087f51ce5

SHA256
3c07d26a03ada93ff6cdef713632aeff5a7e789e5c38b2b19122c5445d25c821

SHA512
4d23ad54c63b2217818622f0a32f5e01c3cfbb8363fe6497fb2390b5227ddb817efb4a61bcaf45e5617f79aede56223e4eb19a3c8dd23e41509f08815003c592

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
abe78841de2f5367ec5a1a6570ade8fb

SHA1
2bf7a2e383ead09cf756f47b0d5aea8b885b38a0

SHA256
2f9c043f526aa50cdb194fa459201e699804917a1683bc51557c968d3bed93b9

SHA512
a3f75b8277f5fb565903c37d65ba74a81883a50f618022ed35dc9a844913c64e69fca1bf2938ed4f5a5f7006c5a2cc1a8c92a6d4787696ac47839b2f3c3e9ec8

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.4MB

MD5
230e06b7a851ecaf96bc3074ec0c792a

SHA1
2aba68231061784be7d2c1340284762ab0578eee

SHA256
4cba63e1287d3e3a11151011c9f26e08b4d707dd367670db225fa24c7d45ba53

SHA512
0dd3ffff111bfdeef0a14f7c1a845a0661a740696c2435b7f3825b12cb0a634489ee0853b82323ccd86ad4272eed0fa880108fe3dc4b969a616c8f946d62b882

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
72b0d97f537d3e96e4fcaacf91f51a9f

SHA1
f5452f510b3ccccf356a4a636ef576a6ca72760f

SHA256
f578390f1d5525559d6cd06ce6b5156481a3594f7a98e9b89a0024f7d99a200a

SHA512
d84eb3f0318840d89f1fd7f9d98832869adcbcdc231e4b7d8740b8b564acc90e635443d0392c446b8de7a9d091fa56f50eee1e14ad2ea693e29efcafec01b0b7

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
b4a6d3313721cb9cd58410a470d079b3

SHA1
b86b939e0fee26e948f57bdae2068bf6039c0526

SHA256
4f5e1b99563530f068150ac9909fb8dfbfb2a253db53944b3944c4ffbc0460de

SHA512
e90d3ebccd6670c7cada205a59864ce2f76a4b2311c9ab25a3ed1f82f44960d82745e4f297c5490d62e6190250061fb8ae54f05ab506e7a8081f148bd8247ff8

Download Submit
memory/60-368-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/60-303-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/468-319-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/468-386-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/468-327-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/560-275-0x0000000000940000-0x00000000009A0000-memory.dmp

Filesize
384KB

Download
memory/560-258-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/560-274-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/560-259-0x0000000000940000-0x00000000009A0000-memory.dmp

Filesize
384KB

Download
memory/560-265-0x0000000000940000-0x00000000009A0000-memory.dmp

Filesize
384KB

Download
memory/1096-401-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1096-389-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1096-395-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1096-400-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1448-306-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/1448-373-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/1448-316-0x0000000000610000-0x0000000000670000-memory.dmp

Filesize
384KB

Download
memory/1552-425-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/1552-417-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1556-356-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/1556-346-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1556-416-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1944-370-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/1944-361-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/1944-429-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/2076-345-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/2076-282-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/2076-271-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/2076-341-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/2244-13-0x0000000140000000-0x0000000140326000-memory.dmp

Filesize
3.1MB

Download
memory/2244-11-0x0000000001FD0000-0x0000000002030000-memory.dmp

Filesize
384KB

Download
memory/2244-1-0x0000000140000000-0x0000000140326000-memory.dmp

Filesize
3.1MB

Download
memory/2244-0-0x0000000001FD0000-0x0000000002030000-memory.dmp

Filesize
384KB

Download
memory/2244-7-0x0000000001FD0000-0x0000000002030000-memory.dmp

Filesize
384KB

Download
memory/2676-65-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/2676-52-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2676-51-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/2676-59-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2676-62-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2676-58-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3036-403-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/3036-334-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/3036-342-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/3464-299-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/3464-289-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/3464-354-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/3652-375-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/3652-382-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/3652-462-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/3696-438-0x0000000000B40000-0x0000000000BA0000-memory.dmp

Filesize
384KB

Download
memory/3696-430-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4172-216-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4172-41-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4172-40-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4172-47-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4544-36-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/4544-179-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4544-29-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4544-28-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/4596-217-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4596-68-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4596-67-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/4596-75-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/4780-23-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/4780-16-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/4780-15-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/4780-84-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/4900-412-0x0000000000B30000-0x0000000000B90000-memory.dmp

Filesize
384KB

Download
memory/4900-406-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/5076-246-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/5076-253-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/5076-254-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/5076-247-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/5076-314-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/5196-465-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download
memory/5196-476-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/5352-485-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/5352-495-0x00000000008A0000-0x0000000000900000-memory.dmp

Filesize
384KB

Download