37a503f7d36bda3be968b6cb557bae0735f56b14579000519b7418fbc68a9fab

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2023 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.10ab83fbee7c5b815d805dde94051ab0.exe
Size

1.1MB
MD5

10ab83fbee7c5b815d805dde94051ab0
SHA1

773cb6945ffae3c55051ea73ceb8f529cc928e2d
SHA256

37a503f7d36bda3be968b6cb557bae0735f56b14579000519b7418fbc68a9fab
SHA512

142c2e23ca60b2ad7dfb1f4977216c24b0917498cdb4761f45100bef60a5e56e513d2d951472815e62c7b8fadab88ffd41cccaff64fdb34fea2b284bf70a8272
SSDEEP

24576:2SjPD9TNj8cZhrJd9YKkinOlbsMlPjz3dXhQChtNsB:2MNjvhNdGKkinOlxdrrQCjNu

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
1824	alg.exe
3388	elevation_service.exe
972	elevation_service.exe
3792	maintenanceservice.exe
2976	OSE.EXE
2344	DiagnosticsHub.StandardCollector.Service.exe
2144	fxssvc.exe
1524	msdtc.exe
2596	PerceptionSimulationService.exe
4260	perfhost.exe
3924	locator.exe
2980	SensorDataService.exe
3440	snmptrap.exe
4272	spectrum.exe
1416	ssh-agent.exe
900	TieringEngineService.exe
4112	AgentService.exe
3920	vds.exe
4500	vssvc.exe
4368	wbengine.exe
4008	WmiApSrv.exe
4700	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 24 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	NEAS.10ab83fbee7c5b815d805dde94051ab0.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\6515892e894cb869.bin	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	elevation_service.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	elevation_service.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{0E5204B4-23A8-4FD0-B961-C9538ECF3820}\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{0E5204B4-23A8-4FD0-B961-C9538ECF3820}\chrome_installer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3388	elevation_service.exe
3388	elevation_service.exe
3388	elevation_service.exe
3388	elevation_service.exe
3388	elevation_service.exe
3388	elevation_service.exe
3388	elevation_service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2004	NEAS.10ab83fbee7c5b815d805dde94051ab0.exe
Token: SeDebugPrivilege	1824	alg.exe
Token: SeDebugPrivilege	1824	alg.exe
Token: SeDebugPrivilege	1824	alg.exe
Token: SeTakeOwnershipPrivilege	3388	elevation_service.exe
Token: SeAuditPrivilege	2144	fxssvc.exe
Token: SeRestorePrivilege	900	TieringEngineService.exe
Token: SeManageVolumePrivilege	900	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	4112	AgentService.exe
Token: SeBackupPrivilege	4500	vssvc.exe
Token: SeRestorePrivilege	4500	vssvc.exe
Token: SeAuditPrivilege	4500	vssvc.exe
Token: SeBackupPrivilege	4368	wbengine.exe
Token: SeRestorePrivilege	4368	wbengine.exe
Token: SeSecurityPrivilege	4368	wbengine.exe
Token: SeDebugPrivilege	3388	elevation_service.exe
Token: 33	4700	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4700	SearchIndexer.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\NEAS.10ab83fbee7c5b815d805dde94051ab0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.10ab83fbee7c5b815d805dde94051ab0.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2004

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:972

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3792

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2976

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:2344

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1924

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2144

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1524

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2596

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4260

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3924

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2980

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3440

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4272

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:1416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4200

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:900

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4112

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3920

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4500

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4368

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:4008

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
316796b5a29b15eacc2e54126ad1efb7

SHA1
a54000a15db50677fc9dbb48a11dafab926ea9c4

SHA256
aef68ca314af8c92009b3c9648dfdf9cd347cbab3cd94e4dead3b29a5cc5accc

SHA512
6ec1568edc700d78f449ed6223906485d6ad8b6c096742a653a1930938437d1777099206ebb83f1a34e02d82599253c86512a29e0553753d9a8b98313e3c748f

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.5MB

MD5
7c5020e00919bb96a1a140a9fa9b6f6e

SHA1
cea105768f50b1da9794ac9ca83408f5f09be7d7

SHA256
c1c004363e44dfc07a52e464018bfec58ec397a33421948864214b5eca89af17

SHA512
fae5783e851df7e3e7ea10d9ff18920cb8cbb286fee3d916db8c7b21061a10876456beed347b06b0e02daebc89f1927319d5ba8400ddf399c05631c2fb6bcde1

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.5MB

MD5
7c5020e00919bb96a1a140a9fa9b6f6e

SHA1
cea105768f50b1da9794ac9ca83408f5f09be7d7

SHA256
c1c004363e44dfc07a52e464018bfec58ec397a33421948864214b5eca89af17

SHA512
fae5783e851df7e3e7ea10d9ff18920cb8cbb286fee3d916db8c7b21061a10876456beed347b06b0e02daebc89f1927319d5ba8400ddf399c05631c2fb6bcde1

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.8MB

MD5
f8aff75b2165bf826569ce5f97479708

SHA1
3557a89209f9b3e5ea3ea54effb818f578daafc7

SHA256
03ea91b6373c5ecf9481b8ca40fa47b8d99ff358c2d0aaa0c6f6296580269958

SHA512
fb673368ec9fff99b12821f46de6f8545ab419d1d9ab65f1d59865b7f0ff51eafaab4d308b3212e65311d79bf65303922af5698d4ee5a631a6955d92663794a0

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.4MB

MD5
48ef3788d19059d715941583b8b3fdf3

SHA1
079171732bf7ed00d242e085a25bffe74753e50d

SHA256
04bf9659879410b407bd827176ef1984c5d28f1d75a9ff744498c5ce4ec9bfd9

SHA512
f0b2a28d832cefbb999cced4b96cc0a7db4b6798e34909e74626dde9c1c606ebb34113d8414ee610654d5c04eef3da624a5d1029a27a07ceb717598bbb3f16c3

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.1MB

MD5
6d2ae1e7c87b42c0852370a2893853c8

SHA1
feb371fa2d1cf1e09642495228702e378a8aa4b1

SHA256
ada11f90054c4b38dd76cacd7a69f7a57b02069efe8fa8cee956f6757290e6e3

SHA512
bb0fbc6a71c531d55d3f1e031f7e715567d3e7061da9a34f8904a850039502801a71122e083eb72a2945b1d5502f75ea7e8ddc9a87bb265f63bd7432e7980394

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.3MB

MD5
4d157dd83a85af773db661b663fb856b

SHA1
8bbcd775b3ac1059fbb29818be84b7e3b09a1831

SHA256
652d4990d8a223a71a1d23c5f8782587cf63dfa13883b5dcdfbc8eaa186ae657

SHA512
1d2c7eb6f04be6f7f61db1673f2736b69684201620c95496bfe02a0edebfae80d56b3ea402abbb6fd47b1042d8d7436cd8c68354f029ac08817b009e8ef04afe

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.6MB

MD5
89764e78aa152d980c37deffc2dfa89e

SHA1
f8c882b9c99ca94f339d3778c1d3906264ad6e6d

SHA256
5d62d022941d24e8af8dd5965108301f29d0222825cef5c44eb0c891ca9329fd

SHA512
49955eba4a2b01b2eacfeaec2bf1afcd5b3d491923c20eb58cd8f5cc774c84566d4bf39725580246329c67d6c68d7aefd970e91bd7a34d88c93f14a1a70b3c38

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
cfddc5fe55f999432df94cb9e48a0e76

SHA1
4dfd48079e5cdb06262cdab5dbdab20bc85bfcd4

SHA256
6109326e3f4bb3798ebfce10fe0244e8f5e54ff37837b1a9d663da47457e4a6a

SHA512
516dcdd01d5787e0452b1edb1861d82a656560e3d7c807c55d6a9a22283c54b753529a437c046020bcaa7a2450b549305780e8e17f3775fdb468eddc09de05b5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.6MB

MD5
abe10bbfd4af12183b3e8790af292122

SHA1
fb62d138dfda1918cfc6f5510b88705dea3cda81

SHA256
e3ca4e1b1f17b570c29c0342a0ccfab5d6d39dac72d0d69af45319f7aa2e7d0a

SHA512
0408253c85653aa0b99eca4977cedb22f8457c9833b7eaf16d5aa6dbe4fc27642d8a5474af216f9ce1b97f8745fd5a0dd060774bb471b20a8ca7ab46e78d444b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
76543ec7100783b5fc7d4c6f4ce68194

SHA1
ec473db984bfb468c7e420523bc640122d5c5f62

SHA256
d45acde54b4bec919103e5f8271612e8c45d27cca1eff28a7a635be579933876

SHA512
491a1d9c5f43ffd5aa722b1e7381346d7bdc9256d77afabccfaae68377b45c939c7f6b427dcdbb47e7783a8c8ed4a87bc436eb9c1c3f68a21cb271a00750f6af

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
85f9a75d863cdc7c51967c38662674a8

SHA1
cd4b8d564c7df8d48b0e647d7dce5129449fa637

SHA256
b7f052d4903ef22d46d0b36278b0b3e114817a26f2bbfacdd01f34868dd29fee

SHA512
dd7b4cedf6e883c6d9c4c83f9b05ea115611b7762a414333efa6b90ce72ff1904071dc84b14c82aeb6ad6608f048bc24815664853a3f83d1b4a893565504ea61

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
19db1fc9e7e80278b79ac474d5973cd0

SHA1
72b99fc4a308da6e8bf9ff36bdbc93c50d33d19e

SHA256
6d329cb0b96004fbf007758338b07469d567d17f5962b48ca60fbad0534806bf

SHA512
3d2f4f395a2631bfc5ef560410da34523083121d253526b7e066551fe45f78e1fa7ce71524207745db04cd19240ec5b90b369296d70c1e696826564378996163

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.5MB

MD5
b89312964038e7b4f11049f111f05845

SHA1
0d71d289874c194c2d8a6d3eb28732406c7b9acd

SHA256
b147ddb065601acaa99174e53468c82fe93db7c36beace3695d334ed8f5db4d2

SHA512
91c2836c65d2343eed0e10a9d5bad8a4c02b90948e7738c029c596d68091f23d96b5d9a8e2f3da3de953b9120b1f8fccee1b8a28f5cf6fba1b8d5990bdcc1719

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.4MB

MD5
cf3e02332469588abb3e426ebd89a050

SHA1
67aca8b9b0cb6c1ae23ca54d5c8fc48be202ec45

SHA256
03f414d06863ac6dd8641378a8c774cade1663f2a509f7e4b7783476b4abebf4

SHA512
8a6b262b1691c6af305af76469a3d293aa2b9b2bf7b31d9105fda76f5de139aad35092decfffb293773f45f9d91d5e6c329ecd9f4076867ca046f8ec9e5484d8

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
091c3da27717387a2d672bb64fcf53c4

SHA1
198f16c34a5b8acb4e1be3cb07bf68136a792206

SHA256
d86fb9c703842492b6bddf392d9b376e38495ad321c1b5e480e807818139fe2f

SHA512
8a66a2ed21c4c0d692206ac9ff2eb3e4f55d1ba51b7f76c6391e4acbd0dc257fe0f31b198a5b6785db720fac590e1b8b23d33239921ec8cfcf91d54ba9f0ef6a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
3c1e6ea21d20cb48023534f1df8ac650

SHA1
96127c9a0ea150a423cb6355840efcc40708892c

SHA256
8d9b76bc1d0f1a5478f61e2be216e3e99a8e3bbed49e34709e59e0f3fd7ae876

SHA512
ca63dfe5374aedd54021d4c12971bdb45173c714bbb85e4920b9c5c5ff8fdf04fb7d6a7bb1f709d7616fd4378bae41dff7668227b6beeaba9c2f62e5455e8d16

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
7bcb2beeea000fbffd55ec5aaeaf15bb

SHA1
c98fe8042ee34b59bde1e7383819ada5ee9bac1b

SHA256
22fe183742fb6f02159439a74a0f346d2142dbc53321547cde6cd163302367f5

SHA512
0b5a667f5c1139b3541ca67b7f8385cc6f3c89b53641ebbfd4bae5b8b80b4fea9bba8f83ba3c33af2d6b14b03e16e6c43f1e2723d9e855d4290f3fb5388f7982

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
b75d71d1566b6762d74935a71e38928c

SHA1
79f59b85b0721e0e698f2e2f1c3d6c767abdf473

SHA256
cbf74352aa16b5757b41b92a4a647f3e5ac605c6f7e4dccf28c1ec5b22ac7785

SHA512
9b045c6bf56522bc6f5118ee80dd1588b35c7dad83e8ae548716dd2d6982ba1b82fe8e579078697dca3e6fdc1b71e5237b0d97bd562e4db68c70f6e195a7b827

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
7a4f1181098722a489cf3e76070b0ec5

SHA1
29730b0d790af56bf126b0d256f44ee7c30abe96

SHA256
0c30ab92d76ac7eed7ecced70c5b6f48b4e54b0f697ec54466a9c9689b6883fd

SHA512
1bdbcf2fdf4f68b1ee0a3b386ad92af9443620f7061d1fa0d6bdd4ebea842bbc06db0f15562063cad14d332632f54a83f0f39bd48aa9aaa9bd6d1705de6c8fe5

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
a5a14597ac6ac12575effabedd95b7e4

SHA1
287064359910fd55643f176ae064a606b13da766

SHA256
8636dc3c22853d2068420fa1a382381c74f3a185a18affcd96b81a6197138b65

SHA512
8b0c7669fa27c514d5310451b8db1a2eecd9fac8967d3a535947728b30ca9e5a8ec8c6a6cc16cd38f6b7222e84c59589589c0f0f72a24ab3397ba9be58117bc7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.3MB

MD5
871ad6aa9ad1f1f07e7c18ecb3b90e05

SHA1
7d69ad21fc88f1510101af67de7965b539ee172a

SHA256
7e955066569b4bb956601a2158a023d3185c0aed12edea483f57d0cbccadf178

SHA512
14944a996504d511eceb4105cb9052fc5047c00c6236054d6a3f2a58cabf5c479464f2797f3fe957d590d7657bb6d56c81ec9052ceffa2cb20f470319e6fd8f7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.3MB

MD5
a7871145a8d41ffc757849f8b1293e79

SHA1
0f31709e565c69ac5e502bb06ce43966fcb49555

SHA256
ffd9eae36cac4c769666d069117fb5f1a25a3e6da47efd3e440f01e6ce3f6802

SHA512
12446843df413f73d995ec8135fc6a53d82c1ce98fbfb40ce97d35023977a6e774881a7eb490fab4f437b87b20b130db0d985e4ccf5b8000e1bcd4a1b5e7d655

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.3MB

MD5
65a9fc7428e12f52ddcdf976efef75a4

SHA1
c18131a0c1767fcaad7953a3299a135e93f48e1f

SHA256
b56b8ddcb7890b39eaead109c52cc4b20e0aabab6b4ce0dd56f1ede912fc1984

SHA512
41be8bc29995f4b9fb91b842da53b80666e8d63ca57a9c6247576cf9e84bcbe4abbfbcb0d55913b59ecb19a990f088964f12e363f107abd276306ebb0d7e574e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.3MB

MD5
1a100962706579f2bcac64d2e9900297

SHA1
87e1149f5cd642727bcbdcd8e1ce04b9ffe73b3d

SHA256
f0af672fb7d38b1d4cd5b9d0e4367492b4b2e0d6a1533dbd80944b7fa7024cd3

SHA512
36d881ac38a56f3f2704bab7c72ef2d7de9388142d2a62dd1cc37dedb077485249d710b925034ce038ccf3ca0f34b5d5774b49fb1ba7dd83a082e9c7ff2ce32b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.3MB

MD5
86087728e2e6aa3bb86cc46cc4809177

SHA1
0c9850e097bdc3909251ccdb2058748292c864b8

SHA256
3df42c06217b86624fb9a63d9f8683bf39c8243403f3bbfe66518f081a503dea

SHA512
5c18a91b6be78c6ab07080b9dccdf0ae6ba6b47d9ef91cf1c118c03650bfc1652c56a84a10e0d95f7661dc41102268a891805e13ce32c8217980d1ccb81c55a7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.3MB

MD5
728e5551d37607a455ae4d9ac91b29ba

SHA1
ef03f0f20503f483057d309b6f08c2e1aa4683ae

SHA256
19a9e04388786bb802d880f99ec66fbda4a1cd1cbfe205b74f41ab4402a0893d

SHA512
38eb45fc62ad18aca4efe45657284f6009bf60f9d8730829d331b3ced806426b9b6eb416d92b903b95bcc5abd89b99cc64acb1338785fcfb3524fc8981d59d7d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.3MB

MD5
76793976c6626346a3f98b747ecdeed1

SHA1
7b26a13e4d796b7b27904d25a6ddbc48497518b7

SHA256
21d945b5be68638f955fbe163be4728aa1f7b6d6c9a774d36976551f15ed5438

SHA512
33ce92b79ff4890a6fbb29b38146f22d2019d0aba9dd4430c9904ed752a11b1f57f85ff4cb2d5279ebf70fc93ce1ddf45314a9a05cdf199b4075933259466f88

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.6MB

MD5
cc964a997b20404bad38924f7a03e36b

SHA1
14b056e34b1c8f3a49efaf2ca87f3465fd768b65

SHA256
e58b6674e9d814729005aa7562715f987074509f2d9ba363b0fee8856155153d

SHA512
50c0b91e40ec93f4ed081b3b3a86c7b5e49a79e75e5c12c6caa1a54855a1e1f7af52c69184ec71cd5ebfc6c448e09b4cb9f0716b567cf132477c5bd3535fc721

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.3MB

MD5
2ac3fce52b18a2f3c2facfd6cdf35f73

SHA1
20d6572ee9bd0300a2cdcdc98348b16d1ea277fe

SHA256
17229f12ace147760f75f78f5cbce4edbd7d787399d6547e043d5884aceaa31c

SHA512
7fd7f13ef3153334c59a1070e2aa1f9abdda5d768a13c5a63da4574dff2b8d63f8844ea07a91c06e704532051618cd42b5f9194cfe3970a6cf517b312155ef90

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.3MB

MD5
84a8b91a9d615508d8aff48f512fe35d

SHA1
f2e5003771fd641397df62d100c351376ca13e7d

SHA256
00d43e7c4cce16dbb0006b8d69eba76925a3ce1be9f3591a922f7b211db33d8e

SHA512
6460afceceb9be5fdb600b7d1799cff1c4d3f65d9141e76390b2414edf923349684dc165bf303b55bc75d3d8c1db77c07ff56a31e74bb353932d40b4a3ecb095

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.5MB

MD5
3847c16579fd0af43510b5a23e20a0b7

SHA1
72dd782f9fd33e462874e136f38b768345828b3e

SHA256
dd4478988f9ab13ffb83c20250a93b71d5be41d92e39987bca37666272358b77

SHA512
b6df27b6be4a0b71b82676fa4868187c9f581616130f927d501025de4e4af14888e07f092fe6ececb3cc97b434a8fea39d3a5ab3d210e519186559b15123f76c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.3MB

MD5
357359c8c3690fe81f9dc45f77c3cc51

SHA1
49addd357229ac2555213061cc1f664b0592f02f

SHA256
c3a64c921ed893dd00f74466a95362b85f4f663770a3ae9f0c08d78645c86443

SHA512
46cef555eaf34441e1c89e77babd308bf14ded130fcf2527ce0f0a16652714030215b39c1eb073bc7d3f230666e8b1f7319be0416fa83bc4ed6e8b25aa3d13b2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.3MB

MD5
245099db83296a2e5884c7c5376dca54

SHA1
644e92579fab66fb607dd07c8081376c29f6a77d

SHA256
a60967789b30bda9e5703fac9f69fc22d044162da66b003513d804e17b0b7f96

SHA512
dce331bcf4b6e599da2271bf70c9391a1ff6fa9f2f483cd7df32faec6491e5a231573802ffef6b65044ee16c5c160d6ef79e6acb5e495b2d66fdb07973e07921

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.5MB

MD5
0564c22b33bbaeeadc374a99188466eb

SHA1
39c7c0026cf370e6f5a18e2485917488772fad94

SHA256
055d145e0724b4507df32bfd863564a471700dbf060936ab402029c7817ff129

SHA512
f422d518c5c32d79d6e0288ca44f07ae04ab873d223a2c51e58f2d6cff8748b84e1c75c7698ac0f0a86c3dc0fbaea65cb282e42b693c62283ac312cf74f96ca0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.6MB

MD5
bfffcc71c8e28f03dd87a705346e0c5e

SHA1
fba1788e90aae37586e71bd479622450931a8aca

SHA256
80712f3839ad33b88fe0800da3615085a44c3c8a168391020235fb852eae1cdb

SHA512
44cb2972601ea0456b66849a30c85082d8ff43244ae6e26486e537c011c6e1a75476498db79bde0914c899f7ab4bca52c180bce7d97b8b19e85359d52f7321e9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.8MB

MD5
f7ac82a3011e38fbb711173fa8f6c42f

SHA1
5b41611e0d557fe9f6dfafca378c8600d9e13719

SHA256
044cb34cc44d402adb8c4172e0b7de70324170a387d37ad7a50f5211f8dd21ce

SHA512
ba8f1a7f21f0297012786b62e65778b39a42d013e8f2094350a0079653a7096d65dcdec251f7b9c0d6de169e818e81f76db17085ed7d93cbd41e4b9bd24ffe3d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.3MB

MD5
c073249872bd4e6c3f972e0011bb21db

SHA1
104bec3675c71d208d59fff8093755968e336148

SHA256
e86648a780595ba02efd59582874c042bea19a2644b04e62a02a3fbbd5a03f75

SHA512
be98b70a0d7fc44ca65ed776da005900d4e996599c038599caf643b78b87248b50a6ad355a5e7217d4574be4d63fa3c6c3f1cd1920dceb6fe08f18c40bc310a4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.3MB

MD5
686f3ba7b2effc4339f8a287e1a3061a

SHA1
f90ad0f0c06289576159db25b010c4e31c25fd3f

SHA256
2e643a9841e3bccd2c0a4f41580ac2619d76f9b5d52dc62e5178efe9ee027f46

SHA512
28d9081fe3bd3e11e37235dec6965d5c0fb0448d27570da6aae737a4c8ca1c085c037231b853b4ed2d23c8e362ab8a1b5545df42486947d340179e81f3b60c66

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.3MB

MD5
a5c96ca0b1e08d71f3ce1c3d634c61ba

SHA1
c3b78076b7b558e2359f5ceb84fe787abab7d316

SHA256
51b679251e24e526983927b9b66a0f88a8a296499fdc69a72e6d160fb4f48476

SHA512
99ef8d99a49df486ec5a8d07d0b464e90dec121590a5426934a446e1fbee642ebcc0c2c48c8bb3cb3c887302cabbe8fb06fd4eeb89bc0b2a4bf5e43e3c34f920

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.3MB

MD5
966b2a309ecd5966109e9eb736919fca

SHA1
0b1a791a32869f3627847350e14e50d98f52c068

SHA256
2eb81e5cf550e06f2de82cb499f65f78fc97dda8bc0481f66af3de4779b7418f

SHA512
b3e87f1806afafd17099fc3f13facaa12f1200f573007ad08d03da08c1dc17d7db65d8bd5e5eb36a0e98bf28563365a9708c743f06970212354ee3d3f0fbf0de

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.3MB

MD5
797366a0821589dbaf6ac6aaee344a76

SHA1
4e7760de4556932c42d16901bda90bc845272ce9

SHA256
019dbdcd977f88180e5f8eecb58d85f26eed61f855752fcc9bd49b61f4843e39

SHA512
8b302760c1e5cb521545a666c1e6d7717d89f9c1edf04a317b783cb0f668f16ccb5714b4a1d6601c2554fca8b002152fef82ac86b075056cca95a03a9a4f52fd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.3MB

MD5
02351f0a11231d2097b2224b4ea8e8bf

SHA1
ec286cdc18ec4261faab9be59ee383864f361fb9

SHA256
53891f6be70c0be6f4a76367643d97acf60b47d65e52fec08b970b59ef3f61c1

SHA512
736493fa201dcc9faae95944f2da0c4923a8f9a9699b28af5c073956c0dcd0e4732e730da4a62df7e6b2f9080e7c6f96babafa77164576d742b6cda2ef216731

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.3MB

MD5
718bb1a57e921e849789a47d4ef6a4c3

SHA1
3b90e55e4ad43f12993df9c26a7f972cb44572ac

SHA256
30f1339c7f026b5765b44dcfaddff0bbbf7c0b9ae97e0e655d5dd1e61e0c03c4

SHA512
856b201c3ef270fedf45129c6d9b8dbf3053890085aa9e580cfba80229ee6ac7e218389db8dd4c76d14ff022327cb020cde67be0f57f32e215c98fedffc2c5de

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.3MB

MD5
c42857ff626ecc0f5bc8ff0f163d5d5e

SHA1
d585e4df14f7f42c08ebbcc17a38da8f31137c41

SHA256
13d557a4ba7d529e8156c44ee710d1a186f4ba725da6f7b0bb7a3cdce47b654c

SHA512
fc30247b1696caee214428a0a3d2d49cd1f32ff166c9c5bd5a690d64aff7ad5747c57657bf40e24f2cb2d1ccf013d86b6cb6d409c6bc2df5bcabced9a7dd65cd

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
b3e9d1ea001cc2aa195fbae529d82357

SHA1
fa7456eb62a170e2fba8ceb0f850bb3dbd1d85d4

SHA256
03b2db9e4ff65232e000aa5f51bed9493003e4d417ba4a6cb6396577df23ac7f

SHA512
3a04d33b656f0727a3ddda8fd5bc885f974467fc04ac8555a55c5c203c091712f641cc7e42a6b5e454e4cc9f2e65b90d44c785902c7952677942dd1de23e881b

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.4MB

MD5
7df89f8549725e8912c7618558259c33

SHA1
51d8ec52414798cf8973c7b611925c9e85a8aecc

SHA256
e802cd51149a22e20248c558a3011eda9f24670107f1bca8c6baccde29b279a9

SHA512
5de1c2e7c881c51691694ed1284a77cf01ad5a6941eb874809322ea07942fc5e53efa7a0729463c77b72a1720487a861bb74ba0e93d3083efaba9a728c19b651

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
415b7758a62627e60e38aaac7699e1d5

SHA1
9db3bc4bb46abbf8607f47fd0da39f124e94cd6a

SHA256
09b883680fb1d13e4e1d04789d3d626d4c897179e521f6e518dbb415a32d585e

SHA512
7ab55751c5fc10909263c382a0a54413b000bba8a5b9cd1b6773086c3c35321295dd0d341d4d53f8b4b41a2f294609cd89b7460a58feb111f4a25ebcd17514cf

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.3MB

MD5
4469e3f9f2a8a87fad962a11d5e00257

SHA1
41f2ca7f0da347850a5aaef905e986c8c42a4f54

SHA256
5a74f30d4df5b1dcf5d4d03aef95eee169292ccfcc283d0da99b687af09c52af

SHA512
b336742a864c59a3abd4cf2b8a9e5ca41faf556ebb28506143e0b5d966c0e02fbd8ad87325ed4d309a951634771e85386cc40da42f7f4c306e4d547edf7c5299

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.7MB

MD5
c7e064c8521ae496e0e1c68f4b443aae

SHA1
e81176ba4a883ed903c230b064876ddffa902d7f

SHA256
e2a25d5fb99706e1cbb1ec4026f523b4649e0d64acaaf9559162a68b68839dc8

SHA512
bc538f1918367a48a2b94a6fbd3d3f035867a862df6c590241d069081ca502f100fa95fd836b53a7af4a6dfd1da950f705ec3a819c33ff33c476db47fb631930

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.7MB

MD5
c7e064c8521ae496e0e1c68f4b443aae

SHA1
e81176ba4a883ed903c230b064876ddffa902d7f

SHA256
e2a25d5fb99706e1cbb1ec4026f523b4649e0d64acaaf9559162a68b68839dc8

SHA512
bc538f1918367a48a2b94a6fbd3d3f035867a862df6c590241d069081ca502f100fa95fd836b53a7af4a6dfd1da950f705ec3a819c33ff33c476db47fb631930

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.4MB

MD5
2cf57a8a072235399cc97dca3e10008d

SHA1
250e4e9a5f16cdc31ec53a45c5a59ffe7c3a0f52

SHA256
b71225c536f762c0309429eefc0cdd866dba3c06400b5d5fd831a7a384d36506

SHA512
0918254b794843310f0c56e099645f35ce1f792ecd21ab2b44a25898bc1c9f590d81e0d94e68d567a83a2d98e4b5dd3f73b4e2658cb67c409c438ca305db79eb

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
73a087c9d3480b451151b23d020a6025

SHA1
97acbd8a5eaf6988be9699c7c8f14452549e1149

SHA256
a81887baec3b74c322c6eff7802c862320287747b2514172efe92162ceacc756

SHA512
838be1a12abb85584df617340391bf808946889b0e96251f44dffd818c120d00185538529b7e670316cdbf1fb7e981b8d21aa879320e799afd6c881e39c7b6fc

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
11ea77293925e7578dea7107ca755403

SHA1
0d67e9a922aec36c74d1ef05b732d9be393bfb5d

SHA256
a1425f6030d70b3f6a277eb9345acef971394aa2724fd69144b87c5c43ce7471

SHA512
7f8b0208bef88300a8a75245a3ba02438e70c7f6f631c1d6981f865cc662ce6c2eb755c7f521c292f4c2ce71c19e4a1382df262e97a9251158a81e5760e14210

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
862fb5b7cd419d6a9ab96965a194700c

SHA1
27b3ede7faa3ba620634a91cdf75063b354969fa

SHA256
81c4b2c0eaa0102c98a3e3ee85092a1ac7bf02f9ff50c5d7a2414e906854282c

SHA512
2a95445cfd3a482e08ed29c7416be3b5ef7da4e4d1fc3bf6752842b2c60c5716569bdf8a910099aec7e68d868e3df1eff18abd59f60d1e9f8fd5544b042019dc

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.6MB

MD5
99e099fe793df9633445dfa5acc49160

SHA1
8527381eefb71c73befeded69a00313dcd31f43e

SHA256
075d6fde18fbf8dc08348f013fd5730bd4a31211c6265cb8d4410706a9f5be30

SHA512
7494842121d6b8cb0e26098a667b575ade4a218e47d07e1f0f198f5a2775425e3c7d9f7bc1bccded3159f0b05f8976c5c3fdf159ca0901f64969f2191d6e31e4

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
d658a2712b4eee7d28fbeaf274347143

SHA1
3820b55edb577b5ee160228127170ab5a7ae0a0b

SHA256
7dfd6fcb62281d4a9a891c660dab3440f64d4c7eba611280f8aca8d5aeead45c

SHA512
85379b559d0c6d5a0e730ae71b6c022c80b1e0862695d6fdf8770fdc500ed06c09c4158dfa013ffebdd30540509692c2e6c5fa71db5b320cf357e14754a2c9e9

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.4MB

MD5
8a1fcc2cc6ea069da3df402b6d772cc9

SHA1
2ca26ada7ee9f483a82e8bcc2c30275748d3f843

SHA256
ad3470a8c5633823e690440c5e5942539d6b6489fa9cc73f1345b36b154e46b8

SHA512
e48b55e01d6b3806e2f29fe7cf637d8adc77ae75ae95e2556ed03c6252a84249e51d7fa465aecd949ca8f8b9a3eb2bfb1de6a266d9a7fbdd31c8f77ca7350d6e

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.4MB

MD5
51d31117a3108834b2201c79483576e6

SHA1
cc05d5dd8860246e9800a8ae5958eb25ccc82b00

SHA256
980bb13132021d5497c33a044a82510ceec8442ef84fe25e5e460ee50b4e1ce3

SHA512
7261ab397c0f9bd0706ff3d6d1e6d979fe2a805e8497ee0f109a456257f8b21cfb1c670cb0cc48b33e538994e208cbc0ec73e054eae624028921a33854be12b6

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.3MB

MD5
6b0bfd7f766e6ca41799b95776824f2c

SHA1
27a3cf874cdcc221e5ed3dae63e33be8cef7306c

SHA256
92098b60c5e5583a35dd108f19d3587d9f1928a89b40b498588ec91bd45983a6

SHA512
4649a47ac1ad7857f21faece592c1f37d70e7410a55c381e7909145ff45622f4cf0aec3bf3ffff5e21f6dd88107e96d293884c7027623d4465a01a08d5486ba8

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
63f0d52d73576d8c6b46dc2bf6797334

SHA1
921dd53096a9884f99800b6a84a81324ac5bf61c

SHA256
431e908158255e61e1166c291b364d778fece632a1d6b195a18e053232fc3a30

SHA512
c595dfdaf7dc43b2338019e68702c6855972c29860f6e5060637d85bc2878f4ef4e3d1913bb05079a3d4259d14dd20caf2d1013c298e89d80c1868f9e67ddf98

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.5MB

MD5
165e3cd49f7ed71e55f72117c281e08e

SHA1
98809cedf983e5fe7a7295b7f5ab0d96d541d1be

SHA256
ee8e3b4f085495f1a555a2b460ed72708d4ebaae0741b2241641eb19956758fb

SHA512
088b0e36e9b7da84f5e2a44f6713446c4fd4198d6ae4383f1cd4b316ba677c4836196c0a4a03b7cbbad14ec6eda677c413dd7cef374ff54e0412cd2690e3cccf

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
a606d87271d608bc39e44dd6f10e406d

SHA1
78484cfd3ed53a3a5bd5f949608dc1d2df6a340d

SHA256
597aef5c5c0aca9a2713cd0ae6d4b966a44b4cf6d92c83929eff027aa6ba0db2

SHA512
1e251b0212b0e87e6d7fd01d11fde9a0c25182599146eab775512cb7d0eeac5a9d0800a713bacab06ba14f4ae1f886d890693b771ffbee436775eaa57464df37

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
6163e9b2f9c8ebe30359b7fa46254190

SHA1
59d19004060f95d439ff123b0cd8f62d1a1be803

SHA256
fac8c25f2e82f6c229d5781bd5c4aa26b15811cf03649bdb3fe4dfcbcc1604c7

SHA512
4e0cfb58dcd66b23cc9125336b0438a9bc195bb453fe31c882d1b03d8aa74ee23872bb4e73121296c2a3b93b821173384d79573e59576aab262b7d9f1db1f7cc

Download Submit
memory/900-386-0x0000000140000000-0x00000001401A3000-memory.dmp

Filesize
1.6MB

Download
memory/900-393-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/972-49-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/972-41-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/972-42-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/972-70-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1416-381-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download
memory/1416-372-0x0000000140000000-0x00000001401C3000-memory.dmp

Filesize
1.8MB

Download
memory/1416-440-0x0000000140000000-0x00000001401C3000-memory.dmp

Filesize
1.8MB

Download
memory/1524-283-0x0000000000CE0000-0x0000000000D40000-memory.dmp

Filesize
384KB

Download
memory/1524-342-0x0000000140000000-0x000000014017A000-memory.dmp

Filesize
1.5MB

Download
memory/1524-276-0x0000000140000000-0x000000014017A000-memory.dmp

Filesize
1.5MB

Download
memory/1524-349-0x0000000000CE0000-0x0000000000D40000-memory.dmp

Filesize
384KB

Download
memory/1824-17-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/1824-16-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/1824-68-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/1824-23-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/1824-24-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/2004-1-0x0000000000940000-0x00000000009A0000-memory.dmp

Filesize
384KB

Download
memory/2004-14-0x0000000140000000-0x0000000140125000-memory.dmp

Filesize
1.1MB

Download
memory/2004-12-0x0000000000940000-0x00000000009A0000-memory.dmp

Filesize
384KB

Download
memory/2004-8-0x0000000000940000-0x00000000009A0000-memory.dmp

Filesize
384KB

Download
memory/2004-0-0x0000000140000000-0x0000000140125000-memory.dmp

Filesize
1.1MB

Download
memory/2144-274-0x0000000000DD0000-0x0000000000E30000-memory.dmp

Filesize
384KB

Download
memory/2144-260-0x0000000000DD0000-0x0000000000E30000-memory.dmp

Filesize
384KB

Download
memory/2144-259-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2144-266-0x0000000000DD0000-0x0000000000E30000-memory.dmp

Filesize
384KB

Download
memory/2144-273-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2344-255-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/2344-248-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/2344-247-0x0000000140000000-0x000000014016A000-memory.dmp

Filesize
1.4MB

Download
memory/2344-254-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/2344-315-0x0000000140000000-0x000000014016A000-memory.dmp

Filesize
1.4MB

Download
memory/2596-363-0x0000000000B60000-0x0000000000BC0000-memory.dmp

Filesize
384KB

Download
memory/2596-291-0x0000000140000000-0x000000014016C000-memory.dmp

Filesize
1.4MB

Download
memory/2596-300-0x0000000000B60000-0x0000000000BC0000-memory.dmp

Filesize
384KB

Download
memory/2596-355-0x0000000140000000-0x000000014016C000-memory.dmp

Filesize
1.4MB

Download
memory/2976-72-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/2976-73-0x0000000140000000-0x0000000140190000-memory.dmp

Filesize
1.6MB

Download
memory/2976-80-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/2976-198-0x0000000140000000-0x0000000140190000-memory.dmp

Filesize
1.6MB

Download
memory/2980-336-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/2980-328-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2980-397-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3388-30-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3388-29-0x0000000000C60000-0x0000000000CC0000-memory.dmp

Filesize
384KB

Download
memory/3388-37-0x0000000000C60000-0x0000000000CC0000-memory.dmp

Filesize
384KB

Download
memory/3388-69-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3440-345-0x0000000140000000-0x0000000140157000-memory.dmp

Filesize
1.3MB

Download
memory/3440-351-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/3440-414-0x0000000140000000-0x0000000140157000-memory.dmp

Filesize
1.3MB

Download
memory/3792-61-0x0000000001A70000-0x0000000001AD0000-memory.dmp

Filesize
384KB

Download
memory/3792-53-0x0000000001A70000-0x0000000001AD0000-memory.dmp

Filesize
384KB

Download
memory/3792-64-0x0000000001A70000-0x0000000001AD0000-memory.dmp

Filesize
384KB

Download
memory/3792-66-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/3792-54-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/3920-415-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3920-423-0x0000000000BC0000-0x0000000000C20000-memory.dmp

Filesize
384KB

Download
memory/3924-324-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/3924-317-0x0000000140000000-0x0000000140156000-memory.dmp

Filesize
1.3MB

Download
memory/3924-384-0x0000000140000000-0x0000000140156000-memory.dmp

Filesize
1.3MB

Download
memory/4112-411-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4112-406-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/4112-412-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/4112-399-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4260-379-0x0000000000620000-0x0000000000686000-memory.dmp

Filesize
408KB

Download
memory/4260-370-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/4260-304-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/4260-310-0x0000000000620000-0x0000000000686000-memory.dmp

Filesize
408KB

Download
memory/4272-427-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4272-356-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4272-365-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/4368-441-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4368-449-0x0000000000C70000-0x0000000000CD0000-memory.dmp

Filesize
384KB

Download
memory/4500-436-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/4500-428-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download