8f0c1ce06939780b74e2daa6317722634d0e63402162f0b505e10341bc8b47d3

Analysis

max time kernel
114s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 17:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.5d368f24def2c4dc47c017f7e9772300.exe
Size

2.0MB
MD5

5d368f24def2c4dc47c017f7e9772300
SHA1

5d0d9edcce0d4a056b5ad9d474d59a17e0e20cca
SHA256

8f0c1ce06939780b74e2daa6317722634d0e63402162f0b505e10341bc8b47d3
SHA512

7906bfad5f3fa441324c15ca89913ab26110830e56173294e584f6e312f62e3d07f39a99b36a3088b3a19c2efec1c7b44a2172475615b8871397c96301f997e1
SSDEEP

24576:isdFa3EjB/N6BKnzcVsLEeX/Kv/SQ7rBq+8sqjnhMgeiCl7G0nehbGZpbDi:igamN6wn0sL/X/ebPBaDmg27RnWGj

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
1628	alg.exe
2972	elevation_service.exe
2028	elevation_service.exe
368	maintenanceservice.exe
3916	OSE.EXE
1932	DiagnosticsHub.StandardCollector.Service.exe
2672	fxssvc.exe
4092	msdtc.exe
4332	PerceptionSimulationService.exe
2712	perfhost.exe
1940	locator.exe
4960	SensorDataService.exe
220	snmptrap.exe
4756	spectrum.exe
1352	ssh-agent.exe
3696	TieringEngineService.exe
4352	AgentService.exe
924	vds.exe
3884	vssvc.exe
636	wbengine.exe
1264	WmiApSrv.exe
748	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	NEAS.5d368f24def2c4dc47c017f7e9772300.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\6f55c5e54ed6cb1a.bin	alg.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ktab.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jmap.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\servertool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\policytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\servertool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	elevation_service.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\wsimport.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpnetwk.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\keytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\nbexec64.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\xjc.exe	elevation_service.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	5104	NEAS.5d368f24def2c4dc47c017f7e9772300.exe
Token: SeDebugPrivilege	1628	alg.exe
Token: SeDebugPrivilege	1628	alg.exe
Token: SeDebugPrivilege	1628	alg.exe
Token: SeTakeOwnershipPrivilege	2972	elevation_service.exe
Token: SeAuditPrivilege	2672	fxssvc.exe
Token: SeRestorePrivilege	3696	TieringEngineService.exe
Token: SeManageVolumePrivilege	3696	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	4352	AgentService.exe
Token: SeBackupPrivilege	3884	vssvc.exe
Token: SeRestorePrivilege	3884	vssvc.exe
Token: SeAuditPrivilege	3884	vssvc.exe
Token: SeBackupPrivilege	636	wbengine.exe
Token: SeRestorePrivilege	636	wbengine.exe
Token: SeSecurityPrivilege	636	wbengine.exe
Token: 33	748	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	748	SearchIndexer.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\NEAS.5d368f24def2c4dc47c017f7e9772300.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.5d368f24def2c4dc47c017f7e9772300.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:5104

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1628

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2028

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:368

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3916

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:1932

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4940

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2672

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4092

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4332

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:2712

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1940

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4960

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:220

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4756

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:1352

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:5020

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3696

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4352

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:924

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3884

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:636

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:1264

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:748
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:3368
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  PID:4136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
0cf46e8d1d51ebc582703d5d7afc001a

SHA1
01fe8217000c8d4b04ee1e22ae920158ea926288

SHA256
6cfa80916962979e33dcdfd38ffe7e3da1e559290d8bebd66fcbd2c3502fbbaa

SHA512
5e1069e40768a107824540e5532cbd0aa3333587457346bae9eb2681de9420dd6025fcf1f01d01b7a825854b1ccd6e74eaa990762b77fbb8aa47f5fa2f201108

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
d69645c3c5671cec3a7cd50cc3a9f6d4

SHA1
1292671c55e82efee46100558c518db226c2815d

SHA256
2a8466a1048b85f88f1e8e3279761d6a2a4f5f694d575ab69eb612c835f5e652

SHA512
27339b9e8678957521f6853d65a00fe39375136b6766f3567fb5e1ddf1bcc3b73a4fbc3ef1c2af8bbefce1faeccb3031c8e7e8aa59f607ced8e9120447cb9da0

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
d69645c3c5671cec3a7cd50cc3a9f6d4

SHA1
1292671c55e82efee46100558c518db226c2815d

SHA256
2a8466a1048b85f88f1e8e3279761d6a2a4f5f694d575ab69eb612c835f5e652

SHA512
27339b9e8678957521f6853d65a00fe39375136b6766f3567fb5e1ddf1bcc3b73a4fbc3ef1c2af8bbefce1faeccb3031c8e7e8aa59f607ced8e9120447cb9da0

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.6MB

MD5
4b5677f8e6a6b274f30b8945f8eb0a64

SHA1
554e2129829c66ba5a0c9126281ea28110c11b79

SHA256
160f0caf8369448dcfd31a000137e61643b646418cf6ade47f14c21248b249dc

SHA512
ffaae7bfdbd4e0b201085cd3de6e1f77b04271587c731f93d9d3224ed1afc3e28b3dc82ada45a7bcd537f5e059356573df7e7e4fadd0ccf3d3a0d0822b51bf3f

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.4MB

MD5
9f8a23a82211dec95a53bc67b016e178

SHA1
b061f061b47f7206826265ece922b5ca0c4952ca

SHA256
7b5b3b42bc677c6fcd000eff7489b48e02824278e1cef188a7c0c0b4ee461774

SHA512
41f74949fcffcd960e7df197837d72456e4821bd53154373f2f2f73b6971cdd962218a1968b4e342dd9fc7d3ae4742aeaa70867a33b428bf019113e859721915

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.1MB

MD5
08a61797021ec9267a044f4a2d8c9d78

SHA1
3b02b19492fcf513119b0cac742ec8ecb5899b62

SHA256
671f7b6437bd98588a3a0ad7d03cedd807ee950834df96ed3bc9b09f328806c3

SHA512
ca7b1d8966c13e84b73cc0e0097982f9888522f70a4a2c50366bbe27c2d3832b083b24268c2f95d139b06a7c682525d9e5ae30698291f7f78ced34c647f230a8

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
89f75f24e154ffeea84d80c8485bf435

SHA1
343fd03dc8e2bcb8cae7461cfe93d3ba7f13a916

SHA256
adea55846c24db407d3388c4c4647324caeb5398f8bdac144bd8aa61f558e94c

SHA512
3f6e4d97c8435f08b477d564a106ba3a897ad9cc394ec89ad02d386738aa64916c407ccc10b9ad568c88d3d0a31db775231cf6f075e6247a73c28c507c3584cd

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
427d5fbe37e2e736d261800ea758e5a1

SHA1
5dd951bdbb2bb30ed0fc8ca27e659e45d0931e44

SHA256
e507f38f51cad539533b521390867e2f0469411f51f8ac7e5c9e0994a35dcf07

SHA512
89f214335acc0e330f017e116aab2d3340ade29872f4ea4d9c66c1b99c3334dc461d04fffaeac81901b5c41ed1e992b9d5d5d81cce9e522058a7cfbb85912bca

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
ff5eb055860c498e526bb8a7fd845fff

SHA1
40508053aa673038d499471baa363303daaa87cc

SHA256
863c1d4e1587202c6966760879863a1cdafc8038221944f17b174e802e36ffde

SHA512
83799fa0267cf0afede7e3e4a53f54adba164a0cec879649800c17845ec06efeefdccd49dc0942508c8d8665f5385a7df99507cc2fe77df0b8d50d4eb9932368

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
c5306350114d8712c671dc79dc4916c0

SHA1
25507add6dad50454728ccdf534fe083e128a3a0

SHA256
140911fe7e40e428eaed0a52a997ea0e9438858278c23e73b08e5bf7cd27b722

SHA512
b252a8aa54227fb1cad5080491f86cb2debd4578e1033f6242a5f1a338f489a60c031e6d17dadde06ec4c9667df69dfe7ecd1e1379737aa131bc0ec390bde74b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
894688026e201d69998cc739fc9bd09c

SHA1
161a98565e5256b7786164edba4c960da11a7fd4

SHA256
beb8ec069b18a230ceeb1fbd2370333350a791dbb6fe85b9ccde5ac8f557cbfd

SHA512
d0b55cc2fa86eb20eeafed898c6fff05ce5349bb7f10935bcb48437bceebae4fb8426252fecbdc1c9ea34c359a37ec7b99768eb54fa78f17e8e17e0efb591c8c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
3c4544262d3f4e8210176a8af2517357

SHA1
ab8f44378ad42cb7ff8e759704aa9c9cf1fc6ace

SHA256
8a037aec5c1617e6c69445cd92055b365a9b6bef764a7aa3d495879b38822fb3

SHA512
ecd89cc7656eff65420070108066d6b9369e8a7a092c5a0bc716c78e9caac80ed4ce010bae03b709eafd5f89b79fe0f6613ecca1d55e46be1d76018ecafb14d7

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
397a970a3633551d02ac7767603a6fd8

SHA1
fda992e70e4b2b00df924f4c15c6eec4979fcc78

SHA256
f75ec369ef6b8d4d4e3490c6cd2ea8134fc3ab928ab7e14ee8059e2f7510d19c

SHA512
b879e65db40c225822b76cada275781eb59ecd2bc483de9bc7005ab4ea441e500841b9f5e17dac3853f1fae1afd2aba7cd35b10d4e75e2f637ed9f2ef4ebec31

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
c9086e6088587fb9f55731f56d949e2b

SHA1
78eb65046d6a319cb118997dff842558d90cfc46

SHA256
2b9e54f1b0932da7a24923f7e0d1fe921b6626bde93948585b016904756f1e93

SHA512
9823c0aaff6d111776a4ade05d2b039d13330fcfd992037fc83fe169f378dbb548554d5164e7ca24cc3a9fb3e76b464367292f3138cf4a91856cbc65ce7a40a8

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
41d00ff6d5aa235c176474849518ec0d

SHA1
ee7effb9d563babc2ba23cb3097c6a2059b0a192

SHA256
3347b36acd931cf5e2c238f1930443c1a2f0b2d48397f92c92868a58b17defa6

SHA512
8473c9c00167abdc289275dcb37e0ab6655919195d96694c274120d80fb4d3351945b81a3c0b2f1aab9cba8a6768305d6af134c278b98309c0c2b1524b24af6d

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
855bdec508e41813e5029dcd3a2b36db

SHA1
2d058ddeda7d864443ceee87297d35a14aa80a33

SHA256
1fb3491d35cbd0628715044d6a216d166a3f9ba4e36e026e259dda32fbc1d34b

SHA512
cfc4472decb8ef457a9571a85b6981cd1bf4f9b3d945a956071c16e3babbca956d1316ae485da706f80901338ab766eda553bbb5b6bf34ef77f7bb2be2b13b91

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
4850397877fcc987fc872263c35c6f74

SHA1
de8f9111552251645c4619921d660b64b5f3d42e

SHA256
da823f4d734358958d24e507f950f86ff773a00be166001711bac3075eeafdbb

SHA512
a915caa315d2d7e22095b2e4d5202efde6d4f456dd826deba734c8bec78206864ee0eafcf28ea9853b1344ba3261f1c5960bb1f3480ed822bf96cf90bb2d31f1

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
1a2c9f0b6ccd06a5ced646d44d0483e9

SHA1
f072f9e681803cd34282422c05c1f3d8d2d22355

SHA256
11b6e83b794419eecb5ce1edbb77a2c1d0a71c49b6180aa4f6f8b04fb5df377a

SHA512
b3734cea5d45807746731a2a62855d14fcadf8d8d582ea3ea8fd1e751026220d2002dabdf669a9582ee91f46c692482f50d190e786ca5d74f8ebb4e2f5f9038b

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
f1c3a4aa8968d2b04bfb04fd92640c15

SHA1
264f7b9cf2cf98aaf1e7efc39558883fb181b0c7

SHA256
b416302545d6fd50ffed23ae48677b7c746ab0a15ff3dfe01dc03de40cdf48da

SHA512
f112fe65fb809b2c5149f4d92d2098af66609e85ebe5bcc88afc54b5600dfb5fc041fae3dfefed80f0dc1ee7cc2c4d18cc8cb27d6b6747ca5c34783bd71e1b3b

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
961f4b9907840c1b4dfbf3fcf1f7ed63

SHA1
d9bae96e01024687ce50b19d5f0f063e65018f06

SHA256
5422dd5be0e0adc926d1dd7297c57ebd15b75b45d8d104537d27c1f15b3b6f1c

SHA512
0807f0fd60dfb1560c1057b3630fbe56349376ab38a7dabf01405a08ad30927430f512140403aa77c78bb67b21cb60f137135af2c6fddde2a442a2325ac3366e

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
edf72f0807404f4ad3bb200de515a88e

SHA1
d2fba97d2dc9fa88eedc4c4ad242a4f97b2dcd01

SHA256
c820f29c695720df14055f931305e0f5e075e28962b8cff5afe941225b64a391

SHA512
6c524a1acbf8de7a6186d632110fc9ab5a2a1c72ceb68a36ebac275124edf6a3c62daba1aac110e413c93340a1b727e18dcf8c1f6036e7db4c68a04010cfc520

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe

Filesize
1.2MB

MD5
64227acac8da2bb9e0d26b99b6e00276

SHA1
680f46fb34b4bc5b4df4c5776aa5f2422e483dd7

SHA256
7aaf11ca1ad4dd43ddc7112c8b968a5d4bad5312dfd75d6aedd186c6f2d7b93c

SHA512
746c429786ce174f36e444f59f3c1534fb46cda911a792664033f543086bf514b87c8228eedebd980abd5f40d1ed1958011433cec14b9c62e0ad04a660d1d44c

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe

Filesize
1.2MB

MD5
4f35b8f13288ae5787761f199b131c7f

SHA1
667cebc21bd8420901bf325f5037b32f05a54326

SHA256
c5cc87288bd90ae587cf606b182ace8f34155ec5a9e266955f29ebef445f9047

SHA512
8ba0beec02d1a52e1a0b34d5f1ba674f2ffb34846548e832c73bb88f070917024314a94041ca2cbce838af754f12855e61752a0a93494948324302b129db05d0

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe

Filesize
1.2MB

MD5
6d15d933552615791d71b604ec8cab1d

SHA1
5170dfda28880aebe68c9efee85392039e1dc286

SHA256
112a75a238c8179f9e64558c32c41fece5ce40f496a4b2c49b0509583841873a

SHA512
b3b371e96195e97d6bdc1623f1367b68a12df98e5b229b4a73d530c4ba4b156df5a4a1988e9f0ec02e3927998064d7133bbdd3dd94eb1dc1974dc66e1f05f7a8

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe

Filesize
1.2MB

MD5
7cef0b1de93370e5f70496ace4bf2ff9

SHA1
a28d5b96ab0d2d5baf601d7716e2f8916f983a24

SHA256
44ae511c8239f2b525d5d01ae314d56a60ef981960bd69dc1194c356bae39f89

SHA512
88e555a6fa225cb32a601ea1063f49a047c49c4ec0d99a02ac74ade155511c8a11630b786972a338300742d235f801086d0824643f6d20e201d7025b79c7f40e

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jar.exe

Filesize
1.2MB

MD5
d351e93936b343b428dcad4ac83fefa1

SHA1
0252def8a9fd5d7a9dd61947187a63bb16039dfc

SHA256
7f207b568a83d8b1274e3f754a7d2a68f91d72a8eb41edb27d42e789c4c216f5

SHA512
4dcc1cac792609ca1535435c9aaaf96526232cf9e009c0216e2acebf87185f2ace13e4c321869a2329b28df4100b3788606a9069af841e750bb4c5f3aa6181a1

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe

Filesize
1.2MB

MD5
3f2e800bc5a6481ef1f778800ecd6f5a

SHA1
c429532a5143d9bd2f36efc0f9af73be54a31297

SHA256
9692f05b488c75f2b8db3c263974273c90684c2c0fd9116955fd399ac61d6f46

SHA512
564d2db00ab4e661fd722a1faf384d86eefca9f1add1b4ff4ae7944351f028ce4a8fc90da53d7b191a15ba3dd2e62e66dda99563de336adceb0dd8d18e71ee8f

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe

Filesize
1.2MB

MD5
93558a2a35eb972633f4cf9cb0ade567

SHA1
8d0a8e111122b7c8695f49a57dc7b421221b878a

SHA256
bf3793a10bebf6eae1fc74d37396c10b552565c57b71a8b8c70de64bf06f84a8

SHA512
1e3aa4d5a1d7071d5a2c7bf9685a46c10657663e2d185211177aa662d131e76163a8332d3165f4a2c2f0516ba828fb5c2d480afc2695f63ee93607f6f3c952f9

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\java.exe

Filesize
1.4MB

MD5
c8b86a29181490835602a238d20887f7

SHA1
a66969c6cb835097591c89727ca63f2d82808670

SHA256
72524cc5be81d4cb6e00abbbacbe2f840d865234f08b26ca5041a8a2e6fca355

SHA512
4dcabcd4e53bf51488f5ea3af32e70e4f1f23fb88cfeaf26251c6385dc3d00b179f72e9a3d0fe2fc2b84c6fc78c02fab54f6aa21e3aa8b54ff0cd2af432fee15

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe

Filesize
1.2MB

MD5
165b21905813abecbc635176dbc55166

SHA1
c9ee1386702547b1e810825cbb9846ff063c4a39

SHA256
a56e470f917693088dea3413f5898521e28282f43f6e23ae93b147ced54be512

SHA512
5da2da19780bf9d4abbe91be66db5095d427e4bbcd8de1cc8ed1bdfe3194b9da32e58c0c7dbd6f3e0902558e8702ad5c47dcfcef55089ffd11314c0b3d306fdc

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe

Filesize
1.2MB

MD5
ab237fc8063c98b5b9a687ffc41e6c62

SHA1
26f2c0461d339487fe949ca9d274445e4fe64b2d

SHA256
8e0393c631843cac9798164510500975d2244147eb314330a7845b78865c19cf

SHA512
d65e7f94be44e859c31f3d0a0d0407e678504aa61a95cc728b63edb9bff6f4de0ce94ccb282b77f9ba18fe6cbbaee1b1275e20b85322d5ff7dd9f7c0d2133d97

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe

Filesize
1.3MB

MD5
adcbd5ffaa65f14c4fdf3e24b4f2a35e

SHA1
c9b28c2b0af44707d1d818953546185a4c792326

SHA256
55228d08b95b508548c4c2921107dd785e98ebab96d6bf0c628febad4fcb74fa

SHA512
d7e65305346747ab71494d366de6c4f746279b7199328c8e563f033e0ba225e5894ee8f516459b4020369507e250eefb106d2709b4718536633c9cc6497e27ec

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe

Filesize
1.2MB

MD5
ecd3e8d822c65278fb6f544f82083090

SHA1
230f03c40b7c9b0bb7f75a52def0cf579f258041

SHA256
db7dbd1f42ff00c61bead09d40c7b2825d9a19a0c47d95eb6c1a4474f1c087bd

SHA512
53ed42c79b90318e1c8afec56ea5d430888b4399a7c5609246fa1796f6338bee63475fb23da6eef6a790d875a68670666c7f1fd9d2426628b53562c82dacc0e8

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe

Filesize
1.2MB

MD5
e32539f0463f9dbc5aabc4ce6ccf874d

SHA1
d5e2e8e0918715de4b027f48f8acfb9ed16e1b16

SHA256
43c93c9c694ceed583cf9de2df5ef5ecefddde3387e1748610e786d65d185851

SHA512
ab0d8a5d1b4ae3e267526cf9df616e0fce06d3dff52bc4816844dd76561444d8ed67ecaf80a6f978b76c69210e060606c4aa8eeefdb69174f529e49b5bd45123

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe

Filesize
1.3MB

MD5
415957f0424c491cea02441f42342d64

SHA1
5d706fef0c067704a657483fefb7a9a972e57f82

SHA256
d7879acfc117ccb509772f44ff722b2fdbc139007f24db066ba0b7326d50e8f5

SHA512
41da75d12524d3fdb09b58146ccf8fc5382138ff083b58333498b3ff50f252a79335fac690aed26898f8d4a1c87ae122bfca5b8e5792e7ea784a3b4cf653dc21

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe

Filesize
1.4MB

MD5
6c9ebcf378941ea58d82570bc98921e2

SHA1
4c885a9bf5cecae0358ae779c7d655c3a663f9d2

SHA256
e4b6eaa8c29ab36af0e5358a8763b43d0678faf1d090c4af11956e60709f70a8

SHA512
c30f3a00ec1562f66a18ec628a749f649833bade9beb6b1a22cf1d6c84aaeb8cd84818972a74a5bfbdc0e832f74e3c3af8bdeb13472b37443a9393d83d6a0e85

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe

Filesize
1.5MB

MD5
c0a7ac87fc6b88efbebb557a8df604fe

SHA1
e8e12c36fb4d1a86ee3b84b00196d29f3c980eec

SHA256
d558b5cd444e4c1a7ca28882d874bbc952b329b19e6c2c02eec4eded1011547d

SHA512
1ba4e655326626d965840e46355f1930b535a37b71d18c9929752bae78ea9e563036100847a05638cfe78f74c4f5cfc97588f46b490123ae7cb52879db31cde3

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe

Filesize
1.2MB

MD5
6eb852ebc669e2219f3bf950718c4fe1

SHA1
e807e5082a64ad34a551e9322f226a61def07657

SHA256
eae042d1dad4b621d2fc272e7ae2628e6ce9fea0de26c71196913641ce40c83b

SHA512
880e62c45c9735983eeff9dc2bc0ac53c46abc7e098686fee3bafeb7cc6cad1243c349a52dfe6b679dea27503d19b25c18b0c924c3242ad3ce69565f7600df4f

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe

Filesize
1.2MB

MD5
09831cb6c67d5e6ba8ac62ab4b857e7f

SHA1
dc7959d474522a4bef09c5a26921aa381b0aca41

SHA256
cf5a056a85e724ccaaf6377ed0af53f17ebc598aeee56944b26b344dd2fb5e78

SHA512
7bf005ae860771ccf1b6e61f429a774bada43b13220dd3ba1829264dc0998e50920c475036d32f30585ad8b1e6c313c6327c341f1bd2f75dac2d2f7670bc1fe5

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe

Filesize
1.2MB

MD5
04a5888941556dcc75433207af031f3a

SHA1
781f33a3a5302c2828f85df992462d74f574a22d

SHA256
b010d2512f87d1589d172bfba926f2b1ea36c4adad9e7b3f67721fe68ccf1b52

SHA512
220fb19e434dc338db8d52a498311145fa9643cd911fc7c653f374113d615d6a6d3082b8e044737601b45cc6495bac507760e63360c70099b1f2fa0ec844f29b

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe

Filesize
1.2MB

MD5
6fb58d68d8bf706cff52570c5f7f449d

SHA1
d11abe4ad1a2a25f16aece0baa17326d51cb672b

SHA256
874d15b8cdfcbf14426c910253171e135299ae066beb147384d54cda222d4da6

SHA512
d542272d6fb40524e243c2900085b84489678d7c6c6fbfa4b6d3445be0387ba4f23ed93accca94e8af655688159c3ebdbdc5413e0e4e24b642a971b6d6e00579

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe

Filesize
1.2MB

MD5
c1a59795a8fe66b01a9977c524ff9da9

SHA1
391d3740e13f0d7509642cf90d75d862116137a6

SHA256
b5c3b941ece01d2ff58af4ac8870dcf225c5fe3a957c313cd7611bce30743544

SHA512
2484f941348896130569bb86ba497800a64615d5c01e4e3c0e3449107e5bc9056532ecb9649bf141085f00f264db2b7ea31d839e30e3f0d51b6467aeadf389cc

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe

Filesize
1.2MB

MD5
fa3f8a47a38f866641439e6c68efe4c2

SHA1
64ab7a3cbdf17542a46d2f68ac479ea2307e30eb

SHA256
e857f66b29a6caa34eabba4efefbf9b13680bd09d4d33b58fd8d863496e4d1a5

SHA512
6ea9961bc4430de1eaa1e0f834c8b33acf153a48eb368d749ac121d15455fe8485df2603419b3ec8af3f4a88935e753b84d62d2b5986aa08f34d858715dd9d07

Download Submit
C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe

Filesize
1.2MB

MD5
14504b85f806043b573204d0bd1d18c9

SHA1
1ceb60eed1984e5a75608cb00d42a966ba8fdb86

SHA256
87a70dad677a065482b3381f041599d52fc37e253a181c14114197a0c5f6e64d

SHA512
73c60ad8f935caa96d8e987d0b613cb1babc02dd3f16159596d31bb6a79cdf0705aa8589ca91175f741ac9a830ef6dbb987a9a0c7c196b11a3467d1cdbb5ee06

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
4ef354870fcdc2131495233df90e811d

SHA1
252277f30502a1d473f0ce7b01d990254181d53d

SHA256
7b05ab1eddb85704e9904e40f7a457a1f1269dfd141c66f2118896122f46d909

SHA512
7f7c3a2fad76854bc5cb30bd6d9a64a67952a28bb5cfebc4d83c27f795fc0e4625ae61ea7390bc002ea337529c623a1f7876b1f6de7bec0c05b002d0e3621f57

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
ae04703babdf4df68ef86b02d795ea96

SHA1
2de29c4b170f4de83d23967947880d482898a389

SHA256
9cc6e600d3ead1a58174306882e0c113a9cb56283916e7614865a74fd5cfadb4

SHA512
33a3adbe944b2d744eceb23749c1497cbef7aacc036d9730182af5c635bb8c2abdbd7b7909d5a7502f89a269fd136d516dcfc72c6e0e24331abc6e71311cf1d2

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
8c2e4d5a4ed007b2032168b60002b867

SHA1
14c96e7b46d2a0597df389f66756b049d71add5a

SHA256
c31fb6ef29ffb37ff0c0647946b744d5806b8b154ce53a718bcf2c33f0f9e0e2

SHA512
4ae1e36a9bfab97bd9d334fa3cde6a79413a99bfebf368d5a3e4f5bae99f5db6961199d2ae94a8e5c1fc387d232dca7ab09359e8a628f49d3a0fde6393296c56

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
35dc9546faab28b884e6b036d757599e

SHA1
6a6ba37057591f8f8f8a577233cca8652d1de41b

SHA256
aba89e4c507426c7d99abc590d0c1060e5fbc3e35275f0b7cd6b64d044a7f686

SHA512
1e82da1c9421f8abb23e560dd19e22f2f016c071213567e7be4024fe3307dba92086d8f073f2ac511fa183b3495aa53ef4c88a191f7df6822b1e647f0772ed40

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
bcb2c8bb10dda6ebe899e224e7089605

SHA1
e93fee8a337c87ee87110b1a471d18f758f25107

SHA256
1dadf64c12f25e75323037aec29cc60977d6364a46ef28502ebb4d7f31cac01e

SHA512
1125a96ac2f6d61e0dcb81dc39d382634f264a1e37ae961ec3f2bcfe0f3a2bd03569a1db53db35e383c5eb02c9c2fffa500c558fbb2304d1b7db774ed2d89ea6

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
50024d12bc56896e755beeca84caaa0a

SHA1
f183b66c595c9947addd38b1ac1be724f64593b2

SHA256
6a5876be6f3c6fa14e6beab5908fb30d98dd6cb5580c45be77b2b1b12a6b7606

SHA512
307d4b6bb0d0fd680efdb4d9e049fbb08de43fe1dba7cf4054c78660d61e53a7be9b7b171d9f5ed2ac1959741c875a599e7159ae52ebc2232e35f83b4c87605c

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
50024d12bc56896e755beeca84caaa0a

SHA1
f183b66c595c9947addd38b1ac1be724f64593b2

SHA256
6a5876be6f3c6fa14e6beab5908fb30d98dd6cb5580c45be77b2b1b12a6b7606

SHA512
307d4b6bb0d0fd680efdb4d9e049fbb08de43fe1dba7cf4054c78660d61e53a7be9b7b171d9f5ed2ac1959741c875a599e7159ae52ebc2232e35f83b4c87605c

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
78c3c2ca2bfcf9dcb9b23245889b8a18

SHA1
46920c61ba16cbcd4647cb9be803961ec933fbca

SHA256
c7bd93ff3302ef882172274abe3e2b336208cd431e9cba35ae7bf91dcf960dcd

SHA512
534469594750cf6d83661dbb9d9de35b6a6a9741054fe609cd1aff3b2b4e31422b7335b0d4646009099f9eb3a3940350b88ae9a440259b2bf3722562fd623f51

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
97af149a48ea7884b758140e5f3647de

SHA1
82ff7e4bec92785316bdae092a05663afbd90c36

SHA256
0283fc37881fa4be4efaa55be527410eb190f77840d21b6365d8e5f743a3f64e

SHA512
4b696b02ba9bf1eb19feec2a575e794b17b07234c1b451d35afd5df67a38ebd51b0e16b50cfc495c8a139d43e2e54d98b060b381eff7c2786cfd8f87ad6b89de

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
c4fdcaa0cc45a22e7ba435301b14525b

SHA1
a819b8a1334f1dbc30e9b7badeba5f5581ddcd55

SHA256
d0a1b1575e2083dc3c8c14aa2b391917677473029a28ada72875838ef0d496ae

SHA512
e119feb9348c035a93e102b0463a14cf1451eb15e774b9924b48e0f14f694ec13a6bceef13672d17dcc0b0909c99aa6838fb306368c4abe24d4698aad29a6506

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
c6626edc056fc8e60b6241be20bdd96d

SHA1
06ddabb90bc0290a4092fe4f5b217fd9e9e3da65

SHA256
6012ac2071357adbc43b3f50dfa32fb4a1dc04499506c1e9549600acddc599b7

SHA512
4b805ff9c4dff42c80e812a9169bc7183b425b0792cdb9373c241f6502ebcb583cab30d8b9c751b80b77bbad63c65805bb4b2bd9b228223b844de6ee97fee2a8

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
dd4b10d453566441a5fae1243eaedb85

SHA1
d926dda20d42860dcc077842e0c456d114a71a90

SHA256
3f5b5031a71f8368e7352acb188143a34b7e503180033c73e607fcef45b436c1

SHA512
8759a6cecd942ab94598576dbed5837b1510f4c51ac6cda21c7c2e6c143dcf5a11f44bc4a4ffc1e125606d6769c7f9e60ce5d372186805a3bc7fbea66986d005

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
0f7f43effbfbed5c52c12145d6abcdfb

SHA1
3357f72bc83d612caa25b4d16acadc8441f3fd0b

SHA256
71bb2f66088d800ae727a0702f156f61033acba972bd1e9997a3ae4b9690e6f8

SHA512
39340dfe69db0d188025345f877c5a9fbdcf0e87019400fc906cca1e15e5c47c2218a40b438c3f59737cb38eda29714fe93a2d4b5ad2f0a41da0e4b7575aef57

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
af6fdd2bdd59340988e8496f0cd3a664

SHA1
e03b383229dc303887e222f3f020a74d325ac5a1

SHA256
7900b1691aa56a8f8e71c87563be572d547842e948bf536ced7443e98d343ca5

SHA512
54797e318eebe39678fa45437f921c83302fea5b198768ec34383db1e6f1f2d62dd9097317870d0d393b303a867a499e54c97645c84722e9f7bcd1a2ee727ac7

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
43ab8e54df937636622acc2ec3b00aff

SHA1
b8d96ddab51957cb406bf6cd2e74db21242b08f6

SHA256
fcbdf765fefa7e004006aa97e16a1e7832033f989c906efefa45381be133c4d4

SHA512
1e60c0f05599f1f93562c65680d36cb57e5b427e47f6ef37582fd50041678b93bd14fec262c223581a34b63cb91d56210e373c425b83d16b1ddf31004f46c054

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
b8048a5373a943d1092917bca265ef4d

SHA1
adfcf67dc33b40b0c4e6d15f68850a4a1323dd5b

SHA256
04049a65c0bf4ee324eec4395ab71054c4a0041fc72a59f0bceb0e410e83b291

SHA512
269c8d67a0d3c8b06f4790210b8f7b3618ffa38dc697feceff22148365c4d5b5989028bfc0db3b90931ad067b5556386a8e59a23af1288e022e864dd9b57b5dd

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
54fb871b458df5fcabad11375904d3ff

SHA1
2537721c9decc7e35a64b9009b1872c844c4c55b

SHA256
6b59472469022330c621f3c117b1e144a0f7c89ea0fdc89d94f811734bfaaab8

SHA512
b5d230b0f435de45448aafd537812e4816f16027d9fd0e543bc84558e4ef09de6843600d0d87eb753af7b42ed73e1a197e3fe966b15a1f6aa35f666a17c04078

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.4MB

MD5
d92c0d08d2c67c845f040a7d09593c36

SHA1
ecb2dbe87fdcb654ad7a6830ca6d087986ba988a

SHA256
3f23e9080627fcf42553a78e0a7fd811a3c9d1a2c9ba00cdf574d50b8d3ec190

SHA512
2b09961923d336dee6f401c4ed19516cec9c0abfc7da453d11f6fb085773d805f70d98157fdcfe2549669677042902446ae1e4a9a5a3b97be225ff798f91d772

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
8108dbcc414c7bcb563bf84da77d09d0

SHA1
114d9f70f6ef9b91111a4add4bc6dc5606b23629

SHA256
7c2dfc34d0d2e3218b1b24f6b78475750d3da4162170943782000adbf7ba39b4

SHA512
1f4b6368103cf597ae4e6b16cca0ee46b0814cadca3ad7bd07b263a07061d38f275b2c07a7096aba92896de2dcd8dd3d5300e5ad7cd8d8a51bc922d5a851a50d

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
b70d490c4db0cb553c18845fad17b4c7

SHA1
ada6be445fb1abde0706230ff9afc9b15974caa8

SHA256
f19e4e9d002a9ae7f63fdcd1f228ff3bcd86e57f5760eb2e734f83d6cca7cbd4

SHA512
db7dd8f57fa43f24aaf556e890a79ebb7bea266fd5c82cd44757e563a6a8f8b7f7e3f064ac0db26102f579a21a0abc4161b216f67441594d94456d6ba74d9cf1

Download Submit
memory/220-344-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/220-334-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/220-405-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/368-67-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/368-65-0x0000000000CF0000-0x0000000000D50000-memory.dmp

Filesize
384KB

Download
memory/368-61-0x0000000000CF0000-0x0000000000D50000-memory.dmp

Filesize
384KB

Download
memory/368-60-0x0000000000CF0000-0x0000000000D50000-memory.dmp

Filesize
384KB

Download
memory/368-53-0x0000000000CF0000-0x0000000000D50000-memory.dmp

Filesize
384KB

Download
memory/368-54-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/636-440-0x00000000007A0000-0x0000000000800000-memory.dmp

Filesize
384KB

Download
memory/636-433-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/924-406-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/924-413-0x0000000000C80000-0x0000000000CE0000-memory.dmp

Filesize
384KB

Download
memory/1264-453-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/1264-446-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download
memory/1352-431-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/1352-371-0x0000000000D80000-0x0000000000DE0000-memory.dmp

Filesize
384KB

Download
memory/1352-361-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/1628-17-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/1628-23-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/1628-24-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/1628-16-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/1628-71-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/1932-248-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/1932-255-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/1932-256-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/1932-249-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/1932-316-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/1940-308-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/1940-318-0x0000000000560000-0x00000000005C0000-memory.dmp

Filesize
384KB

Download
memory/1940-374-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/2028-42-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2028-41-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2028-48-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2028-140-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2028-49-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2672-261-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/2672-260-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2672-277-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/2672-276-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2672-268-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/2712-369-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/2712-305-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/2972-37-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2972-30-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2972-89-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2972-36-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2972-29-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3696-444-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/3696-383-0x0000000000870000-0x00000000008D0000-memory.dmp

Filesize
384KB

Download
memory/3696-376-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/3884-419-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3884-427-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/3916-205-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/3916-78-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/3916-73-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/3916-69-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/4092-285-0x0000000000CE0000-0x0000000000D40000-memory.dmp

Filesize
384KB

Download
memory/4092-343-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/4092-275-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/4332-355-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/4332-290-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/4332-301-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/4352-403-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/4352-389-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4352-398-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/4352-402-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4756-357-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/4756-418-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4756-347-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4960-395-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4960-321-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4960-387-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4960-329-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/5104-1-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/5104-14-0x0000000140000000-0x0000000140203000-memory.dmp

Filesize
2.0MB

Download
memory/5104-12-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/5104-8-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/5104-7-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/5104-0-0x0000000140000000-0x0000000140203000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads