8f1d8b0695ca1f4ecfa6c615193352284504bae9802be1d3a6d7c1b63e652802

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2023, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc2644e654532f8908040d1b8c8c0920.exe
Size

691KB
MD5

cc2644e654532f8908040d1b8c8c0920
SHA1

97f2ce46eeed9af667fe687db80586b1780532e1
SHA256

8f1d8b0695ca1f4ecfa6c615193352284504bae9802be1d3a6d7c1b63e652802
SHA512

83e3c785379e31013e3675f697656519e7353432bd6f72d51e16715b14440d390bd3fa2ae78b94bba31ed2f253ebb52919b4187898db0f02e7154b768da0ac5c
SSDEEP

12288:lcCvO70oQ6Sbwoqg0fitGbna8dQcLk/+cb1q86pJDlAF44bE2cSX:OLQrbl0fitGbna8FLk2m1X2D4brr

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 15 IoCs

pid	Process
1584	alg.exe
4704	DiagnosticsHub.StandardCollector.Service.exe
4484	fxssvc.exe
4620	elevation_service.exe
2388	elevation_service.exe
992	maintenanceservice.exe
1904	msdtc.exe
2280	OSE.EXE
3064	PerceptionSimulationService.exe
3488	perfhost.exe
2772	locator.exe
4796	SensorDataService.exe
4856	snmptrap.exe
1344	spectrum.exe
1244	ssh-agent.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 28 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\system32\locator.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\msdtc.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\dda33e8cd9bbff8e.bin	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\system32\spectrum.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	cc2644e654532f8908040d1b8c8c0920.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_179734\java.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{CC33CE5D-25A0-4A19-8BF1-AA9F080685BC}\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	cc2644e654532f8908040d1b8c8c0920.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4704	DiagnosticsHub.StandardCollector.Service.exe
4704	DiagnosticsHub.StandardCollector.Service.exe
4704	DiagnosticsHub.StandardCollector.Service.exe
4704	DiagnosticsHub.StandardCollector.Service.exe
4704	DiagnosticsHub.StandardCollector.Service.exe
4704	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3820	cc2644e654532f8908040d1b8c8c0920.exe
Token: SeAuditPrivilege	4484	fxssvc.exe
Token: SeDebugPrivilege	1584	alg.exe
Token: SeDebugPrivilege	1584	alg.exe
Token: SeDebugPrivilege	1584	alg.exe
Token: SeDebugPrivilege	4704	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\cc2644e654532f8908040d1b8c8c0920.exe
"C:\Users\Admin\AppData\Local\Temp\cc2644e654532f8908040d1b8c8c0920.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3820

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1584

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4704

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1852

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4484

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2388

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:992

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1904

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2280

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3064

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3488

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2772

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4796

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4856

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1344

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:1244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:3536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
89e87237603dfbeff04231a00219ffe1

SHA1
62137c38a685f264e152c18fe2d3b475dda63bed

SHA256
0f921a2f00d7c7a0d608fa0368b1760baafea195e5c708c6380fd2ce2e9226c6

SHA512
e2ceeb3451aaac469b65646efd2171fba7387fe874957f49bb5357d49a0216de4b3fdcde508ec22a971055caaeeae7938444f14a511ab2302f6d0f4e7f7ce780

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
800aa2484b7ec66fa60cea665871ede2

SHA1
ef310c0c7e12e501794900f8da90c2828a66361e

SHA256
f929b3a1f8beafcdd24dc728c4e109bd33330e5a27838039e7ee7ea26b74b2e5

SHA512
3e590e087e255a56f1a816c27f4b0a217f939310669f9b280df9cdc3c3de39bd85a3b1a1baf308a766248a216b9547b2952a2e9d049fdeaa24a9d2a47d448802

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
800aa2484b7ec66fa60cea665871ede2

SHA1
ef310c0c7e12e501794900f8da90c2828a66361e

SHA256
f929b3a1f8beafcdd24dc728c4e109bd33330e5a27838039e7ee7ea26b74b2e5

SHA512
3e590e087e255a56f1a816c27f4b0a217f939310669f9b280df9cdc3c3de39bd85a3b1a1baf308a766248a216b9547b2952a2e9d049fdeaa24a9d2a47d448802

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.0MB

MD5
fa3306d1fe707c359de19eae436577f7

SHA1
5871e0a57649b7804b706b840ace1588842d9e6a

SHA256
9ed8a7db99c17fb39e21e29515582fd94c6388d9083c0f5b01c593b7714e62db

SHA512
5ae4a122944b281b8fd8fc529d3d74adc174cd03e78ec8ff261aa593a80b7417d2c241b208851f75d6d18d91c29263c8f2042fed2e8fd792353654fef91fe2af

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.4MB

MD5
54b171708f475ca84ca429e60b90b7ae

SHA1
d6398e19a351f58befb81be7f3f3f23e9e4a218d

SHA256
f3fec40296fa8ac0fc6e076b1611c55ee6c72841460b388644af2315aa08cdea

SHA512
c1d87556b6568cd4784d5cb6f16cf88b372f4137099f58c9241122e6d027b0032fd03edf63c9515adf1f249aa1ff89ad509f2077c10ee1c5ce389b5932cf24c4

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.1MB

MD5
cdcf758f5b04cff012b2068d2caf46b3

SHA1
631e512ca6c3276f03fdd034ad08a520f7922959

SHA256
b07fb63ed1ba4d02bab50289fb59a9a2a9879c00fbb12e84bead2e79dfb7b823

SHA512
adf438960da7f7c9c14a473cda28543e72fcbda67ff9ca6f93e08dfba3820f717ab7bdf8f7198ed672b152a1515efcc286ae82a18330de14bafb300c4c26e170

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
583KB

MD5
082fa864213c2c873ec380948afeb0a6

SHA1
314cc9ca7313b834742f883c02f1ca6d343b5f06

SHA256
63de745af78c55baa2c02001a162e2dec66f4c7fd3447dd69ff923052b3fc640

SHA512
d79960bd2f750bc3d02234e7d075bb18ac19861599641ed2eb65ad078ced6984284cd67355f10ed434117d09e8ac4efca3043bfc95025d80774ce8b61e774613

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
3e6b557430216ab5dcfc940ca3ec8a6f

SHA1
97e6619789b607f859cb9108ff190acc695234e5

SHA256
94b7e43bcb42039c873f1562576a03f6fc9293254895691b89c24a2ba0536b97

SHA512
a39a88bf19e148bb528474f6e866497e43f5ecc0007ac3e7fda70f35cf23632075543fec203b492b6a36dee5661c837f5ab75bb97b57109bff06e8e0f4b88489

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
16bea384fddc2f85010a02bbe15585cf

SHA1
cdcd2dc9d4291edb150f5b588b9b13db5efc9f2c

SHA256
da164aae8ad05133710c695b234a28e132ee6ebd65dcb6f54384a19a36679ae7

SHA512
9bc45f5dd33e3262cf54f01296cee91e7fa1d59e5c9f4dd260200aa4f0eae5e9ce969a022f5504ba161a3c7a877dea07d9a88865d00bbc2633f244fe64d5bf9a

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
1578b8025b63f843f6dcb54ae192f7fa

SHA1
3ed28dc98f9355ade4d9b3f26d7242c6412081c8

SHA256
9a5ae95fb1c7731b8c9100cf5e1b660e01c03bead785239724beabec6520c88e

SHA512
007924416026399b89169910a9d765cbfd93d1d7f205e20befc43dadfd6674f58da65b7d2c1e47649eae0e167626e13be0584112229d84101dcb402c48c8f7bd

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
b4eae13051f1716d3481b3be4eaaccb9

SHA1
9d6cc1d6143b47615a6e05c90a4487562cedf7c9

SHA256
4d10a3eb12fc9e2489d97de1b1283364639c8d687794317d340573dc71ba7279

SHA512
43ec396f312b0af01c795b009ec9bb27acef6829307661b03e4e6f0b2c432947e1b01648aaf208aedbf1a8f794947574a53db26edb4bde4df588b6c3539dad5b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
fc405939ef7e4eedf53a7655ff340c7f

SHA1
7b807c59cfc089ae24ae4d708099fa6e659583a7

SHA256
828b2fdc1103990e74e51eb5900928e390db0b0b68ae955d22401cd63d92c5ac

SHA512
84a1c8be716d62e47563fa8a362c7cfc1800197d47cf6cb884ccfb4abf31861aaf81cc6ae62b713824e495a0dce50431524ca57bac5d610ca687a906d38dfa49

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
75fd5021e7f9cf412e02a80dcdbd3268

SHA1
258d32035cd283813ce8f1804b818009cb387522

SHA256
1e7b22968ee54eede12b616e2365d2c5dbcecb0606c2e2ee045d92226b493c3f

SHA512
5a414eba992ef3a5d914af4076468e74e625618bf6511e14f1d05eaa34882fd65ec362615007c5bcf53c216578107f34d5a8af36a910d08373de0093442e25a7

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
5d84801bb64462633285b69f259e70ed

SHA1
d4e499562351154709d393a4d5883ea22133e524

SHA256
60506f342657069c489454682346d2ec8de84b22ce312cff4ef77d7369210b82

SHA512
daac34cc0a8c990d0aab6e673d40f85d7091391b77c31f65419c102595b8ade39c35292d937f7814e0d5f80e7929c937e41e65c86c938e220d1e7686dc5767f8

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
086020dc6a68bd0993566361f1c28161

SHA1
d033ff53e4a3cfa88c0b746cdb0f9949d0554e8b

SHA256
8954238cfdb1ec77342d752a276b850041eedcdb68641158eafee6ddd6e6107e

SHA512
1391b5faef6f0852469b5cbb2b219d9bf0c7850b436b20bbc47f6f16f9acfb4bdbbf2c9843750f309bde69a05f9afa6db74fc827693963facf47da468d6a6075

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
d1646f8ea8b739814561d4b357b97684

SHA1
91ee538c0a9217aa2b94a9671de80a795fc8190b

SHA256
ce259ddf8a58c43badb6a7adbe94029eca0f8d5617eb9a1d35b12dabe12b37c0

SHA512
019e4e90b3f85ac0004f6eaa94dff4f73830dec056d251bdbe7f98aa8fb0c1e3656458c71966aa667335c7d2210da7285e1cac7ad1adac86d6d6adf90772345c

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
701b093cf554221a24b0a5cea4c4d5ba

SHA1
a476a446b93cf72d960c8831fc1bcbc1af1cb8d8

SHA256
31d4ed6d2c9601ce5cd573afa08014095ea1d4ac29b6beb32a25c6eac36e9058

SHA512
aab8e2b1857087474123adcf48006a27c127211a614384a625d0f911eca81b05153123e9be2d123f5e2ffea3bf62e08b074e31fb9be6fa03243453b2bba0ffdd

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
e36c1d977c97bdf380186b245a96960c

SHA1
78ca4aff7057e52c4ee7df16bbf258a7158c9e66

SHA256
e3c9aa157bb170c5ef9c6d47fd5146f11f196685823ed54478cb3a65b914ec60

SHA512
69a8ce9ac5d8269b8d2624a98b86078c5d736f19e314721263a4ac6c3c365d82fd76483b959608d15c5a528d186ac0caaf27f78b473fe2d41d8f98d1326951cf

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
15a4e1ed74bf5577f4280194129d46af

SHA1
90058bbabf45f74a9c12c922606429075d84f208

SHA256
49e0411e21f73136e69ffc4127ba9d612c438c5aed07d59b313846b0b8deb4b1

SHA512
6da5b55d3593fe286816ee3274cf12984a00350f1459d56cd304a1a985f425635ee272ad1675eb01587a139d07030f4de07053227d3425ea120aeb74fe6ea3c6

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
d8ee1258b24c508379f530ae6da4c3c1

SHA1
f6e48532788f0a71d384165adb88660952d1b4c1

SHA256
3f900a0c5994f12f17297a0e77816c5fa801260fd7bd8e40f5d6951ce6cd44a0

SHA512
be10b993c824f727fc615befd21867d31f4a0ca3b4af43a3c51da31931fe50ba7cd7c0f79b0dfb7f26525c020765ee7e0a90cba7ef498473321698f9d974dfab

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
7788f823547b85a340624835eb459067

SHA1
94280ec26f96add6e7df056cc7af3c781559c9a4

SHA256
c3f34a7518853408a85eeb6b5bd43cbbf9df305a864df5e90df1fe856425bcf3

SHA512
f863929001fb36e5195149bf0576ded9a1f3964400e72df6712b8cafd2b5bde68bd4fd6fa622aaeebfb6a66d1aef159480e044d883af5a0ddc178968cec14669

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
d0faaf8d4bbfae7367ae435771a92417

SHA1
58e2ea378640f904c906760c083b06684bbce049

SHA256
cfb15cc83d2f4461a77a4d8258c2b179957a9a6cefa1814dc6443411214013e5

SHA512
dd1cf20fcd67802e261a93ebd57351bdf1e44c6b194fe6591fe09a7e0c64b5fd8c56e8fe3c0aa255898f34c9506ea819eca9c935fe09b15820d420dd5fb40310

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
ecc91adc569ebd608c3edffe9fb856d6

SHA1
42ff0d674bdf5b04f416f680cfa836a8cbed7a26

SHA256
6e42a44523f144d3527e052e3ced4052789be47acf0641015462cd49c32c2914

SHA512
76219d51a138b00419c8f058bd39ee8df0aeee88479f32e346c17c483d745063bb162f13e3a2e611af8b7f1b6306abef2ec9a28af7da379263f1261f32c1ba92

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
fa36703e2d9ade3a746e1772de0d5de4

SHA1
4b48965d32e05efd9af10f6a6bd61d74b940fbe2

SHA256
d1115911af50ea7dea346d1db2b1d7bfb5b071478d62167776b78dc63db8a982

SHA512
5970d37dab7a29018a9e893418adc7dbab3a33ddcd228698a1840af64cfb4bb0aa9466da9a740503c15817ce715ce5301a0b3a0bff145a640a3de18141bc7aa6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
2a16004d338967fecfc4b763212f0b52

SHA1
0040af3bef525b6a9aa72c84b43876dca73fdb2d

SHA256
3bda94177cd38d27d1dea4a978934233a605385042ee8ebc5a7c9c8791a2e3ec

SHA512
98e427c7e097b81c52582ee807b2c25ea600a5d4085de3b6ea322988d5e065c13a11f179f5f28865d0eb37491bf4da6b7b787db5284711cdf795196c0848ccb9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
4cc525afa90f87f4deb7d897b817b737

SHA1
afdb9e10b5b645eb4f479ce4e2d2108ba479b403

SHA256
c276c37fa61b583bd8d8a370134edb913c43e8d1adc6a58a963d64f7abafa7c0

SHA512
38cabf8e738f5b1a19bebc65af7e3a6f3c4f2de8936b6c7e432318f769cde41124b34f9e2f51f3bd622ff0d20b1cf1f4def109b117b85f3968d39c246abd952b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
b5c3d255e1668773a63c3a1d5c635612

SHA1
3c1beb5d0022a86652d946653a6db53ee6746b1e

SHA256
7144d9a113a539322c91952ac2e1c5b384967619ea3859561cedcd743d2594d0

SHA512
6044e240d9d156d65eb6c0cc7ccc680f85101248d2f5b78ce6bab8010061881f379690a75cea0579913d06815b6b0c8d324c9dab2f30419d14534314bb5e44df

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
4e1b88d5036ffcfddfa35a427969c756

SHA1
8c8dc85edfcbb12203c216cd32e47fb2603d1725

SHA256
41fff45ed16c8f1e125d02dbb04faf9d987140d98cc3d7d7cbd89f90e3b0b45f

SHA512
cdbe60c7ad557c9567129f053cc9ba86720b9401a207dd237d31a1b0b97625fd6c3a40b159fb0ae29069b0f4fed29f83d514c50720e08022d4092c3dfdf17e59

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
3f50b44b327a403d7c70c321758c8c6b

SHA1
50cd8cd52c0a4ca00b79a22a346f5e354cc37634

SHA256
a2d5f8f16cd25af85c9ffa97d1cc8fd9abc7c461c5c570ea6c7eb25b42cb25f8

SHA512
78bb2e907cb93c2650747543fb5b5c0b6b469f192f914906ea590f3a9bf43cb463c527a1a5e889ae51644d03d98bc118e90b2980b04aae3406d78010218b2a92

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
70d27cfda38ccae243024be5b075f181

SHA1
1f669254338c66402a69599cb8749cdf4330242d

SHA256
b0df401e8f3cdc10a8c26f1ccfe67f2bac214fee5eedb2802199930c36bc1ea7

SHA512
f696a41b5f3a9391fc0f09f624a8c04d0ec31a854b9722e94df2ba1c5f1ba222d7d69303bf9e946d3e72535e698f40e64f5f4858f2d3c54d44a556d067c1acde

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
0eb2c91ba24406c29ddfa10d40fd4552

SHA1
568091f329ec5ac96c1d1ceb4ab252c97848dd87

SHA256
169c7645d7b5e98b312e38119547cea70b3ab0f62b4211ce44f1398eef9ca659

SHA512
9e2b515db31c88eaad6df62a67ffb5dac48e4d722d5b3fd422ae3d234adad73450e92c73746aa5e21fc7c55a3f16392ad2841200ec7227be060f8bee4663ee52

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
e46ef054cb4c57674c696c5a2d154755

SHA1
9decfb5106f211d139648492773d1f3f84c79c00

SHA256
a2541a75a9c9d6bf394da21f83c67a6c5980f4f3b1a3e70ef3934aeac657424f

SHA512
98f69209bd8de338c29904c3b17feb5abae0d6653424ca7137799b9c3e3faf7d693220cde6b206f07ca7a0c2d4b00bf2a7d46b31e40b4b5995a3bd2982eb2c77

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
6d1ab916665ca782d6c2239114067ae4

SHA1
08cf8654494513fcf7bc755aadda8719435fea2a

SHA256
01707ea0cfde0419d64c5c3f83fd1c3053fa9905ca4be3bce6749e7c33acfcca

SHA512
521e12977fd108aa84f119ad7fa305ad824c93d87b894231d9c4e1457ceac923d711d4b1a0d964995277bbee6530ebeaa9298884d2585f40648ab933857bd806

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
7a9f733df98a062e1d9ab4d7453d1181

SHA1
9e3d2422bcb9873135578ceee297a4582d9355c2

SHA256
31b7ad5ccf03f9521bfdddb46b237e176fc5f1c1803ff0e805684d379235a3f1

SHA512
526f35a6779c59a4bf9070e3bd579516df9f83fe9b86052cf62d79a920f9c8b255b6ef05386acf0a73de5b59225f50c9563f310f9ee3ffa473d97e532a7cc1c0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
d424899599991ae4f29da6fd921c4fd3

SHA1
088450d22fba90d3abcf35b11b71d6a50e162d2f

SHA256
b03e02b3b21853ef181409ea680cfd28aac69f9451d7df7d1340710435cb6ea2

SHA512
3d9ee9cb53b43bc9288172b0bc3317e1232c3f82abbde5a9fd51bc9aced90246ddf7865699b147222d39929de3594a317037e2bef65b0d125b34141d3e5662e6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
35477a097ad141c7acb1c0cfd415371d

SHA1
58f2d8bc7595d48ca9e118447479b3f31567518f

SHA256
e2d106d48c9dfcf4d3c5ee999a9de3f281b43b2ddc9847a0647c0b8c6e305cf2

SHA512
c221799f916b28aa16e2c045cea8d6c657751aa9291680aa85db6585389770195852fcb99f14031f38d13f7fb7c340c72b055975d19820673d345c5635dfddcc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
1383cf6aae61992fbb73d0188b382075

SHA1
5f7c10bc74bdcf2451aa0b7cb6162a2af0e944f7

SHA256
5864ed68b42639c190b16d0e6b33f6da18329da3e556e27e7c4fdcd68dde534f

SHA512
b9a77f7bb32874ef8f36f7edf769a958c57864fdb57672bd4471661858b094f5b9dc5d8462950902f913a43c579851cdc414e16689ff70dff25bac9d8c9e41af

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
a8424969872d22c898180fe46f575c29

SHA1
1b413dff10fe3634db1a511e6780a09a2a39ab45

SHA256
ba3c7534bfd5edd9e3b68656d9952d5dfc1fcdd27755ecf05083e921b8cb76fe

SHA512
8290937468957bd3dab8fcafd90d5e5bf56a6a03593c081d52f1ef0165400f46a7fdb548a049fc2a50e5ecadabcc0219ef1d26679d89bae0bdfd5df6e8dfe05e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
67bb2ac34ecccd978f669992ba0cbe6a

SHA1
82a954dde3575b0ed46660d7daa3fa8e652f7fb9

SHA256
6073afdccb17243aa2161553b1905eea5f55f99f366d9830408a1a23826484a1

SHA512
399fa72bebde16eeb7e45961b6f479859f9fd3da9d8fb5959176f64dfaca7e9baf6555c3de9044b407e905daa764bdb4eb5445eb92a305ee5167b954bc1fafd3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
7794130c95fd990c1502143ffb06d394

SHA1
ab44ed5d9134f6a07870757f0dd32da401d39f96

SHA256
ec1cd74c08ef19c8a7580724e51c6b7ca799647a34bdcf04e7f5c8394f131497

SHA512
e7a45d01132fa920b4778a1a1a35522c46c149bc76dcaf7bef2c0dc71b63b6ad4fc054f43834e01ae4de8a4a8be6e6c1650f403e05d751fd284afbe3d8890213

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
c7c988b25b204f4ddb28e70e0ac93773

SHA1
e720d6082a5edc890f3b8eee71eafaa711f1bb58

SHA256
7cc3b8bd5f92663eaf56d32ddf23ed28a86ce664a617734c137802630ca01f50

SHA512
8f2039f1a7dd94797fb523603de4420eeb52416823b5bcd01428993af10f3b37074e3af0994634bcf66e18f6888d9a460f2d2494a8fb857d366bc26c5de5e071

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
66000c5b72f8b845f6ad803eafdd7f03

SHA1
6957760e9167a78d26597a103c4e74867f4c55c6

SHA256
e7dd2c4d6e19120488684dcbc226c8cf63ee108bc355e4765b565f0a77663d51

SHA512
71793f286deedde3f737f3ec1957d5b4bf824f9a0b3f5aff20d3b62dadc07fce0cffe610f41ae7df5e377fa488a3f8b148aed303c3ce59fb17738aeb469901cd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
18dfdf9d5185783ce8f15af9ec5ffa2b

SHA1
32b321b46a24edf1f1e433dcc71290068ebc1f75

SHA256
9d7be1a0fa0bc173e168c293c3854eff68d71b9fddc0552ac4c6cae112aa399d

SHA512
b56188defa9dab1d4e5ca6934da943e2a84ca494250bca8a354c52a105151f63bdd6c51cac499fc55163be0bc08df346da30a74da9fbb92569473e093c756e3f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
fe9f1a139925f78dc1fa7f4c2a6efa6e

SHA1
0fffa454cbc70a2dcae276a86b62ecfb31f5a5dd

SHA256
0ce34af452e014c6451412fbee38c79a3ec5a6b3f37ebcad5d3ca9224f13be57

SHA512
89a612cabd15456c3c4f3643793661c1b95f958668b4553d586182a7268f61370f323f362ec37a3d529df1a4ba3da8197d9f43e6360315b33b8c874694fffc53

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
581KB

MD5
18c4b51b7ae6e9a7a6686f19b6bd5269

SHA1
d2911c774c0c168d5c9ede8da18aa898df41bc1e

SHA256
b9e785cb90b56c2087a772051e559f98c32b541fb707c2a9186ba91db4724825

SHA512
912b79000de48020d198f6dc582b28952996a16163604b916f23fc9023ae2fae84fd91c94cb38aa7249ed212f89d33d11538df7f79fd73aa5d5eb32255789c3f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
581KB

MD5
883f0848213ffe8c72883c8600dbf653

SHA1
51fc1607889fbc4756d7f99205b7d10da6ff38dc

SHA256
0783739e2f0269f3ccafe983e99d320a4013a3792b14c7994c9304ff68055359

SHA512
75f61a650054cf0326bc16c06805d5cee9598efe7b71533bba16ea5c14fd552ac302d164f2e8ed28e19d3a80fafb7ebacae875cf03d4bdeb538bde4a5b18d701

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
1ec9b8d5e4043ddab9c8ae7c237f85f3

SHA1
fec871d59c832fa2e1c4ccc47f17951b1fd997bf

SHA256
817f26e993e802e09e623ee4420f2f71a25bff37f5abe87d7eef04db2ad4ec9e

SHA512
e9aba58b0f840d1497939955eb62c7b686695560d40ac3d5d9c06fb81a759237b36e6d9584a065db89982a0f2d3e34dbf93d9089b38748c6bf39b99a1a76acff

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
d657b2ae49a7361e81b04256241f9afd

SHA1
17be0611b31dfd97ee5bc8f39f05fd0453e3b8d6

SHA256
10ec1a86a3efa46bdce7dc5d0972c64a4851ea2d85ecc16986f6cfa970759738

SHA512
b096db9de7f46adc7806bbc16bf9e380b42f634c6689ca46ad798efbd22560f49436bfcc96a9d1910529eccbf43060af25d6ae26fc05850df5d6cc18d2228a9a

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
53e8557184ac6412d226a05f1633d7b2

SHA1
8887fe2c05fa403fce883771507d543bfd354bc4

SHA256
bd3fc2279d3e67fa72a5bb7090f7b0e4aa56090a03864c116a00c6b84019594d

SHA512
cf4469d79da23ca20b096e7deeefe152294540e76330f640595d3b4190cf5b26201e27fe95f4feb833f074ee228d5f54baabe842f2e2871f5a632eb07c97436d

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
c637572ca3d18edbd8ddd428807abec8

SHA1
164b94fb3a22c7e7d2b3e1bfffe813cdcdca7396

SHA256
2199a9ceb184aef10305996c316a00538e4ba06c45729b82e5ca4a4cf8879654

SHA512
180cad976f2c7aaddf32a5bcd9418ef9806eef661b30564286db1b59ea74cb6f3a1a57d0f981b0e766c84ef86602d1cce9c7c7185d125de2254bc0c0dfa2028c

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
52079007b531e0e672c863080dc397cc

SHA1
6b937fc9604a37162a021c942c3c278531f77f00

SHA256
357443a43913b163383c03889e8920e0778bdc25b9320e8fa74ae5293aadea19

SHA512
35301bfc523116680bf1eef8ee3c77692c5e005a1bbd62a6dfd3c0bad498bdf806e9eff5eddce06cc1f4fddf5e884998b9185bb66ed137fb96fbc84b431d0ab3

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
52079007b531e0e672c863080dc397cc

SHA1
6b937fc9604a37162a021c942c3c278531f77f00

SHA256
357443a43913b163383c03889e8920e0778bdc25b9320e8fa74ae5293aadea19

SHA512
35301bfc523116680bf1eef8ee3c77692c5e005a1bbd62a6dfd3c0bad498bdf806e9eff5eddce06cc1f4fddf5e884998b9185bb66ed137fb96fbc84b431d0ab3

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
570cf0338a80b45d63000f230b032916

SHA1
c352936efb005a963e6434432d5a2b8fcd60727d

SHA256
5a2a0fad2149925de909429851af7ed50104ae094af9df21ab494dd2c9afb7c8

SHA512
c97927822a1c3fade6858bfca4327651247f86001002f026e6d9e3e887424cd11c932b9bee835db93b17e33d448c1f82c060698db30c3fd4ed64edc527225d3b

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
6a5d4233e1c5b493f58208da9bb1d61e

SHA1
b6c3d5e48c591b551eaac40ce2dbd426ef295345

SHA256
b51d1dfc3a738bd01190f786f957b269788ef0a4d670f6da62f1b30e710091c9

SHA512
e03d30f9962d1f4961bd051e70716c43ac2e8a9d3c7230ec5a0a656c0b67e1fe2dddf8d5d36a967df907efa17134128797e38569b02d9e3da52d793fd8662901

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
6a5d4233e1c5b493f58208da9bb1d61e

SHA1
b6c3d5e48c591b551eaac40ce2dbd426ef295345

SHA256
b51d1dfc3a738bd01190f786f957b269788ef0a4d670f6da62f1b30e710091c9

SHA512
e03d30f9962d1f4961bd051e70716c43ac2e8a9d3c7230ec5a0a656c0b67e1fe2dddf8d5d36a967df907efa17134128797e38569b02d9e3da52d793fd8662901

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
b452feaa665809e3f4d572fda87df1f0

SHA1
3d2e8932e7b08b6229da1a4c7ed6ed9e32de0cd0

SHA256
6de45bf45c93e95e0ed4fb874655a55e50422e6ba724c59ce4140f19882e7be0

SHA512
0b619a65d82fe53a3e44d660ab42456351e87061cf9edde854ce3ccfaf72191c79bf768dadc3505a6f7626f05bd0098eb2b251c7773196bcdf538e00bc175fac

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
596a5b4d4a0eecfa3c0d7986ae1796b2

SHA1
155ee14da3d7919a053627e2b24af2c0f690e682

SHA256
2531e4b93f440cf10b7a4a587b3a4bf2cdc6326c09cddfd3bd3f0905af8c4cfa

SHA512
0349ef1f06d58870189b89f8a3341a86de70eddfc1223fd98e64a3d8de7a68f9f3bdce55d7c30536d007739766ceff77adc3c0c0a4916bf2e343505d59fcbcce

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
c7489accbd58dbe1e2c282e299a9e046

SHA1
e56e50169c85aed376e88493286ab4f2106815b0

SHA256
820748dd4c12c89291a90612b02d39f4d39f260d53e048ef484ad00948230b07

SHA512
5b9afc53deb405e246b26baf66285eb198c1ff1b4571d9b894ab264c09a5006a689aa2233290743e3de8c3f72ff6751bf0378c118c9a3c0df08ddd5482dfc7b1

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
aef8a68746b3aa24d0e9652a6e518709

SHA1
6ca2f0c2d2f5a5fa0686ad1e70c6ced833af7dfe

SHA256
0575178dac8c1fb3278d78b4f9901d49aa1885d4e8efb17534cc890beada331a

SHA512
0188ac76aeebafb9d7aed5bd798f185f631a7c55554c35e2025ac693bfbd910afc6027ddd8003ef624a02143db0e0746bd1bc1a0199b8c04ee4ed364581440e2

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
0f68cf311b8516e0aed7efae94525539

SHA1
1e0d5209247890626571f7f25021ae2cfb594711

SHA256
1cf5854745267ab8e7808090ebfc2af727d707f60d45eb5be1f0602347693d8e

SHA512
1a4cd9dc4fc290402e5bfd3d9f2dfdce6a708178eabe942f1852521bf9abb06642066957b2c7eaacde8aa86aaf0269f4dd91d0f42110fb2e32aa3afb537a7492

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
665c96ece6623d3beb6f9b563344f4c2

SHA1
c543782c92e1dedb7544b3097e1727070ec260c0

SHA256
86c0002a4c8678fe057f7da16163629dd9aa06168aec3b3d4e2abdb7ae8abc44

SHA512
28a67ca2ea5cbaceb19923a25a35bf9df3cef24e2f3f036e76dd6a6dea431a7de9bd3e08131f98a0748e4982bdf857744b765590127b0f2a65a6e248ae9ba2f9

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
1.2MB

MD5
53e8557184ac6412d226a05f1633d7b2

SHA1
8887fe2c05fa403fce883771507d543bfd354bc4

SHA256
bd3fc2279d3e67fa72a5bb7090f7b0e4aa56090a03864c116a00c6b84019594d

SHA512
cf4469d79da23ca20b096e7deeefe152294540e76330f640595d3b4190cf5b26201e27fe95f4feb833f074ee228d5f54baabe842f2e2871f5a632eb07c97436d

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
541310ba5c46202f0b2b3e138c4d3025

SHA1
9027965c602565f6219b5780e01fac5b5a0bf12a

SHA256
645148672012aaedc2e25ff00729460388d268b7a766b3cb4b74134fbc66070d

SHA512
7ff24f620f2733391a27ab77f4ee73bbe77e5e52f7a04bfc3337ec3cd39ab126d9c016aa9c87a40d01583b144b407ca819358b2a0264ad2fe985699d76b206cd

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
be0ac4a7a8e292608347734938cc87e5

SHA1
fc6ac1a61262211cee6562d415181e9f7141e978

SHA256
01f7a6a035819f74461192afb3aaf57deef9864dcd633133e7d9f602594f20d8

SHA512
324305222d72ede3cc78446416eb38085c224e8b63b9f200d8673b4ade35b4bdc5ec19eaab4f28d8ab32c3a5060380b70ccd94b37c912fc89c69890ded2de753

Download Submit
memory/992-81-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/992-79-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/992-98-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/992-93-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/992-86-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/992-87-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1244-211-0x0000000000DC0000-0x0000000000E20000-memory.dmp

Filesize
384KB

Download
memory/1244-194-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/1244-382-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/1344-190-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/1344-180-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1344-379-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1584-14-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1584-13-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/1584-21-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/1584-78-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1904-162-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1904-96-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1904-95-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/1904-104-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/2280-174-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2280-117-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/2280-109-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2388-65-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2388-74-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2388-73-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2388-137-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2388-68-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2772-149-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/2772-142-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2772-367-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/2772-334-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/3064-127-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/3064-134-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/3064-188-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/3488-138-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3488-214-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3820-66-0x0000000100000000-0x00000001000B2000-memory.dmp

Filesize
712KB

Download
memory/3820-0-0x0000000100000000-0x00000001000B2000-memory.dmp

Filesize
712KB

Download
memory/3820-7-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/3820-8-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/3820-208-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/3820-207-0x0000000100000000-0x00000001000B2000-memory.dmp

Filesize
712KB

Download
memory/3820-1-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/4484-50-0x0000000000ED0000-0x0000000000F30000-memory.dmp

Filesize
384KB

Download
memory/4484-38-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4484-39-0x0000000000ED0000-0x0000000000F30000-memory.dmp

Filesize
384KB

Download
memory/4484-45-0x0000000000ED0000-0x0000000000F30000-memory.dmp

Filesize
384KB

Download
memory/4484-46-0x0000000000ED0000-0x0000000000F30000-memory.dmp

Filesize
384KB

Download
memory/4484-55-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4620-61-0x0000000000C80000-0x0000000000CE0000-memory.dmp

Filesize
384KB

Download
memory/4620-125-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4620-53-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4620-51-0x0000000000C80000-0x0000000000CE0000-memory.dmp

Filesize
384KB

Download
memory/4704-34-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/4704-92-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4704-27-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/4704-28-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4796-375-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/4796-374-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4796-371-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4796-154-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4796-165-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/4856-378-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4856-167-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4856-176-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download