9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68

Analysis

max time kernel
172s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/12/2023, 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
Size

1.8MB
MD5

f2b6f2d7e36a1df41ba3f933dae36e6f
SHA1

1d74ee3d0156ad1158911b60394fb7d16c4b08a6
SHA256

9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68
SHA512

2f18ccd7a57ea22bdc60f9b9028fa719f3de50ad6267054ad77d49a487495c0280b62e5373144f0614d40baba1cf1db8eff2a0e4a7e1653bcb45fdd91493b373
SSDEEP

49152:0KJ0WR7AFPyyiSruXKpk3WFDL9zxnSj3OPV6Vp:0KlBAFPydSS6W6X9lna3C6Vp

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 17 IoCs

pid	Process
2248	alg.exe
3728	DiagnosticsHub.StandardCollector.Service.exe
2696	fxssvc.exe
4408	elevation_service.exe
4968	elevation_service.exe
3396	maintenanceservice.exe
1916	msdtc.exe
4036	OSE.EXE
3704	PerceptionSimulationService.exe
4424	perfhost.exe
2356	locator.exe
4708	SensorDataService.exe
1408	snmptrap.exe
4784	spectrum.exe
3232	ssh-agent.exe
464	TieringEngineService.exe
1076	AgentService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 30 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\snmptrap.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\System32\alg.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\3875401fc98e5a49.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\dllhost.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\msiexec.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_sk.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_lt.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_id.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\psuser.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_is.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_uk.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_kn.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_zh-CN.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_hr.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_et.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_ta.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_ar.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_nl.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_bg.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_lv.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_zh-TW.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\psuser_64.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_fil.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\GoogleUpdateCore.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_th.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_pt-PT.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_cs.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_tr.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMF608.tmp\goopdateres_ko.dll	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3728	DiagnosticsHub.StandardCollector.Service.exe
3728	DiagnosticsHub.StandardCollector.Service.exe
3728	DiagnosticsHub.StandardCollector.Service.exe
3728	DiagnosticsHub.StandardCollector.Service.exe
3728	DiagnosticsHub.StandardCollector.Service.exe
3728	DiagnosticsHub.StandardCollector.Service.exe
3728	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4120	9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
Token: SeAuditPrivilege	2696	fxssvc.exe
Token: SeRestorePrivilege	464	TieringEngineService.exe
Token: SeManageVolumePrivilege	464	TieringEngineService.exe
Token: SeDebugPrivilege	3728	DiagnosticsHub.StandardCollector.Service.exe
Token: SeTakeOwnershipPrivilege	4408	elevation_service.exe

C:\Users\Admin\AppData\Local\Temp\9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe
"C:\Users\Admin\AppData\Local\Temp\9b09b8950e72d3161c9a8fd4f011a9d7e9f3839a6ad8ca65466a2f2ec4961f68.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4120

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:2248

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3728

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3088

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4968

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3396

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1916

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4036

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4424

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3704

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2356

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4708

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1408

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:3904

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:3232

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:464

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
PID:1076

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
PID:2884

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1280

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
PID:3160

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2348

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:4200
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:432
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
  2⤵
  PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
247KB

MD5
a190d8b5f6d29102891a8bb851d63794

SHA1
74ce363a2844e11af9404beea7eafb095eece42d

SHA256
e37024905b6aea11a142bb3969b5e536402ad3ab11ad82eec48955aa45d2d660

SHA512
df8e9ab8d4f6756d9930a0ed97880ad9d58f8d30a591e99d6441fa088b9e1c4c838fd8ab057a30f84c4868ac331fad269d76b4ef45cdd22b66729da7b53374d7

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
133KB

MD5
840ab8bff7226891a5bf0efc464c5648

SHA1
28639bc427f6a6e5b6ea9b892840288c8775d089

SHA256
3d8040454f2f941e47411c195f101143cf1a649f773f1616fd8e9adbf89a2015

SHA512
1443f53ca38c30627117bf9556e66fcf2842caffcf9f94420683ba448d532c301f596bd527639c91da1a5daa17e7f9e5ee70f9d01e19f820aff3a9a88e9e3f70

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
23KB

MD5
bd17f70f35248059a1f01700c4626177

SHA1
f74a942985ed82820dc0312bd8cbf6ecc493de5e

SHA256
ab1868b0eab9a68803ffc20221c66a5332311e305717dd65d781c8c2c851ec32

SHA512
fd50b874051edb319a11942d1bd6f9e2831737ea54e61354c25e7b0b131a48058cfcede79128611ef5bb687e23ce0cb223e905494b60dc9e1af5531cd683e3fd

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
476KB

MD5
6780086063491cc009c52b9b18be462d

SHA1
1182043008f9246cebc0c1466998c613dc89a772

SHA256
2a71a9faa3c214d8afcd260467f35bfbc773a5b1abee4fe72ba2ca56694f07f5

SHA512
7bc7f0c94b447eefca1551d5175351746e07dd25b56da95277270deca6fc58ca318324b98e61e9f58894faf39bca9a060bffe17f17b1339bb123b39559088f71

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
361KB

MD5
902610c1f0e23d8e8c3e12b83dcb14d5

SHA1
0933d4cef5f15eb86790e54eb9750448d3e77ebd

SHA256
67c2617a7c78fe7788e12cf3bac6997e1addfb9fc8dc92f5134963f053587bc1

SHA512
69421b32513d2a3fc2995ae1747415f0b1ad42c8c4c9c84627d7d49afba8bd483d0730589ab3e34d916f08894c2504086e93e7485506a8acb937cc7b1db5e9c4

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
593KB

MD5
de0931e1cd981b2aab5827f25ee7a925

SHA1
434319839934ef65203087de79cbe9c1da08380d

SHA256
ae46b5a23e486bdd4083b63d71d37fb0172d7358075c2ace95b1a505ce5fa531

SHA512
10bcab126f7a4de396e2ed54baa8916dca4fea16924b98e3f6bea28a78d001a7959ed0476cae06080d71403ae1c9a147ee5df79f03c16d5f44731eb28727c842

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
538KB

MD5
d74842d4681a2f0838b0b4fd11913465

SHA1
2a81137030b13ac8e1b070447bbaacffadcc0752

SHA256
0f9ddcac2b35be6d6c2a94c110bb1f332d7cc9a0a8bc623e98db787a6b52bb98

SHA512
3b0aa65622f84382f6970fb7ae32b82920cdee173009c46deb1cb3d52bb4f9d3b96137dca8145b7bd1e6aaae9f01ad48f619ac0c3e94ac9cfff9fd0cc35833e7

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
530KB

MD5
05d1a3938b6e9389a1033ba7ec4868a2

SHA1
9f78e994ace793356d5250d760c15b5dbde7f152

SHA256
bc5b66edd2ef604150009c122e218480d17cfaff2245ef6c2d7defc13509500d

SHA512
f04955576c716a126596396bf849073f9502553316e248980a09a006c00862682d0f6dd9c1860e6597272ddb569f8237933517f3fb5bf9bc9daa89f126700262

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
343KB

MD5
d53da489c900eb656b3d07db4eb78845

SHA1
5a9f1f34f2c7d8cb158a18188b2347300eeca266

SHA256
907a21a47cbff58ed385257a216b25e22454f24bf26565252e7bbd0a933c9af9

SHA512
6f75fa9c7f6a8294e9c0ee829d68e0756ea5f144fafd97ade777414eea3b4853d1b8fc626eec0267911c55c4e1985ca3d5a3e1deaf58613e1a7f5c8790bdc699

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
572KB

MD5
3987671bd5edfe27b91a2fc562ec9727

SHA1
06b0680811b9139ce94700c87528f78006b21dc2

SHA256
c31ebdbabaffd6c7788567c8474bdd313117f729e664f384392b473f5e3c91b1

SHA512
d0a5a6edc41d6998a1bc5a9cb75bb0f68b640c72263c565b8c30e2a12db67ab32fc569e4d7941b2ef4f95010ed6001fbef2922ab0ea6744ae114d299a43bb89e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
140KB

MD5
b381b2b9c19df86885f5015350dd0e51

SHA1
8c5a907d42b0f0da4cd59f89c12b0657d20ace04

SHA256
e726abb3997ea2e947da8d76884e0ac64e13636ffff364521111bad1ce0fddd5

SHA512
c6ea4281be13e6dfc970015a25c1c05797afaf3a34d856b40455d714d657242a361fe024436ec4d149101a1df99d55ca1e5cc88272c99376475a358b159d407e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
408KB

MD5
00b841725708d4099fab6fe759fa71c6

SHA1
c56fe4f39fd7209489bf99b2baeae94026302977

SHA256
780e8cf8eeb75594daa6f9455c53e3c98e2124571ef629bbe29ae66c13bfc28c

SHA512
14081d09be5038a8aaa98d52dd18045ca1378f5f40eb59c066bf05d64a773706b1b22f9542e7b0711522a88d228049e24c1723bb7712e7cbaae3b2ef142d43c4

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
384KB

MD5
08059ecf99071ee29a728c36fc7943a4

SHA1
556ddc239b21e3dfba4dfa7c1a7c4d4196cda9f2

SHA256
4bf5e3b468968de522e7efd55817f6e9f3f342d79bcbbd13a9d0599f4fa2154c

SHA512
b7c0865299a20af4811e3e87452be70bfda8788c2a4ec6a956670de4d9418fb2793fee2fad46b774fd901335e080fea552ffcdba9cd12440543a273a37ddf922

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
109KB

MD5
19798edf63d7546b5cef51e433e8c156

SHA1
c4b18fa467fc1478ac76dd9b61f14127a262e34f

SHA256
afd03e83eff877e8341b9a7c471ed92df8c4f2b6c3fbaf3d9efa4372631ae08d

SHA512
2f0c7cd446fa11bd4ad4f0a7fe8cd20a5799e1f380d39b68da8f64422a5479704536d4f246b7dac4ebaa221eab6f9d3fb036874869b0da6b6f0e533eaf629496

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
349KB

MD5
ad0041da7e0e5fbb3bf078d09f5fd9c5

SHA1
8a32b02e4fc0a4fab96bae0c1cbdf45c9d4f4f62

SHA256
5beaa71d269e575657aafa64aaf681fad35c0c6bf2bc3acbb0fcde0a3b9fccca

SHA512
3f3db9de9b93c5489911513445f0c6c903feeac262565f0a975d52b03307f8ae75c7eb7d0ae54a4fc01dc611266dd6c53cbaa4b28adcedf0674cad5ad7f76a1f

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
474KB

MD5
7ad40aad6b210d092104869cc2947afa

SHA1
1f66ec84dd9b4b43ef3b5c81d0c7c099398d5619

SHA256
8668e803b48da327998708f32a249f71a9b2c45cee892a1354bf4c77b63ac834

SHA512
894ab17d5ed6ccbcb97a5d515e8e15161c6b324f49e58680eedec7aac3ca298ab5309e1cc400d04f0a4dbae0e174baa20fde6a71d4cc09825f1b64229855617d

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
254KB

MD5
ca0f34059c46e479502b704ed8c2d1b7

SHA1
443eb31588b0d4cbd36474b63aafbb8c95b33473

SHA256
9d0c3a4e803345501b530f4794732fe7a12eba03cd45636bbb7c8aae71ded21f

SHA512
3757d1977f2c0d1b7c3d5b29c5a045be14e870426f2df4b8ff1af179d4dfda06a6b4a1f9b4289f407552f5c309e62fe7ad28599cc1978e51d959e48cfbdbaeec

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
333KB

MD5
adf7a4098dd034477d87da6f92f37fbb

SHA1
682ea8b96525a9acaf2e00e953794bd28bd90000

SHA256
c8797bb5f376b6b4e50e144235c3e4c86fe111ac319b11b2115f683016eb073b

SHA512
a5be894aa1070769c94c1ca6fb7ea2080f8cd363287844b43ad0aa77a4736af50a4afc4cde6668a6c35140b795a1e9de29bedca48be44b9d993d8e906fcc0adb

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
287KB

MD5
4d1568e88bd48cd905006b062292936f

SHA1
a4452690d59ddbf154b3f74afac1e94b8d546dac

SHA256
0046677953b22058889c3f350c8e6b475089889a155bcc3173c014646bfe3f9f

SHA512
73fa1baa08e3636a84e659d402e469ddb9027341b9b5edb72760850919da4e7e30651baf492a925f380e5c9775bda2fbfbd8af0ca139a729c2718918edd9da52

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
155KB

MD5
5b1a71a9229db5f5324a78291aff0c21

SHA1
163cde020f446d32db56e0484b6cddbe993e8d63

SHA256
7a3931a8dfa86c601c46acb2b255a63e4ba115c7d2bae3b377db0177e8599272

SHA512
190765a95ea328067e024dc15bbe449f60071640c7d76d2e852e563976c0d49b2d38470ccc46933fb48bc90120ea409ad405798f373a92d9dc7a4750e4e45ef3

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
119KB

MD5
64066878ac5ecf6dfa253e906aa153c0

SHA1
77706dc16ee90e51498e987afa4641f1676c4a5a

SHA256
ac9c4160636edf593d8b3105b2c95e208ac6b1f68cc16367e2f1cabba8de3e68

SHA512
08df6ee4db5ad338fcdabccd8775ed26e8acbd99bf8fb08f8169234223e57e770c35d7273db8dd6912b919e1f0bc09e7d389218930f8dbcae9099acbe3c0f75c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
416KB

MD5
cbd29cff83d77a0a8582ad69647f59f3

SHA1
c589f6073a2e81985b7e08822ec634d8b83fe8f3

SHA256
cf017597e43334caeb0b5b32312fe36e2eb9deeb2143200eddfb36b04f84d36b

SHA512
dbf6f41ebda63703f0fc8f99bfe569ecbaaa612c34b31b87eb2e7cf02534ff0de5b72f4edf7f25ff949a59f803199e4eb3771298bcec4692f00878e801b91a12

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
440KB

MD5
6f77a227a31874ee7ada01be1dc6ad3c

SHA1
ce7f44775f0eca3193d507c9ccae6941a62709ae

SHA256
b3e071ca6504b629e1857db93b4277a15ad659dbb5c9094e5add17ac3ef784b8

SHA512
142468c97109bfb011008087d9c8e2759186ca130ff8d82fdbeed6f27976ba3534614afff1db41df9580cf7946995665a9662ede48f2ac36f7370846da654e73

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
533KB

MD5
a6609ce4e9beb6b2c6befd1cec1f5fda

SHA1
5ad32c21b4bac3f03ded426a041fc9b14d03978a

SHA256
6b455ccd4a06cb9b1330b6c6cb482c681a6024ef5ae8943714cdaf112ddcaee2

SHA512
1692edabf32a0c8cadad5b343670a6679597fccc90611c7584dc3ff1f0e73acf018c4288c460c658294871258430fa2163856e26b5153bd1bcd4a4e77c16fafb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
270KB

MD5
ddeb2a15c1a0b0bf37478c6421ed43b6

SHA1
657056d33e07884bc6396f72add3cecbf80c0f9f

SHA256
2313e3cf5b7ea69ebfd665b64d8a950e3e7242a9b397f77c6cde5136f9bf4540

SHA512
b58e7047aef3b80f589fdfb4472f55015fd8ae4f38de50ba95d09b0f7727fb4f7651ccf9f52ce8980141ac0e36ce8aaf83f5defd2d673faf12e9d46447efad54

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
108KB

MD5
d3e4cede5cf95b627f7d8f8dc27d2597

SHA1
54d76cf6201510f98fd72ea614321b5cc74c941b

SHA256
d448e3258751076541630206ed20e756dc86e295cfc4ee59b00208b3173f7820

SHA512
abb94fc6fb4f887f8a2a5125a0090b8093574f54a93d34deab655a0ca9fb3549697c1167fcee69b9833d13d042b90634a3d99c1c2207b07f26084bc236e3611a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
99KB

MD5
c5bf134a7d704092703008fb85edc893

SHA1
ec54b1e5a3d22e62473dfd1d2f7702dc77f2d17c

SHA256
ba23efd21dcff0ff8de00858310d2f1e6c5c2752f99abb3d8315a7305ee98e0d

SHA512
ed9ea3deb7f8b63d41019a2b7c8845753240053005398ebdfd2232a2e512a05396c1172e6e8de82fcb439bc150d72a227fbd6305bcdee89a125e527ca9eadd04

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
104KB

MD5
abb2b6bc94f542d12c0416b6cdaeb1f3

SHA1
3b799e9c8b218b8066da2b4931cf9d1284e3ee15

SHA256
f43bc6b00456aec1ec7084125c0fdcacf2d6cd843302494c866b9a25f6968738

SHA512
9632313c82b23414807af82fe89be4cbc71ce3bbd2725681775fb4384cab48f10893b6722178928a395cf5459ddc215381581233cbcf04af9fa75abd31fb222e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
48KB

MD5
7946321383168542a2d6c6551f837ceb

SHA1
2643923aa197a0d793da5863822211bd74c3b188

SHA256
e14ccb01be8258def83c6138c098666a384b98da5ee9c85e37908b460b97f4e4

SHA512
a5e0e96e877b9b9c7aeda83b1b6eb4097df9ffc103f8cfaca7c401246ff2578288b92e8fc0716b8905c9260b912c755a709589aba0314fd0270f0a592912f57e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
137KB

MD5
d1e44d0ecc44a559ae701d563ad9fdab

SHA1
3b8a85cf264c09445870db07e8249b467a4f4979

SHA256
183c30e2131dcc01f1a07172c9d5373f3eaf37f17eec685a5fb3a2c4c77d4706

SHA512
b1eee630104a4a4af8e882b484950f418ca4ac9ce3986114bea418537976e1b5109eebd6f8ce210784b01365e18629ef53f78d22faef4ec7356a29aa05ac3582

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
274KB

MD5
b7e76ff51e1fc6404bf41822647533b4

SHA1
75cb21335ecd6fe3ccd8028324d6988fc5aac381

SHA256
c66c0547ed25941825736a31970f181c0465379741831118b9211908b70b8392

SHA512
f552d579ad209703d71001a7eb2592bbe6509cabd94843b2bbefa0d2cde13560933d1ce31e5e30bfb7e283cc29d909cdc2d2ecfad51db346ff7ee98e8d7bdf50

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
112KB

MD5
8f217c51952db8f9ef73b7126fbdc69d

SHA1
70c91342679d18b83420dfdd546e39c1d3667095

SHA256
8105b8f541df4443e78d6a3b95fa64fb7bce4dd36cc6ce7ba9d694f42ae0bb51

SHA512
60d67071028958c515b193f4649897428b45fe29a64ab7575524c5546c58ab9d5fbd81a1294abb1022ef3e43ba7f4e2dedf4904a24ea75aab6b832c9b8776c19

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
63KB

MD5
6d43e3cbf44a1b1723eb67ea26573f3c

SHA1
456d05fe91e24475d7e9a311278153ceeed281a0

SHA256
a5f7629fbd8c05ed07daa686773342b9b9681506c74b80a357b11ab0e716e622

SHA512
b6872c6b078865ba501b11c0ed997e0fea71d7ad3508a3c06b300b166d5fc16dd486845e20ad45d337d0c2b9881d441e338d32219ee3d1a063e53a357a4b743b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
83KB

MD5
df86d24a3190be6e67971e1883216cba

SHA1
e45b5a41d1eced65a598d088fe65f1cc50466bf9

SHA256
822a5c5bf091b7e1575e1e35f29b623f967567beef2b51aff0ac0d0177c91a3c

SHA512
2bcf24c035b5472e7057c81607fc17a14d9950fc25f61bb194c5c0b228ce005b1a1e18719db0f04531f4399c5f7527c64000dda6de7a6c358b47eb2d80cb2a7b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
51KB

MD5
9a829f582b012a498f9982ba4cae55b4

SHA1
1ecb24c0b4a9684d156f4529515000c69cf21494

SHA256
c008f627b23cd0ccfc9f2f530696f5e7b5d4c304ce56a7caad77ffb4850a725d

SHA512
9555b052f5cd374ae2e9d675899116aa38f8b196a11bc4380f45e34f642732db358ea2ecc19b016bd5af0c1df5b4aba3bc5e2505a2356016bdec08b6bd8d8b02

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
91KB

MD5
61436e44ff64b0226aeacb8c36f4839b

SHA1
9144d2310eb64421d95679ab4263a8359878f67b

SHA256
176c984d9125ee4a718495c11ee36f010a1f4ec1c2ee7e0780d2e53cec8d3e56

SHA512
282ed5e197447a7862f39746c2510bc8256571956120aa9f7037030507ee9fdcec12c173990afe9520b1af407d490dcd69d8e2bb1dc346bdae7323c5510c7bec

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
97KB

MD5
d39333380014457d6e9cd1e210fe78a0

SHA1
0b97847da26ff967a6a523421a0746fee3d3d2b1

SHA256
3161f8f6f6de1c1646fe44c319c70a71d5e79c6ff79cd9b289b0f0fa0270fa51

SHA512
f7ac53308ca2a3a4f579323dc9594877bf769a64b6ff65baa93d239d0850b599256fab468b8afd7299e5278a6ce81ea8bde2359dac1c1b8cd143ae75970b96df

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
115KB

MD5
8ba09e3a3b556a42631a3fb4c6e4d32b

SHA1
648dd27b901aa837a2350df197e31527a586f125

SHA256
023e6c34272ee3d5e423861a78ed081a46fcc9eb8e5079eaed71fd1daeef0bd3

SHA512
904e2deea10641101258553021accab1b81f679df7846e45e6e56f5b87215b60c7b66334c30e5f73cdebcfddb066338e814e72853795fb0790f8a4ca25a6c739

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
540KB

MD5
aaa224fd7d9631dd1b89b0fcfddbb8d6

SHA1
eec8a4075529dcd475bd4c22ec43c2838e801ee2

SHA256
0f4fabf7b44701a703d3e37d0f6e62f1bcdb27f6688b4f28a7a1c7d9bf2b6824

SHA512
aa14b24c8a0f004d48374288cba3da55d8cae5f451f37a26b2f5e56c1dc1474aa0ee193abca3fd0a2ae61713df271f4f20eeffb6d4705181d616572f4c68721f

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
55KB

MD5
5a4dab5ae100420fd5bb33d27f3b3ca6

SHA1
7c942ff498f0710b4eed24a91315dd96efe9a1b0

SHA256
cf395e05e28b13df4153b681c75e400cda77071f1f8c08ba8bbac9ade704e580

SHA512
4e827a1daf7e733d2faf59dd143ea68eb455865313c93c4279ca7f05196c63cd2435d1f1d2f4a228266df5c07b4fb3f14ac6d394f67472978a90275de18f0e93

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
272KB

MD5
70b12f72f768c78f3a29765731673c5f

SHA1
6881c28fae8300bfcfc2f50bc190d2ec5aa359ce

SHA256
e7663d173e269e72f9daf3b68113625ed55b76c8f3d3083ebec3b2db8572a602

SHA512
4982eeda8fa9252e8832ddb0df4006ec3736b002f5e8ddc3904b7ddab4000a60e7891b1659e198707cfb825ff890f33c4b618d836e153efcea590f1df85f907e

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
87KB

MD5
d1e03a6b1777471ab984d54bfd54e311

SHA1
03438707391d042740d354d4ab90579af6f63ad5

SHA256
9f67d669f61ae84663e3ca5bce97d8f2492d22b2dabb42ccecde3e00aedfd5f2

SHA512
6bdf09a715835e427546b587d0db0b92b02e6d14cb7389efc28f4beb9a32503e1d0357249fc4ec4ac52f365409d2b4de5048d2465550fa330dd57c4e54932038

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
264KB

MD5
68bcc093a548da7b50ba60323dd8e18c

SHA1
aae8eb4b3e1c78cafa9cd083001c3105c3e7ae05

SHA256
32342342e2969b838eadc745aea0a478966286fa41451dc3d944e2cb825db50e

SHA512
24e7cd600a7daf45c6b396850e2ae4f5ecabac7ec0d1013980f1bcad8d4584930f1eab0a7addbb73be77259c3038e309965b61b4a3f94de4152b7c62da1033ad

Download Submit
C:\Windows\System32\Locator.exe

Filesize
76KB

MD5
f3c8bdb7cebc8f1584d37d963e41ff63

SHA1
2cd9ab14b216f0259a658458d6d1289e35dcb2fa

SHA256
b2e5bcef24f5c4c3cd96bf9b0e27dae89841729288c5fe3da410b9ce11ce18b9

SHA512
0ddf49f2b4e763154439ca411cf9f8a8986e1be47bd3054cbd4f423e958ffc21b93bfef2e4192dff40fd0bcc8831299ba20dd8246cb024d580787a3bcdc72d80

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
40KB

MD5
9213087c318eedaf86193f61277b0d2a

SHA1
0438b218a3e5684e7e68253c046934be3b0bcc74

SHA256
77bb5037c99fece19de5d0b21b4b05c358e953a28a4730a73c9f49f21463d32b

SHA512
2299699e1473637c9eef214ba966e8caede813bc2ce3caf61ccdfc9cac1602a5d3d16b81c7ed8b7a05be65e319ad85c217fa397712a2831ed098e560c2588791

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
100KB

MD5
f83ed3c21f10750b614b32876f40d9ca

SHA1
25b4f7b9358a1c90dc18d74ff9474f6273561f5c

SHA256
a4cec0668d0b9337748ff6d658f1e9d2d594e250541ed93754215acd1295f7c9

SHA512
97d084051105ed51b1202856d06af0b9664ebe66a03841174ab297e9a196bf95f6929bb1b16334c29bebfefd6fe242c33f3ed76f0836c5a3ccf1efa465d8f4f1

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
88KB

MD5
67840255f61d75d623219348a606907a

SHA1
53b815da3f8ba51f1af8bab3203be999cb617421

SHA256
75fc29b390b8e9766ae156255676ccce1018d4d675f45ba63e08fd1e72fb6255

SHA512
2b1eef64c85734f6f24357d16ca2dd387aeb661314a9cc80ba1b188ea4cb4b78fd877e6c59cbc2ea4b089ee27b2fdee7c869da3752a30fb1e8fa292ee8aaeedb

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
94KB

MD5
d6d4f063af908fd9c5396a18de6c66b1

SHA1
28aeecc351942114c8125b85e6e754245b098cfb

SHA256
043646523ea2c78b997a554bf44adaf8ab2d5b1594a794913cc2fd113425cadf

SHA512
808d7da1dc515cf6735f9d4d91065c6e9cc9895e358ff6e36d0dcd26d7bf7fc95dc35c1fb7dbfe3b87b7f570f34fdfae42e4e32a68010bab3214aa3adcd7c381

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
111KB

MD5
49ab0c3c5e22a95491f67ff5327a28b6

SHA1
49d33a43df8f23d5d54ad8c668c6d01e8e593252

SHA256
557475ad5ca92126c036dec015fb935a7c3eb4b76b527cf3e7f34f5ae00af80e

SHA512
ddabb99683f54a08b47dd27d70e85dd72b396b00571e38dceeb70602bf5a209c91665f754250b4df4a1eac50262bad34a1e39cceff6ec9b73ce9dffffbc36070

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
965KB

MD5
4b829b5ed2a23b5cca56ccb03ec1fd85

SHA1
70befb16a565df8794a1867967e6a65ebb7f713b

SHA256
780c796b5136f7242767946477782cf767d0649b60489bffe4ca20c6a7cfc646

SHA512
1c04e219bc54aaca9b14336a32f33ad70d6e08eda257aa0439e7cb2b009732e5c4f9b0ce23895d513990b06e8f2125c2ebb253a05e628dadf4b8643a1d0663ec

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
99KB

MD5
ccd67329374a168bae46b3514e02f8ae

SHA1
aad7f7d5c5408c26270a197faa2b21d5496cf388

SHA256
005270b1b7ce5f96af13150f52fb4b8d5e1c1e1e6bd1bf658bcf7d4657a41611

SHA512
ae0ade47c34e9c1ea98085e4e0b4ef2473490c148f2f2e2a8fe318c07bd5eca1f0b9900fa41470a826b3bcb55b9058ad8c80d95a6493eac363d6b09f90468f79

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
95KB

MD5
53b82533240d7bab09d08cf408d1d8e4

SHA1
a5b84b9c879f535efb18691ca6b55e825ced83ef

SHA256
2831f5e246de62c1efd2f9aebd6360cc0096e9944e09e3df0fae321d960e70d9

SHA512
11902041927eccc19dcac157061f6ddf0bac24dfd58d9e56d1ef831b91da0f683e3a9229c83d18e2c1b5888bc806f76445b1e170a3514513b52dbf18e79496f2

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
108KB

MD5
48e191c5754a229290ecbe353e819016

SHA1
19a94c016b2e8925f858e0f7adb9dae27cc5db52

SHA256
7dbbf54f68972f6979e7bc534a7568a83a92d73b7feedf8d7a8373163c685093

SHA512
b4d81f25f88bf2e324994190ba0b456e87090bb004cbae1721d90f2bffffe2d914464e9cac981da123d7dff001498d4877052bd71c79e7ef6b0005970992e06d

Download Submit
C:\Windows\System32\alg.exe

Filesize
233KB

MD5
efb0df4a8729bb7fe8282745c4aeadbe

SHA1
62618b0b6523dbee3561ed14e2027c95bac6b388

SHA256
c9491c317588a19587659fa26170780e714ab6d085ea6675114470ba75891ff3

SHA512
98e461cd1bd3d78ec4eb5d648f988fb2b6b58bc3838f07b316fe7a8a38d01f01c1420b124e44dcabd599a3985240f213d9b347c53cca24e3351613653ac70d08

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
218KB

MD5
d227b0d3bcc32e78a86564dabf443324

SHA1
544ca594b02b0f09190c2b0a8597264f3dc866cb

SHA256
cfb15569080d3f1616ea6713d99ff1b23b9c96289f5d3a0a20c5059fa7562be6

SHA512
36b06a7738530e4f3ecff988e7158e22d498297bf9a8bae1695614f31273c142929d4534f29f4e6bc4f80275a1a340c328b10dacd50f3a60396ca8e7f6077bbc

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
25KB

MD5
33c898d2c0109094509ce73415865342

SHA1
bdbe6d5e2faaf65fe52029e5f55efdc9500ddf27

SHA256
85e9233eb722db2f9a3ee3fd81db9a6d62222b1ee9ecabc1ce381874011250cc

SHA512
3fd5af8125eebb48d6570389ad09168dfafccb0d9f2be46d3b56a7ddb2fb1ce9010ee1713232bce5dabb0b29ce0e7f29e34430d9366afdf5afaeb3c7ebaec26b

Download Submit
C:\Windows\System32\vds.exe

Filesize
447KB

MD5
41eb98ed0591adaf620c72d66c3228ba

SHA1
d0fc5c09fb864db8459d14b769ce2a53474116c8

SHA256
89c000573cbb3c6e57cc4645b05b63b92227a7b91acb6accb65a46acb70c4852

SHA512
3600ee46561f1fef30d759fcef7a524d96089842ece80463b7f76fed1296ceb09807efea94eccc989d3ca1cc7abee796733beefd1ac4efb3f385ccb6f6bf9896

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
179KB

MD5
563b5595f92ba31ea54bc9f25e77892d

SHA1
87da497b8762d58ebfea0b2328466be8357e7f62

SHA256
3fb5fdeb9fe4fbf5b8fdcd30578f6497f792307392a054f3318aa464ba0f8bda

SHA512
18cfb02876b5ecf7967efef337553c6b75ab0e2a447319daced22c861a56e45cdf97cd45ef5fd9194877818718062d2ec197274200bc0fd8d370ec3ae37d4969

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
257KB

MD5
d5257344c99bcbb5183d4894b60b6cf9

SHA1
dc2a9e9e7f23238577d7a34759045494c8c9a773

SHA256
c32d5af3d8f593873c8b642b474a543178bd5e10f46a70a0e821ac8a9e2801e7

SHA512
ffe254b75c35f1d76cfb86da82aed7cb70ed9cf804f7edeafd16b3271ceceadad5960adf55d43e3c43d52a14b4f8693bcc2c3101b50967be3b3345d1fd4156af

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
94KB

MD5
c5974de4244c2b10cfa73c66dc58de72

SHA1
5265c497a943a0dd76a52bb84c8e422b01bea70b

SHA256
de15e5dba16aeb0ac1e15583fe03752bd10a3b9f2e65164783df260038e974f2

SHA512
bea7ba44429e1ba878c0999e687748807a0619cee6c0a225069619896fdcc5c1deaf861e455c41183a946e8e6c7583f0d34a136c26f3c3c8faf7c07d8c8c3244

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
57KB

MD5
35783671603e4f971880d5ea1cc6d99f

SHA1
4deea922423c8f18d9ad4ad1408924c487f8142a

SHA256
0b6869241a070cd3675f95b25af49de6285c1d870dc1de053b60425d8f07c31b

SHA512
7b218139c69280bb8cb32e590547d9576026f94c7b6d9c6012d756fa0d100a81c028cd8ad22aaff0506b9fb5c2290b78f8656b59a31da825e0b762ffdd3f0522

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
3KB

MD5
3cb41355734950cb4747f8fed714396e

SHA1
d4f34e7922832618c285d43092d496345ff64f22

SHA256
ec0c6a5e0ae4fa5c4c20015cdf7ef9aa6bd87b20aa273d3220f5cfd2d7faa3a9

SHA512
188cfff8e8805ae48e9ef80b3cb36b546d24e34c887aecb4048deb4aafb8d081a68cecf58470357a4adcc6684dbf34e6e3c969e6fa81b5500cb56afd6182d16a

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
6KB

MD5
7c94e66c7efb2a886017ffebde935b10

SHA1
f7a27716afea09c3124feb12008060fce783aedd

SHA256
40199e9bf32ee8b51e355bddef178d6ece6ab30c040f33b979b4f47fd781b788

SHA512
24a4ed5fa5df3a1aeceacb2263b5c97f2e54fc3b34ac9b4e8fae2853743a5e3ac9b2a4405d4cfa41c7a43d9cc7f0b243d5c88a1ea3f335a4ed0ef3a9a9bd465e

Download Submit
C:\odt\office2016setup.exe

Filesize
491KB

MD5
829c9d78dd432de0067f169ac60ed0a0

SHA1
cfcff064c6c1e09291b7250b430fd43c9d6e45db

SHA256
71835466beffbd5be3027c8781c3eee14871b9ee1455e489e2a58f16ddf637a0

SHA512
904c6a76985381a9d006fcfd15abd91a1d2f71a4910f4c1dbaee4162cac5b9109339ab976f84aba690eabd5fd0728e225f6de7f65008c7075d7b16806e2f029e

Download Submit
memory/464-293-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/464-463-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/1076-476-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1076-474-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1280-481-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1408-460-0x0000000140000000-0x0000000140137000-memory.dmp

Filesize
1.2MB

Download
memory/1408-192-0x0000000140000000-0x0000000140137000-memory.dmp

Filesize
1.2MB

Download
memory/1916-142-0x0000000140000000-0x000000014015A000-memory.dmp

Filesize
1.4MB

Download
memory/1916-195-0x0000000140000000-0x000000014015A000-memory.dmp

Filesize
1.4MB

Download
memory/2248-13-0x0000000140000000-0x000000014014B000-memory.dmp

Filesize
1.3MB

Download
memory/2248-141-0x0000000140000000-0x000000014014B000-memory.dmp

Filesize
1.3MB

Download
memory/2348-487-0x0000000140000000-0x0000000140167000-memory.dmp

Filesize
1.4MB

Download
memory/2356-185-0x0000000140000000-0x0000000140136000-memory.dmp

Filesize
1.2MB

Download
memory/2696-110-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2696-96-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2884-478-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3160-484-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/3232-462-0x0000000140000000-0x00000001401A3000-memory.dmp

Filesize
1.6MB

Download
memory/3232-210-0x0000000140000000-0x00000001401A3000-memory.dmp

Filesize
1.6MB

Download
memory/3232-220-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/3396-125-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/3396-139-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3396-136-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/3396-126-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3396-133-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/3704-169-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3704-162-0x0000000140000000-0x000000014014C000-memory.dmp

Filesize
1.3MB

Download
memory/3704-163-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3704-219-0x0000000140000000-0x000000014014C000-memory.dmp

Filesize
1.3MB

Download
memory/3728-84-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/3728-85-0x0000000140000000-0x000000014014A000-memory.dmp

Filesize
1.3MB

Download
memory/3728-91-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/3728-149-0x0000000140000000-0x000000014014A000-memory.dmp

Filesize
1.3MB

Download
memory/4036-205-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/4036-148-0x0000000000920000-0x0000000000980000-memory.dmp

Filesize
384KB

Download
memory/4036-152-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/4036-158-0x0000000000920000-0x0000000000980000-memory.dmp

Filesize
384KB

Download
memory/4120-124-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4120-1-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/4120-6-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/4120-7-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/4120-0-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4120-298-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4200-492-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4408-107-0x0000000000C80000-0x0000000000CE0000-memory.dmp

Filesize
384KB

Download
memory/4408-171-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4408-99-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4408-100-0x0000000000C80000-0x0000000000CE0000-memory.dmp

Filesize
384KB

Download
memory/4424-380-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4424-174-0x0000000000400000-0x0000000000538000-memory.dmp

Filesize
1.2MB

Download
memory/4424-175-0x0000000000540000-0x00000000005A7000-memory.dmp

Filesize
412KB

Download
memory/4424-180-0x0000000000540000-0x00000000005A7000-memory.dmp

Filesize
412KB

Download
memory/4708-188-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4708-458-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4784-461-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4784-206-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/4784-196-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4968-113-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4968-112-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4968-120-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4968-182-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download