eb11371d49df6e48dff6baaae8883258d344f0f43754109c8a9e6b3a80ec3291

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb11371d49df6e48dff6baaae8883258d344f0f43754109c8a9e6b3a80ec3291.exe
Size

1.4MB
MD5

0eaac6294a44441b8757ac4e0481bc3a
SHA1

dc0381623224132d58f6c0910ed472ff76601cbd
SHA256

eb11371d49df6e48dff6baaae8883258d344f0f43754109c8a9e6b3a80ec3291
SHA512

9e651fdd98bcd5172928cbebd22720fdb2d24f5d864fdcc61695a4d0659677bb4e859cecd34102690a5bc0df07824a9e4367e972d57e1b6ce62379a67854e564
SSDEEP

24576:c7zNkhm5PBX/F9+EfOPyCf4sdAAzmwXB:wNEm5ZX99+RPlf4sSAbXB

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
932	alg.exe
4308	DiagnosticsHub.StandardCollector.Service.exe
3588	elevation_service.exe
4904	elevation_service.exe
436	maintenanceservice.exe
3388	OSE.EXE
4944	fxssvc.exe
2068	msdtc.exe
1924	PerceptionSimulationService.exe
4968	perfhost.exe
2552	locator.exe
2320	SensorDataService.exe
3996	snmptrap.exe
3292	spectrum.exe
4640	ssh-agent.exe
2812	TieringEngineService.exe
3824	AgentService.exe
5036	vds.exe
3496	vssvc.exe
4452	wbengine.exe
3124	WmiApSrv.exe
2232	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 28 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\dllhost.exe	eb11371d49df6e48dff6baaae8883258d344f0f43754109c8a9e6b3a80ec3291.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	eb11371d49df6e48dff6baaae8883258d344f0f43754109c8a9e6b3a80ec3291.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	eb11371d49df6e48dff6baaae8883258d344f0f43754109c8a9e6b3a80ec3291.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	eb11371d49df6e48dff6baaae8883258d344f0f43754109c8a9e6b3a80ec3291.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\fb3c9bbfcae432ce.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4308	DiagnosticsHub.StandardCollector.Service.exe
4308	DiagnosticsHub.StandardCollector.Service.exe
4308	DiagnosticsHub.StandardCollector.Service.exe
4308	DiagnosticsHub.StandardCollector.Service.exe
4308	DiagnosticsHub.StandardCollector.Service.exe
4308	DiagnosticsHub.StandardCollector.Service.exe
4308	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
672	Process not Found
672	Process not Found

Suspicious use of AdjustPrivilegeToken 39 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1828	eb11371d49df6e48dff6baaae8883258d344f0f43754109c8a9e6b3a80ec3291.exe
Token: SeDebugPrivilege	4308	DiagnosticsHub.StandardCollector.Service.exe
Token: SeTakeOwnershipPrivilege	3588	elevation_service.exe
Token: SeAuditPrivilege	4944	fxssvc.exe
Token: SeRestorePrivilege	2812	TieringEngineService.exe
Token: SeManageVolumePrivilege	2812	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	3824	AgentService.exe
Token: SeBackupPrivilege	3496	vssvc.exe
Token: SeRestorePrivilege	3496	vssvc.exe
Token: SeAuditPrivilege	3496	vssvc.exe
Token: SeBackupPrivilege	4452	wbengine.exe
Token: SeRestorePrivilege	4452	wbengine.exe
Token: SeSecurityPrivilege	4452	wbengine.exe
Token: 33	2232	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2232	SearchIndexer.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\eb11371d49df6e48dff6baaae8883258d344f0f43754109c8a9e6b3a80ec3291.exe
"C:\Users\Admin\AppData\Local\Temp\eb11371d49df6e48dff6baaae8883258d344f0f43754109c8a9e6b3a80ec3291.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1828

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:932

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4308

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4904

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:436

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3388

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:5016

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4944

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2068

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1924

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4968

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2552

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2320

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3996

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3292

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:4640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:3048

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2812

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3824

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:5036

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3496

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4452

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:3124

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2232
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:1400
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
  2⤵
  PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
92c0321125b926c18765f4fef4b74827

SHA1
688786d764463b8a66ba73b799f2d127a942d84f

SHA256
6cc161c4247ed1e290fb67abd9c4f366a01a95e52426829248bf0d37c435ecd4

SHA512
15b5ae3fceebcfab23a60e84b139417e61c8e3b11a3fd7a9353b40f8ee2e048f5051ac53da3b5dc1483d46809a5b10267d7a2af080f4f3f3d814d877f2d2b5f8

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
083e4d5cc544470b07104b67651ad975

SHA1
53bb98a11e12cb2d38cd58bbcab42d62e2bced8d

SHA256
4eba607023ffe2998f8897d45842fdf878c1af888a77cae98c77aa70a3420e45

SHA512
d49dd3a9926d4c139e7d6507a885bb932caf61fbfe72384442bdfde98b67fba6917a9ecbf535ee8334b33a6c375ee0d80c6e3a37a6da01fd27f95dc324b411ec

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
083e4d5cc544470b07104b67651ad975

SHA1
53bb98a11e12cb2d38cd58bbcab42d62e2bced8d

SHA256
4eba607023ffe2998f8897d45842fdf878c1af888a77cae98c77aa70a3420e45

SHA512
d49dd3a9926d4c139e7d6507a885bb932caf61fbfe72384442bdfde98b67fba6917a9ecbf535ee8334b33a6c375ee0d80c6e3a37a6da01fd27f95dc324b411ec

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.6MB

MD5
9b2453d5f4b217dd2f4b8b5650ff778b

SHA1
fab80770f659d37603403fd981cdb74cc2de5b3f

SHA256
1d762ec5adb85643211b4a1c94d5c49afc69e0654a518701366bfc758bbc99c1

SHA512
30ed1e2276809abcc1d706626f7df54e435a0c522f879838648506c6896e35b130e394e144600581bfda28273f3a46764b212dfc67ab6b8cdb591702ed073c53

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.4MB

MD5
6d3edac5e8ad31dc684531c3f3061ed3

SHA1
6292c1c188d7da3c415e0c87990e4f66ce3c5e4b

SHA256
aa9d3795aabcba9be7184a3196ea3eef1a7f4d4a0f8efb71ed20a90eaf415663

SHA512
1366611168424b2b50be2b4ea02069c375fb02d2796fd7f8f15d232dab3115467d97ec2d4cec49b812335e884f319421087b85386f876123e0844a0b5f506875

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.1MB

MD5
c88af41eeafc704d9e4499d50bef4821

SHA1
ebe801f4e30173d97c879fad924b07704c83c2a2

SHA256
d42de424453ba7f93da191f176257974a55720e5f8a5f90deedf7bbb466bf77f

SHA512
3f23e8ab69a3284df576683cd307dda12650ef5103ffa142a3567dde086a6e431e19ac404ea322f1c2a1091267d67848b899ffce5f9290b4f2143415eeb8cf68

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
d36078e99e2c611179b01387c3e98c91

SHA1
2ed41553ec7d4a99beaba75ef2cc6d751f125928

SHA256
9239e87c5a50561da34c769a77609403b1b69258cc27e04d880d9dcde7003d91

SHA512
83eee76d222600fc227616f4a682c2f20a2e028fd7b16db88b037936181febc7685432778e6b4ab44fc204f4921ee27f8155eda254e3e1ef7abb2daf35513d18

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
3a79cbc6bdd42489f088ddecd11c5dc3

SHA1
a60572586d3b5c6e9586f6f1b1b237cdaf2b5077

SHA256
d3eff3c1826dbd834277a82fd6cd6450847df1a5449c0322e78ec04a76d94d97

SHA512
0ebc4d524455151eb16c54f6b48157e8287171a7942a7f059497bc4fd8cd675f802d9cf27da5625b702796b466d6df4e2bcfecdf32ba666cd0e22c2ca8a3b431

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
9e73e4bd3a049a6e1c37436698290cc2

SHA1
34cd91157781b2ae54fd36dd43e0958757895a49

SHA256
38f6e5d37636d723d5cf7bc060028f39a5ad7c0433a6a5ff7cf1d24e3a417a30

SHA512
d6d82ebc9e1cccecadc21ae79caa948a5118b3169f3419503611e4ffb58012160dc0b430f7b6ebf40b4b5eed8bfd44e9fa2a8423d65bc62259f1d3606751d028

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
6d758026857603596924373a53754892

SHA1
c8a3cfc3c7ffacfff45a32d58664959923a0aa52

SHA256
dc07fb021586bdc5dbb162ba908f351aeb1f9c42a90ef3f4e9ae958e0b067dc3

SHA512
f9968e66c64312b465a5a8672cbf4fd55679374399bb48de32b14e09a5c73648af2dcd7610f0c320d7b88d77360cd10b4aaf0d1713c40076f0f937452f0adfa5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
ff7b0b785d96ea48792224a98d57b2d6

SHA1
0c280e0373ac0b1309180de9f099086808c6ea42

SHA256
af3670b1996b32f94128a172bf2c1314a574f00afcc8444a4a1293592aeb75d2

SHA512
c9cbf83dbd9cdc3db00270bce220b346ed63eab0b569562e4ca69b29f36a1da9f484657d34cd0f3136be42e9ffaf41d016db4961c590eddc6649d420c17af056

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
b4c06f21aa532a061244de42980cd306

SHA1
62f6800edfcf0788345bd38d9298104a7ac4695b

SHA256
1a24e87e27417d32a4a0185418ced61b6543bd83eb12f4f6efaf073ca728af1b

SHA512
3014d58cb0ca0b5421fbef3d3d2507aaf9c3a9deb7b7e1602930d9f581f552635b9336398d65e6bd6e145b546bbef4ec0add7ad15c0cef8c464a452ca3c5288c

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
c6bfb9daf3e588bd9f17dcf2d5b0a55b

SHA1
324eb254a210cc951c8e95cfb802031522876881

SHA256
cb45bf74b0c90c7c5b942aa718dbae996a1c906c9ed3424dfe323bfc26407220

SHA512
b46823667dc72387978e383331e98a506ef5a294ea3bdfd7a693e94cbf2ed77a140940f098fb8d26e43415c14215d36dc12ca5836755e488815a688c17ca896d

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
01fa6154263e4264762e2887f56528e8

SHA1
7294e54146e3b47c165b1e7ee1b18017b0b4a48a

SHA256
ff0013f497020d58163f0a9d5794186a0096f1bb60f6fe3e551cf8e490b6595e

SHA512
2f4591e99d1d71457ac2c81e4e79f22ce770e9d3fed4cd17a40167b0778e8b27e05a4160069e619e4f018ce6c369ae61e36ccdbf5e5373a6aa70d1afd93ceba8

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
f90a67db234cdb65ee628ec448c46a39

SHA1
eb2ce24dc354710ff9e120c024ae2e31e0edf7ee

SHA256
0ba5fc1466cc208c1489c7a2dd802af48a972736515bf935a217e42edbf2bb31

SHA512
e9ee711dd61a0afa38e9ed541687cea627355bd2c6071f858811d645b21b31b07793e15c53ced8caa249fa7f2798d5100377b0759294425f6a268da87e49f85b

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
aedba6bf3ea4c33f74fbbc608a4817a0

SHA1
b141505f1b7045ea90edc2abdcdd560e65327ff6

SHA256
50fbe3404d405dc91c387f2610372ab810b4f157f6ad1cea7f054e0e7dae10b2

SHA512
7823eb203f129d2c49c2659f2f59512decf1eb88ab30e1f15928ac1aa558889704807987c4449a1476bfd00ec981739f6f7f34b8b201e6457f4f11204a4838d3

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
846cdb5df4d7c86f3905e33a5e43df91

SHA1
079e987cd2399f30d43b05da2dec5337ebf33455

SHA256
87bb23ba47617bdc25b6fc647e78e1def6cc26d12d44603345c32cdc1c9c9ba8

SHA512
85b1d136af6d5e873bdb93b97facd6ddddde10b965b75ffb1071be6a399f8b53879b6566fd06e8dcfe50632c5a0e384c86a8163078f5aaf89a40381da4f11508

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
56c9ee2cb619604ece8effefe3ace396

SHA1
47f30b465339e5962a538023725bf110692f71f5

SHA256
dfdc6cfb0b2575b5b64d2925ab3cde09cdd7b8c3149be2dca0c4e94056044e78

SHA512
15a737b35aed4d8d2e7019916923868c6d405c5365dd9c82eb4acd6e16561d814baa952a19177a11e08f5b685d54e0c284565016cb85a14c0395153bf13746a1

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
ed25021fffa4707f15829027fe2d8f19

SHA1
80360484c502a4ef03f54324530c93fde86ff736

SHA256
e6ef08e94808999ad984e826fb9885f0504e8d06bfedbc4ea302bc04e4a73b99

SHA512
c87009bd4662ef0add85d908272937b7af110d48b662009861e4ef23749b47475d47a2c9cf2d56eba9302f3970560d12ba8d302018c7030e4f1de038538f78f5

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
c98cf4f4aa02f48191d4fa672cb6396c

SHA1
dffc1106f63b3ce869709d6bb9b273a871280986

SHA256
a14888d9a6c43016bc93b5d8c8c60cdb58db002407b26e81f11a4b09384d8a5a

SHA512
8128a856fee58b01c11a0704c48a3a8210fbba3aacfa738a22f212ef7c9563671c46a224dbf29c47f07deb796520a4e0586c87181ad84ad7f4f21d7a1f23004f

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
fe99f724fb9d6823dbd745254461c15a

SHA1
440e53a33d3a0365f1fc9fd8fb0d7952b69c3d58

SHA256
1849add709fe1cfb3e6946ff85c6ce7f4a3816b9c90429cf3d6f445b13e6fcf1

SHA512
426ed2f5b90a763d01275835ccb850c3fdcb02647709e0b933894e6786204e732470f3836b2037f8cd293f0499085cd80d24c9269e98ce06ca1965e98f04ea22

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
43f2d1719f114530a746feb79f4a5200

SHA1
6523e0e81b0e87e24eda98176da5df025e9fdda0

SHA256
d56fc581ef55e9f1c66373c85cf3fd28c3a4dd60ecc2cd825cab8026e205bd68

SHA512
4d0459ac0a4eb858a897a13230954811f671df73bd58953753a468b98b199f7d1d9487c82b1f502388422bb3c3293d0e92d9dd7b54da8211111c42cc6b2f156c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
5f479d50e042e24d6a13f3252165f2a5

SHA1
1e59bf74883c81a3bdcb82b64d47b5015d51181e

SHA256
fd8705664eef621a96d8d7c3198b8b0c918a8b10fc172194f8d1c42dde364ca6

SHA512
e4d91f4b0db2b0abd3062efc803b4b391381e0e57471312200e74f4a8a3c1dbc61cf1c1b8bec7b8644074540e1859a1c16fc2fc4c4fc74ffa09339affc6564f0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
55d9ebf6148af4c72bee252ce72e917b

SHA1
b91fd21a30886a50647760c40084db5bc67f2845

SHA256
4b496564715d4647c77be68eba5c187dd088397749481cdccc0a973b853772ad

SHA512
4a22394fd1f72251d22bb74024773730b3c8cd736b7655cb94418cc3fc69f0416db78d970a6369c9b09472a1156f1adcc488d44c8c178af0f5322766d55a9ac6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
66e814bb95194a43b97bb137f6ff49bc

SHA1
1088c9a3beedc1b507cfb5e1b2e3618caff8b1d9

SHA256
869edb0df882b28cbe8691302000952e212e1df4aacdf172187827143da2dec1

SHA512
dbed5de503353e36d36c650590da24240c8ada47aad984d7eaf6195ee7efccb6d318bef53875e03b03e467e014f994cc0559e6e7ae8ed78830dede7b3d003417

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
9402909cff6b43b1ae5b30314f7a5619

SHA1
2ab535c150a9a0969a0608b192d953e5166ebb9a

SHA256
f7f52083b1280ed44a1172bbbdcf84f901b18779dc1544827d761f17767be006

SHA512
c475ca36f68ca24b2032983884046c3d0c250ac1f200fb236258dc8b4a24cc94409c97c32ef5a6c4461594ad276a292b2786e2a24ab77224cc875105372ab1be

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
22c3f48311072bc079c9b2abe09bda75

SHA1
d60f69ca1bc0337103d3786fcb2607a8a17eb85e

SHA256
3e58be2038a2e0b519dee5b72b77e44cbe71e369683a2c65f89ff139a06c8092

SHA512
f6c04162fa6e5bc41c6c3835a4b2b34e3a16ad7a5a02a13b2c4c166aeea3eb0aa3d28340cc67bdff798d9d2c48f64310c5f0de87bdd5ef049b1cf76c763969c5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
2a1d11469b849ea9a62d2709fd738dcf

SHA1
fa8a572125d4c2a09d347601352c959ccce0d8d4

SHA256
e745edecc2931ad1e57d30ec154f4edb97c9164f8aaa934ff9a0b76ca62aa844

SHA512
ae2a9df423a8a1bc286c7f35531e1f5aebead68b5ac11ad08ecc7a99a424c13ead26e61cee3d69664fd3cdb488d7b65272b76c4870a57428e665c271c3d0e74e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.5MB

MD5
f7e9862ddb32192e4db0e04261348450

SHA1
52027d8f12bfa3aa433aa07f1b8cdf430250d0a4

SHA256
2bf1c1581ab4930f71401536b253f77ae45ee95d449a5a1c1b10c0200e8e9118

SHA512
642fdbe0f92a171bd4c9bee9cd8e2719754ae59887748ebeb1a23395197aa1b0529b026b0d765a2787fb80ee971577b4fcd974c3c492fe4251c3f67a720ad600

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
c193c982e73d33f4dff8647f3ec0dcd4

SHA1
cb0439e6c0a16c6feb5cff8912fd206f0334a1f2

SHA256
897a9f36eebcdcda8ecd9942f8b303a609da3d551ed994e98f20db1ff979e46d

SHA512
a00b4cc42c2630fb77a347f9da2c8761a0ab11e4023c885239191d33ac45b821bbb3dacfa15dd4b30f86f1b7c4432125e6a6fb27ca0a6ec56371c907606dc8d1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
3d93aea090c9f1cc5bf4bb8a811dd6f6

SHA1
8de96c0e457c0f8032fbe514b69e22d1aa8af538

SHA256
9ec803cd58f18cfe359e967330b1f2cce5294e1b69170850e0744aefb1ab96fd

SHA512
c90530bc240eba610de27a2b1a97b6bae9dfdabdf7a85553d809c57ab423774d32dbe8ba7e6d8faa8a30803f7574cdb43bdbba7eedac799ba9341fcc85466d3c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
eff6de21b36640260b4635fdc5139c36

SHA1
2f139b6a1896856ea8754a38a74c4feafd3b8cae

SHA256
bee1cfbee94e03f5e04b45225ea089d37519b77fdc005c7cb02869bed78f594b

SHA512
ea155d441443774898cbf434e48b7b9c7419ed41ab6be2871fdb5516a15c67d4a85d92553678444e09d7faf741caf64231e13987b49f9978aaf1f75e6d5f1092

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
8d69e912cbddfe84f79b498f7d12f0b2

SHA1
99395f4892305dd9a9994e0540bdc1bdf3431aaf

SHA256
d155addf7551a551e1859779f5c3f77dc9d693191b54f5632a81dca72ac3acaa

SHA512
f4078359e1e648ffc80fb93ddcd6dde035988571cc7e0ff93b32b6366094c8ecb65be3598891d52fcd57f0e78c5322be198dd592050f458d4c5afb4ccf558669

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
256576928a2b4eba8d2f1d89355ad136

SHA1
5c0795fa984b43607a8482f9a839bfc786b5bb61

SHA256
3a448db7e4cde7a84f13124f6d80c8c46a4e065c652e29b2e3814700f13f1e78

SHA512
d21f35896fe55f79f17275549474b33df01349b64378de55fd31da047d4844839d6542a76e60ec280d7c0a8bed59e75cf9c09f1e3c6619ccede550a6914a0557

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
514c5f78ae242eef193b0b22c9c6dc41

SHA1
e8ca313b5b630570c0b501549987010b2f8d396b

SHA256
7e16e5f74f0e99d8e14808f211622bcf2968267fb204868001f358df24945659

SHA512
d01b7ebc2c9c5ac0f30585a38cc36d81b24b2cbc092f9cb40bb7bf3e3e6d3f64baa23676ae0ffdf348798d36524a5636edea1e7e566e12fb053c7b782bb5462f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.5MB

MD5
33e99e7c09f2826c941800b469d4db35

SHA1
deccdab2de344700aa9358c4c6a90d013c0fd9de

SHA256
a349d66187869ebbb71c50a67ee753667d3c18df78d3ba7058f92f964c439c9c

SHA512
fd8f0e80d87088c88fc08a76d96f86fa8d6a6449a987cda513b8bdb63882823ea8f11107635a48e9ff98a753968a2a4eb32de7603193e2a1a97766f3cd87ee88

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
55e9f0df50f61eb2cbfc3108c14579e0

SHA1
a830231eb9412fc767110dfa8476d184e4c8170c

SHA256
9cc712d103bd5d3b7cb2a66042d2530d700186291a13f16a43c57fc06ebe6ded

SHA512
955712f50db9df63b65664144717e4bd6bfaf598bae30e4b5a4792bccc1a2f24e9ac41acad2874bdcf8386e90c33769a1316e5a8642375535b71e88a2314206f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
f15273d997d7b20e52a4e7319f6f2aa7

SHA1
49e451711b3923a0f823f827e4d4f2017faa732c

SHA256
bfea2839cf2dc23bb0bde5a71977e80ffa7dd588d63a609384b551cbeb7d8145

SHA512
83c21b33e6437c6ec7bbfd11ca778bb401db62d078e4856aee3ee3533644065561858de950246d9a284b0ab16ec09fc45df5ab72c0cc349c792c828b3f0bd801

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
5db5257352df6924e283211e39c2d229

SHA1
1fe1834e3f9c3ee4c393fa22af9669eae9dadab0

SHA256
3af6ac8a7f851dec755630c1207ee8a2d193411d290d16418b4c9082ba4fa20e

SHA512
185c71bfe5e0a004d7195942c9852aaad879a2bc70244c1c86c44fe0866c61822076c7c78018f67a77c61c1b56eb49cb222ee3fac5c225de49e87f55c93b3ebd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
b6f38b9c8364ee55f95fd92c7a990a49

SHA1
5a2694aeabd9b2968e9d114e89289409e4d81a10

SHA256
0783da92319f62ba438bf29f1971fa41b53682a7130e536bca46285452a3f2d4

SHA512
4f7a7ed21955658665dc97295864648e994bcd54dbaaf39ad742f6d9eea59b9f4618dcb7caa57ef287caffaaa66baffccb6c956ab5338e11a858f79728457036

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
b8464e84af303f697bb2a213b2564344

SHA1
dca479fb4d73fc41e7b04c5995259186d002630f

SHA256
6a6f3b27dc8e72cb5045d87067ad85fbb7a53a832afab418406c3d88317c0e2d

SHA512
de775e67239b7be3124cb541ce966dcaa740460e89113764dbc708a4b36c90391151e152210b65f851ab14e33d56472a4b9eebe0f7260a9e240847f9163fe3e7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
b2215042b53530f524a4151974721174

SHA1
8f5dbc05cd11b242e74eb2e5e59377a187b1849b

SHA256
04b3f9790558455e9a36d434bbd2dfb6c9e6287b8e92ea8b2b833c781e48d6e8

SHA512
5cf5fa6ed5b4c0d104a47369bc29c6ce7a2b06f9accc937defe0d677170840458928017eef7aa94b08e9282bd9df376047ce72c1de8437abfc2c844ec666b673

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
51f3cca439ba617c6763b860ae37b7ab

SHA1
bdd8c60f2cf3fd77bd5ec82c3bc0bd28f1450062

SHA256
1418139231093900237e0fc71dd6f185ed1d98daa4134f976b6d7d64721374c4

SHA512
866d5a474f5b816ca7ecd34af64b3d14a6bedb4811b07042606b0d0c574391c9e1fecc85b738c510fe94857e4c7e135634c859153a744a8973b58287ebae1c65

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
6d88539d06dfbe1b71b2c54f9bb703fd

SHA1
87ac9bccf73581c702e6d53236ef4146fdb1a51c

SHA256
1b98f33e5a7586454ebeb50c4f79e4091d7647edf82be85652d857626de7d90f

SHA512
1d49ffa453b2919d6c7092bace843e9bd2bd0cb9ee43c9f56ea917936f94913c494f1a9877633024f02f5ba387c9106011e2171e39d5c5f94e3d7828baf5dce1

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
5b486d1e7ab550d2c49cd0b8224dc47b

SHA1
f4eababf064ccab4fa3f7ded2ca7eaf32139556c

SHA256
128184273c89208abb196049939f2429cc3f28e23d9609bb24d4285a45f77969

SHA512
93847d0e0cecfad00d927b08745d0dde2bd769bb05ed78d2a50b4b37a6fa7ae37fa907ff746e72f0e03039dfa3c26087b6216c1099a56a2879b4622e416d8660

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
20582b802798cf858017339f71c487ef

SHA1
d64bc7845f28c855e2a449d2e6ca8fbbde905953

SHA256
787a164faf936e1cd5f36494bd6dcc6f736e64fa4afd6a8490e4a479a61aa76b

SHA512
36e5390916f71095f95272b83df81fa09bde7e72e901ff73da0a5571e2fac570d7554c9748080ab2348d454f551dd5082fc23d1642f3019c364323db847539d8

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
8a7dc50256c045faa841bb7a25ebe15f

SHA1
6f9a78d6f92a50da3684a3d164374d803aad6c8f

SHA256
3783f49c9f1d7a03d2b9fac6d3f099d1853968f855dc827383d4ab9b0d1715d8

SHA512
2d54fb82855c8d3be4f4bd5f9cb2480bb248ff64dd6521a3e8bbbaf4283bda6219088c34476f78fe0cde8d3c66721f476dacfdadcae49de929647b069059dfa9

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
9b3772bea5fd72255f0ba9e499155673

SHA1
948795ea39b002a68dac970dd738f314c2c7191e

SHA256
72adaec81eab58e7a543a4581549143c1230dbf88f1211e5cf5ad91171da320f

SHA512
3e1e6a82e902f88679525b2c7f57affb1a665e61d5ff5dd6686426e094cb1c5c4a3f849c54de09d3f4b09a549e0cd5af69ae4d2b8220fd36d0f9641abcb596fe

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
9b3772bea5fd72255f0ba9e499155673

SHA1
948795ea39b002a68dac970dd738f314c2c7191e

SHA256
72adaec81eab58e7a543a4581549143c1230dbf88f1211e5cf5ad91171da320f

SHA512
3e1e6a82e902f88679525b2c7f57affb1a665e61d5ff5dd6686426e094cb1c5c4a3f849c54de09d3f4b09a549e0cd5af69ae4d2b8220fd36d0f9641abcb596fe

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
9dfb278573013df2b4db6e1644a2b414

SHA1
efbbb294be9a76d28cccbc95d42223129871a55e

SHA256
65e41d735448fa14aa5623ea9193951d45c31802a56733a90a692940edd4cff9

SHA512
3d580780bea512158677e8fcca5630804fc828f227b70ecd978edcdfcef20c09c1a8333dc924ff67fc111996b0fe5ef6b4577d999dcc2201186a19d39fe30653

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
3fd3798b1e5eb34114435daae5f1ed12

SHA1
9583e43b0d0ed74c3383416e2f9fce575f58137a

SHA256
516454d7aa74232f2ebf701c5fd5a49b44461bf2bac84b1be6d2b6fb3ac43c76

SHA512
896a363a5855ce553857771b917f996bce2c6e7e4577ff88480cecf827f7ff2fc0103aecc4eefce7cd4d5ede2d9b0822cb6df1bb7ab979244a6a2fbc51431015

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
9da213f534644045d829584c951705e4

SHA1
7b4ec8eb78109752b97acc5d67ff99c30f53556f

SHA256
07e4b4fbf6e481b27829416a88aea5802a23ecb19de465fb4e2440e588e83290

SHA512
fc679392949519cf8796664291ad853a8c00aaa5250287ab64383fbc6867db92c9d6b088a6395c9a1ad916aed9be88dcbaa504f587d7d01c22f34eeb71e5187d

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
60ad7cc3aa11b48e6b98f576cae7a141

SHA1
318c1d590b17c89955d29b81449c0e35fb25e036

SHA256
734591bbded647eb638d48a54d9a89f50289a27dcbfea09e9fdd97bb6c5d2a0c

SHA512
0d0549d00ffddc9ed81cb1cd9e0ac6acf7ce6776e36cf635c0e5931593b38483da8e585348d771937452c3330b24f1dbc2201517c17206bd6bdb9b487a7b5810

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
884c3b1cd8870d1f2bb06db86bb1bdad

SHA1
fdd81d61faf88947fc5c770f402373352eebed46

SHA256
b89a095c99152d9ffd9ba7601aea2f8614312439e364c7126a27ab8f7229c576

SHA512
fa723fa09f3fc3fb74477de41375dcc3da3f48ba8505dff556c3dc6b941442e547dcc385443ba608f31d9e4c7b564b1d57df21b430a789a88ed373b231a4c007

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
5e34ac99d642b2600ce26dcd7e8285fb

SHA1
9532113c8e1b863ff2aee98d70663868f0768076

SHA256
1f6934f40a91835b2bc30e330e201306facbefdbb57a4dd1bcb27784d0170c54

SHA512
494ccfaba6d74e8b77e2d5fde67aa7ea45f384f1401ed7e611596a0250edb2b3177ef92b81d13e2bd31022cf18c6311c8b3dbe9246ebf320c73922fb19ec8952

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
9cf6e87074311aa3bb541e77fa7d2e56

SHA1
4100d09626f8a6ce92f3d11226cfc960aa0eb7d1

SHA256
d2799db485636e72ecfe9bbab474f080484b057181aa39ccf4202001358e038b

SHA512
56a0bdc3443ec2a927bc840d263a3c12fcab2431e4086d5e5379ee947ab3ffc05932d1dca04b07a2ee8079ac7215f18dddc0209c99f390c3cc4fb443e60ea81b

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
f1673b3a458114c2ff0d9d94ade31159

SHA1
05d08ee2e27c871b83aa4a97d247412f6cf2d353

SHA256
c819a38aeb3103846a9deb7a20106175dea1258c2c47616463aeb68a29b3b5ab

SHA512
90ffc1dd430cfe8ec232102e26d49355aeb440dfcf78839c295b9342e3ac56cafaf5a55e279b2e26c8a36f31b379251eb7dbe309cc2bc84779e8b3808922ded8

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
ec9c18f77ba68e13d6624bf637377032

SHA1
f37f64bba1c94bdba62d64aa8526ba5548c84ffb

SHA256
85a06034ddd546291c853d57d2d7faca7192d5f1b23352d848b3152fd572da46

SHA512
9cce574352d4a200d3617e572b4332cd3b28ffa0172e18a8847860e1cd9362dd2e634cdbb5a5f8b9a8a9cafdb2ae205e7127fb990d3f28cb60333c40703e6f0b

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
b2323f1a9fe6039f62f53d7c5a88ad96

SHA1
8ea6465c32e905b2169da470dff2d39776a771dc

SHA256
a854aa1e1484f16965b00f1ca454e9cd3aed344c11676708fe43a6c551c3e6d5

SHA512
055e99994145091702ecdb95091792e405e3f481490486d1db152743ed28560352de5b98bf66b19ab7d237a4844d6b73d7ec31189fcdb35611ae419724e08833

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.4MB

MD5
a7a6d229d8b012d7605abbaaeb55020d

SHA1
6201179c11a7d8ec7eb1214f6fc16706e6dccfd4

SHA256
d93be25026c4b037df783af3123de6afcc8da81e178886d5522adca621c7a4a5

SHA512
f7b055276ce3b535c357c5a5899d9a65a793e2f6be17bef463e0d81a6846df9d1ec93da40fc773632687a2d1f1a176ede68975142cd496f7f3a33acdfa3fce9f

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
ec5ab739d24b7c81d4953b0d80b50f02

SHA1
7acb60bd6893cd2e1d2fea9ef70be9be49cfaa38

SHA256
453c7f2d46fa44099d69cdff00f0204828520079f149c568606bcfc8ec324b14

SHA512
2bf9187331d5c6534a786f16336465602a57db326e064e006d26515d1697b8ec7d0b43d1505f88aa2f00ced15a9407187c2b9934c678ceece0626bee7d7792c9

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
4e62e6e1817a9c340ffcde760dbd37ce

SHA1
15a1f6f4bbffa09abe17b07c90db16494f10784c

SHA256
2798dcaa084152570f69af70668e196f2107c85ba9004cf460bac73b9388826b

SHA512
c66e32d8f9ae99dfb04bb5285af346fec945cb41f749f1c0117572dca8de11b5b4654bbfae4eca887579404b314e7011424d35f28a1228ae43211ed2d3562dfe

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
06b6e6c0657cb917adb91dd97080f8e4

SHA1
7e2ea89e9709bac56f68ea7d9442fd77b5786bcc

SHA256
59b8d638c9084f65430d98fe4101a0ac3cbfee767415f56449496ab2d87c3026

SHA512
4bbd18b305ed60aedcd9742377479f592cdbe280e0ca414cea5e52c652a9e04fdf7d62a9f6e3e1c97d23c5babc3e8cd213577f2e34f06e96adf28121114c7128

Download Submit
memory/436-57-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/436-59-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/436-65-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/436-64-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/436-68-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/436-71-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/932-82-0x0000000140000000-0x000000014014A000-memory.dmp

Filesize
1.3MB

Download
memory/932-12-0x0000000140000000-0x000000014014A000-memory.dmp

Filesize
1.3MB

Download
memory/1828-7-0x00000000006D0000-0x0000000000737000-memory.dmp

Filesize
412KB

Download
memory/1828-30-0x0000000000400000-0x0000000000566000-memory.dmp

Filesize
1.4MB

Download
memory/1828-6-0x00000000006D0000-0x0000000000737000-memory.dmp

Filesize
412KB

Download
memory/1828-0-0x0000000000400000-0x0000000000566000-memory.dmp

Filesize
1.4MB

Download
memory/1828-1-0x00000000006D0000-0x0000000000737000-memory.dmp

Filesize
412KB

Download
memory/1924-260-0x0000000140000000-0x000000014014B000-memory.dmp

Filesize
1.3MB

Download
memory/1924-261-0x0000000000C20000-0x0000000000C80000-memory.dmp

Filesize
384KB

Download
memory/1924-267-0x0000000000C20000-0x0000000000C80000-memory.dmp

Filesize
384KB

Download
memory/1924-268-0x0000000000C20000-0x0000000000C80000-memory.dmp

Filesize
384KB

Download
memory/1924-317-0x0000000140000000-0x000000014014B000-memory.dmp

Filesize
1.3MB

Download
memory/2068-256-0x0000000140000000-0x0000000140159000-memory.dmp

Filesize
1.3MB

Download
memory/2068-308-0x0000000140000000-0x0000000140159000-memory.dmp

Filesize
1.3MB

Download
memory/2232-355-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/2320-421-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2320-338-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2320-288-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2552-334-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2552-285-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2812-322-0x0000000140000000-0x0000000140182000-memory.dmp

Filesize
1.5MB

Download
memory/2812-425-0x0000000140000000-0x0000000140182000-memory.dmp

Filesize
1.5MB

Download
memory/3124-431-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/3124-343-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/3292-347-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3292-303-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/3292-295-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3388-80-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/3388-74-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/3388-185-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/3388-73-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/3496-429-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3496-335-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3588-34-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/3588-33-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3588-108-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3588-41-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/3824-328-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3824-326-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3996-292-0x0000000140000000-0x0000000140136000-memory.dmp

Filesize
1.2MB

Download
memory/3996-342-0x0000000140000000-0x0000000140136000-memory.dmp

Filesize
1.2MB

Download
memory/4308-25-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/4308-26-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/4308-87-0x0000000140000000-0x0000000140149000-memory.dmp

Filesize
1.3MB

Download
memory/4308-17-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/4308-16-0x0000000140000000-0x0000000140149000-memory.dmp

Filesize
1.3MB

Download
memory/4452-430-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4452-339-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4640-319-0x0000000000D80000-0x0000000000DE0000-memory.dmp

Filesize
384KB

Download
memory/4640-422-0x0000000140000000-0x00000001401A3000-memory.dmp

Filesize
1.6MB

Download
memory/4640-309-0x0000000140000000-0x00000001401A3000-memory.dmp

Filesize
1.6MB

Download
memory/4904-147-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4904-46-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4904-53-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4904-45-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4944-251-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4944-254-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4968-275-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4968-276-0x0000000000640000-0x00000000006A7000-memory.dmp

Filesize
412KB

Download
memory/4968-325-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4968-330-0x0000000000640000-0x00000000006A7000-memory.dmp

Filesize
412KB

Download
memory/5036-426-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/5036-331-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download