b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a

Analysis

max time kernel
158s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
Size

1.8MB
MD5

b5caa845a8e9c51b9d876c5885ff3aa1
SHA1

044c21084490a25f56ed7fa43d377d390a422ad8
SHA256

b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a
SHA512

0168d8e61323633736c86690c18dbe84b07328bf6d6b43868f267bd497b9128fce01c4b75e3c36c89b0bb2977b430fb41287f90063178b0dd92cceddd7abd88c
SSDEEP

49152:Xx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAk/snji6attJM:XvbjVkjjCAzJxEnW6at

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 17 IoCs

pid	Process
1640	alg.exe
1936	DiagnosticsHub.StandardCollector.Service.exe
3888	svchost.exe
392	elevation_service.exe
3748	elevation_service.exe
516	maintenanceservice.exe
1444	msdtc.exe
1608	OSE.EXE
1680	PerceptionSimulationService.exe
3336	perfhost.exe
1656	locator.exe
2028	SensorDataService.exe
4472	snmptrap.exe
2196	spectrum.exe
2892	ssh-agent.exe
1972	TieringEngineService.exe
3272	AgentService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 31 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\spectrum.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\44b46cd3c98e5a49.bin	alg.exe
File opened for modification	C:\Windows\system32\locator.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\AgentService.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\System32\msdtc.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_lt.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_ms.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_ja.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_fil.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_pt-BR.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_sk.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_da.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_nl.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{7AF60853-3BF3-4621-8184-C96FC7FB7214}\chrome_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_fa.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\GUT9A2E.tmp	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_am.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_tr.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\GoogleUpdate.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\goopdateres_ml.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9A2D.tmp\psuser_64.dll	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	svchost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1936	DiagnosticsHub.StandardCollector.Service.exe
1936	DiagnosticsHub.StandardCollector.Service.exe
1936	DiagnosticsHub.StandardCollector.Service.exe
1936	DiagnosticsHub.StandardCollector.Service.exe
1936	DiagnosticsHub.StandardCollector.Service.exe
1936	DiagnosticsHub.StandardCollector.Service.exe
1936	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2152	b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
Token: SeAuditPrivilege	3888	svchost.exe
Token: SeRestorePrivilege	1972	TieringEngineService.exe
Token: SeManageVolumePrivilege	1972	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	3272	AgentService.exe
Token: SeDebugPrivilege	1640	alg.exe
Token: SeDebugPrivilege	1640	alg.exe
Token: SeDebugPrivilege	1640	alg.exe
Token: SeDebugPrivilege	1936	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe
"C:\Users\Admin\AppData\Local\Temp\b59820c8374da726eb2591212374a45b1239d9fa17e7f79936de96dc19da4c7a.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2152

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1640

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1936

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4984

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
PID:3888

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3748

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:516

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1444

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1608

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1680

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3336

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1656

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2028

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4472

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3888

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2892

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1972

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
123KB

MD5
a020d342ab23345c3a52bae62a84811e

SHA1
fe9579cafe028e0a23dbc8a8873d67e2a3119fc1

SHA256
8eb2ad977b064e222e4bbfcb2395f6a42d3901db20dcb582c2f7e9ec109632f1

SHA512
f21ac694325dfbbafd5442974818e0f037c5e5922986f106089df04f05f15884222533c3b77b6893e3d437134b36c6f965088e88d8f559b8fed6078761f3e5f6

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
116KB

MD5
708167d7c720e1fab68b9486e977b3e9

SHA1
2722730c74859894fd247dd9d6ea462f6de9e186

SHA256
eee6ac22523821efdefa85e56481b72e68ada93528324997f2ddf40e4cd21545

SHA512
46daca23fdf9c8cec60b357f4353b43669bf4a1d814676263c7f11e9abc25faaf929455bf61c11a45838a026fedb5b8299d361da8dd598958db415d55b6a285b

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
57KB

MD5
429dd5936adf0a09a3029a81812ee095

SHA1
cb54216f3d7289351c4dda31897450b1ca457873

SHA256
5fb257f7bcdb661aa593e783c5bbc7445dbd061e0ed86c08d9799a6d991a6902

SHA512
bd3c4db0e8b273a2d75d3d7387b5918fe302aac9be8fc9eada297175cc81552f206f24b49875f831a88464b1977f4aa183646dbdd22fdf9c1b0ff5b608ac75f5

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
105KB

MD5
e6b3a84e2a81f9bb9ad9aa3af79c5e35

SHA1
4990a26487f7445d754ee6cd723819d265f748de

SHA256
530555db9dac8dbf1661d613db36c2c5959f8601e1e34e24769eca5afa35d03a

SHA512
2eb4e5844ef91ad09cb089cdd422e5bfa93d33bb46d547d31567b79f1685230fa13481101777993d33881359b1a7f7dcd6393cee9243a976ad5bf18a5bd31824

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
584KB

MD5
39d7b6689f5dc495507b9826bff9e807

SHA1
1e5aca06695adac939d2d1c268ea1496d601924c

SHA256
ecda3434d087310fc55385675645a04d49a8ce1664587d467b39cd38ea081f2c

SHA512
9fc63aff528935063494a2713ae6748fa9a02672d09bcc2643c365dc4efb44df472025dda850a695689849a85370d05ce2b6f556481062fb95649cb64656245d

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
150KB

MD5
3085c6de0ae66a2efab1ea763fc717e7

SHA1
1003ecd5f2a6819fb970c1580cc225651e8f9d40

SHA256
4b6bc828b3e9bb09de676baaedb6e8df09d5534d83dc1dd2eaf417bf71dfd13f

SHA512
282db4ba91d50249ecf598e55793b591bb65c55c1506fa954d7fdaf5dc9ea9e909d64332a70b6ed8a212cd239c6df2e8b5de5c72866c83da317ee16cc7205299

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
182KB

MD5
e09af3b1acb5f4c223bdee911656d875

SHA1
354c62b88ef28d0b50d38a66a753c72f20e06b15

SHA256
a24031ea155ca647e3f163bb9f33766a8607110d93d4df08b164d669d7f60875

SHA512
463fe1e9838fa09c3547c33a8676c812c9922e11ae732f3514a7a45661e9272c0a4b810fc78b46645b16242c2ef9af58df1b57229b919153c49ed55e0053feed

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
122KB

MD5
3d8e23256681d64b77c1b04b9fe0f50d

SHA1
84d28b9880a1f4ee519a544508e3f0176899ad93

SHA256
da40c56da918e05529066807f2d857f19c906d00cc071b7f9c9d066a5171b628

SHA512
d3139e54c9f04c8c42219bdf54a24a9efcb7bf430fce10d1e63f490757124612eee748a0def59a14aaf2c2b7ad46f45ee2b9d0b15af2aded5a7a09ccc9c51623

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
418KB

MD5
6b3cea4e91433dcd5e08000e25f26aff

SHA1
3fa7e4807a35ded53750a9a1484889a325f5713f

SHA256
421453e48f45d169bc0bf5c1d8e6cc0e0e021c0ecf9c7761a11154a0adeb2eb2

SHA512
29fbbe226dc3f57c4e8ee5ffc81cdee23d52a43bd3b1ee4160d1f0bf203e0582badc4e56ca18c71cc152b70d67fc5f48d77602780e584dec5d890f443cdd26d5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
482KB

MD5
d42f4c428f85f294afd8b48ef97dbe95

SHA1
3027b719631712ccdded2ebde5b3e758d439b7b8

SHA256
a2eea89b26b8186591272bd8d546d9286e593baa91df8d25738dba7d309a31b2

SHA512
807b645c10d93f22ac427991df87bac16ecb920d5df52586d9dbeec7914988127e5207a3843211c9a44c1fa4051c8103bebc0da3f877344f616c3b698c8e2bca

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
126KB

MD5
47551f926f6603abff4e5780dfaadc44

SHA1
cc26edb0a7b5ce030938f8f61570f6df24713c33

SHA256
8a1d0cbb2b68381a04c3b0802b19b76f32a8150d3661918f5fd087b86a8de707

SHA512
cc293f493be739662d6dae3a16c67b3468b68f305d21ddf193bacc300d47a517ae922ccf0fa673964cdfc186aeaf13689a930707e1d94185ccdff9afa1411885

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
149KB

MD5
aa33afc16c9a2cf0c21a80848abc72e4

SHA1
48fc3e042a6371c074073b7da8fdff1aa543356b

SHA256
190e5fbe4626ce47f7f0d2875634bccb2c1049d0f8aef4ce4515e175454b66c6

SHA512
4889c311b09c987743ad08132ece5badbece0f482a5c57f68f703a7942c682eebc76601292f19c175dec03a025c1ba00912bf1340d98b5d005a8b67f0e77dae3

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
213KB

MD5
bd60738939a207c2ecf6d74cf1c8c57c

SHA1
fdabc240234b755d4645baed8711f396568bc4c6

SHA256
483984b112f9ddbd597499ac8d6e19aeb556ec0588077710cf07c8c9dc7a1f23

SHA512
7143b0618b2bf23408297e21933bf49556b2204fae1971c3b6c8d7f879afa4b7b7ff90098d2d08ffaf24aded414843f075839f8d5577161d3d218d309d14357a

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
185KB

MD5
cc1f7d1911fd081bfb11fe16948ebaaf

SHA1
b6e4233b19ae6b472e8120b05fb0edb6aa51df43

SHA256
ff8a7f580bb93dd861abff4db37c510ca2adaab849a86c6f7a2adb1b2effffb0

SHA512
b90e7dbc98c2b6219a640953e9ea91fa8edb6b0cae7a7d2017ff4f04eb069d75b67fbef2c695c4f8c68994b634700bcbcb64ae93cdd2b18114f293964bc4e7c8

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
583KB

MD5
97bc849a3d911c50eed687bb76f82bd2

SHA1
2f09b3318c98de940345e9324ef6c0dc5ccfd028

SHA256
2f9d20b3f87958927b7e8873558f60d3dcf1a5f4b276bf222504d9e6e6824e90

SHA512
000db18be497ea603f22c05a77cace286ef8108708f85134ac42770a1381a0811ef991595beafbe359e7fd202653f2a8256550f2024bd36a8d50674fa2437b87

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
408KB

MD5
4c8a1ff63fba362a13934fcfe3c2e901

SHA1
26bae2b68b48bc82bd4d26c77bbd9afdb2a38583

SHA256
2a5c5bca44576fbe361e471f6e5a0ffc08fad20bb15daed2d4af743de8254d2e

SHA512
69cc4c52de746abd6e2d328541bcf9cafced6697b8fd388caff93401f0b413d96c4d59ae2aeab77fe53dd7f6b8bb883c45ee2fa016447a8bed345890236e228a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
403KB

MD5
2de05489452a06a384edfab052ebc01e

SHA1
b8ee7850b0f1492559ff79b6a035c02510e03bf0

SHA256
64e534f838a5a90b58bc5d78edd8b8c0fa1be845892c8c25857118081d5d11e3

SHA512
3067eb7077e07cde5e3b7948c70238af38b060eec1f91c5fad42b14b9e7ea984a047ab539ad3af9bd58ca118ec023b62cb85f396e9a123c3683f0f880e5a96bf

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
530KB

MD5
3b9a90329de5f71a428e5bd896a3df31

SHA1
8541d5b120e178d70c91804ded068b4af02e98fc

SHA256
25831cc2e6cf03df96f062728c52cc14fe3245e9977a825a342e833614c46bde

SHA512
292cb912a6ce7c4c5dcbeeb06ea0dbdd99d3316e4ae4df7be1a395dddb6f9b5f0901f972d0f980d857cfabd9a9c35696ffc44e04edd9457a8e992a32a9a7d87a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
243KB

MD5
a45851ac82649f8665ad42c8468d5b60

SHA1
8671c02ddad13ac8206098b2f9a72e0d562f2364

SHA256
d067130c66c80dbba96b07e828f7f5dcf21d8f01fc112f61c825a63484930afb

SHA512
de44113331ca286d46265209dd2c5a9da0832ddfc79373a0816aef61634163274c1104dc671374fb2b6172d297757aaa3da9ffcaae7c25943fb4a38907625ebe

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
346KB

MD5
f866fa69243c5fa47ffc3b5a8e8ffc65

SHA1
7fb6e609e0758c1393717fa11c142e4cc50e0c42

SHA256
6568378ee757388cd6510ccfd9dae3529a506037927bb7a7e35b72777d2d38f7

SHA512
99fbdf207cc17d43484c8ce13fccb7175de5604d03358fab569bf73a13f23daf869a42e631bc4d9efe733a1006124e4f2975f0fdbba89fb1e56b3802323ec8d8

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
119KB

MD5
df3b8e288f22ba345db571fdf8b4223b

SHA1
6f79bd602f0b7e3aff21691a1a79eba7b4e6daaf

SHA256
ff312e3cdfa2695108e1147e90689b4cfc3e77df996e36072018023160d3008f

SHA512
d4dd3325f3cf0377840d9c4da60882a95c6f245e5ba772432e36d1e69e35de5c0d4ccdf6d5333fd518badd101341654020860449b968e557295a254b07c7ae19

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
329KB

MD5
78eb48ba27e122c7de5d6a373c2bd7f2

SHA1
fc563d75850cd2592eaece6f9a4d7716ff5edf19

SHA256
4f5cb19db919141f1e2f8a8514079dbfede10a60c9373ff6fade3a6358e41763

SHA512
d902958441c26cf4a42bbf369cb7e90966309f18ca23395e506be6690c76fd54a4dc0abb503123e9e13d34ff210703766704cd7cd682315275be3e8316e06a4e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
374KB

MD5
298dabbb4db27b32246e8fd7f21f326b

SHA1
293b1b4579f21490442085b916649e960f5bebdf

SHA256
7e1cdc1c09d7802c4c090039cb73f5b7b4b9484279d9eee9a6ed43f3ea6e75e2

SHA512
aa06b32d597ceb1f5bc69c203d8aed5b09836ac54fe3da13ea5da35f23ef129bec621249669afbdf657739ddf0db3907c6988dd7634e25e04cf6778a56854d5f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
397KB

MD5
0e5130aa886ef1f8c94839c9bd0d212f

SHA1
c027a7f5412ca1774563fddaffbee1969c87b50c

SHA256
07fa4ed2f1c253dc0107a8bc1ad06814c131009ed6f078d120b84fc3cd4ca057

SHA512
c3ee72ed8c3fce8a7dc86a4dcc5e3237173d5e28039b38e9c7c1d1f05652f1a55fd926f219da8121df9231c5d8a7abbd0e050e2e18602feb84979d0bdca7c631

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
322KB

MD5
f901ee631d462cd70449ff05baa97e15

SHA1
0e4adf9ae603e0d6bde846790a414edf36152f58

SHA256
045b090851cfae2402745ef641db214af168e44d0d73e1eb9f24a6fe2eb40141

SHA512
149672ca791ddcaa764904e6d849985110e3f3ee3f7be32408c5bee5f2bab2536954581fa598e4d80b4474cef8af30ff734d5a79a40bef804da52ba2b225c1ea

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
307KB

MD5
5b3ff914a0ac4b6122a8c6f7b7a092b4

SHA1
bdf51ea306d1f5d65402366205f340dcdfed483f

SHA256
3457b97befb2bd7785e5e63690772662676b62de759d6fdda02e3570b67ff482

SHA512
f504fb71fba1cf57af5c00dd460dd57ae473f383c600890416bb3fc899d40188e789444d6807d959d0c5dd3b23b467069c4c31336a768b0f6688b654f1992ba5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
364KB

MD5
96c21590bdc81224e9617846ec8bd1d3

SHA1
f97c7c834a2b6e9f4c6abc7c49ab615e27a1d427

SHA256
f4162d5b9894f30eea372b8de2593c1d9b21b895bcab1a78dcb007d4c5ec4a0a

SHA512
2426fb2630ead03eb272114f018c77ee7fca33131b5a98654a8ed8448550c391750cbaa1be2d96d14a17c0f8cd2ebef811d1b1b0866077a4ca691799330392a0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
266KB

MD5
3b852be94c6f06499bd37e0559d08d5c

SHA1
30bbfe6417aa73b115d782102c7b7833ffb8d866

SHA256
3555dcca03008c34ef466022b6c861e6984ea420522f81ccf92283066c336581

SHA512
dba5f6c50327e3cdccd6f69401550298480a63e7d0d7b9f974b91034534b5ecac78e95c0750e4b7348cf01dd7d6416e715d3f60ce9c8b21bf3ad6fa3c059cead

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
272KB

MD5
c208e4dcf0444bade48998c6048fc0de

SHA1
406eea55debf6c31ef7c1beb43722a5ca4257df6

SHA256
2b3fa8d072bae595c63006255c16bd29e159e2870d2c0d76922056974fe6f5eb

SHA512
8e3df404a44413b8f1949967a77525929e7d7f997c33442e1e36fbef2beccbbf216c0d7adfda624727144e01ab62266943c74d716a2614271f8c4299c103ef7e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
419KB

MD5
0503c2e5ecfeb3ba4a4927e8589cd775

SHA1
8420fbb77edfcfa627cfc377650de19097103888

SHA256
389e8ee48ff3ccd1869020dae744056dfb87e4f2d56f7e136268edae15ae26c6

SHA512
04a317c4f222bf41351290c4a699b3e58d074374e59f1c6f2a3cd9aa350520357f6a25b66b8059f39f0fae12c1cd3f9fe810ae46dcf5784d78a718ec62b47a14

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
204KB

MD5
05aab091d39f1c0a5fd15e81ca71c807

SHA1
6cd5d759dae51e18afe7fc52819c4b138d1969dc

SHA256
c09a46877eb27a40f890a0028724ecad5b566b53836bc219c2496c1e70fd951d

SHA512
7f8332b1b461f92940d47bb5845e11f84316f29f70187a4bb680678bbc7a558df9ffa1a8e556db5f2e1d6873ca62ab7fdc0aba796b2436909216cce20d1f619a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
230KB

MD5
536177d7c5f42e82725c8819d3b7e372

SHA1
b0b9ee6f10c8a978f51d9766037da89553e31b2e

SHA256
7fbf09c7add9c446eddd0d574235e38d37e0d4ade713e67f7d24b557859a3664

SHA512
1a76f3fb2f8611c6256a81999e7f4e3f247d13d49a41328ae40635d8546ce001deebb5af4000128490108fe994f81f72748fe5fe3621a3589e2584f6f58d23d4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
258KB

MD5
232aa3be02c92a984e92f8d5c571d6f6

SHA1
4c84a28a18637afb9609b928f72a1419ab1ecf3a

SHA256
7f69cb4ad18a216e51b56934d6b0e437516086cbd7071e9d9085cbca3295daab

SHA512
b8a35c8aec2a5ccc881bda1d8ce22bae561a149f7f7beb7311dc811152b4c680f4e99ed55bd3b6eadc98820a4d6894f63e2ca7eb2ac1967492ed7e3304a51670

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
188KB

MD5
23ea8471965912458c349c44d359a262

SHA1
ccf811d96a876b2555a2b4dce124cbe3b1fa7096

SHA256
6081608120a7277a16e3c6bbcd70a32ea5f4fc89613b652f81a7372276e6adf9

SHA512
9b50469d82959b3a57934c7832f3474eed9b1ddd64c015ab70a56135fc64ce2e5237ae1f628bd671bb973ac8c645e439b0f2360248e259e52a0213cc96327991

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
278KB

MD5
9dec2193db978ca2d94edaceb29fa0c6

SHA1
3c077046ec463ea60f88a4495c5aef97bf09b5ce

SHA256
2bae2c64a091c57e93c46547d7842fa57b20c5ebff9a450c208e26fdf224dba0

SHA512
5adbf24f8a5c7eabcfceb0ce643634fa52ebb83acfed518a070bd4ee9cd740fdfff90f88d1286fe965af5d637b0bf70de1f0c560f9aeb31ff3ee86406ff1a7af

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
265KB

MD5
c7a0fbe78de119ce49cd41eb4154d69f

SHA1
95f588bfffe410b7d3c6fa1c60c55ba92483258a

SHA256
ac6a46e1e8a9cd24b0e21f57b6a9512998fe1f61e11f92b261db29093c6077d3

SHA512
27254f2032a1946f2f66444364dfb8bdddea02d09a541a3feea322d933500824474c3c6cf68d97a86baa1fd840af1306e1eeb5f350092b6eda9b3885906c9417

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
91KB

MD5
49cd526852949513fb801e8d4151258e

SHA1
188122c996e757e168db32ebf1658c187a72d862

SHA256
9a5df2be0f8e15aa0cb9d9d32c14af81c02390835c963162097465a4c2552fc9

SHA512
9e78a5260b300305f5f0dfb11be841f0cdfa6eea4d09fb21860bc4fc08c2d4bb83af2d62384cf23221b70224647940610238cb1e4bb809719362bd5e1f801fce

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
233KB

MD5
bf8419f2d2f1fb99c8c53289e7e948d9

SHA1
92fd4df53afde0e5fbe1afbd2d183500b42ab73d

SHA256
d7afa75ddbdf7b7137f1c382e34b2be3b8e625ee56dca7d9e5cc1a9757a12b04

SHA512
2d4d9f3ce09ed59298f79ec04ee368d38949cf5bbef246ddfaf171fa59db68c0b97369321e63095842882b2acc8856b27e3f8f658549c9a08ea93833044e199a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
207KB

MD5
ccdc5b066bcde2222d06a4b1545e464c

SHA1
d0deaad762f840762c4de59e8034e3d766f1576d

SHA256
4f6c0a1fe865b81d0749641a372f21bfd8a9ae46905eaeb0c2493b5102540674

SHA512
a5bb00205d47761764e4a60596624b460991a20a56ab076cb8e3e1a7e6758379729fa938e33d3d857ed3f9697693ddbfd127df175496da704118825652d011b9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
155KB

MD5
55143a07f06efd6c7148ea4f9c182ac9

SHA1
fd091d827c238aa59ecd150f313acf51feae998e

SHA256
d176cab4878892bcc13f921d93d7889e07297310ceb2942cc3de5c0898460d21

SHA512
3653947e85fc87bbe7a5e4d5a7dde3aa5866be836f98f469b629470d85f0b141c5c7dc878a7cc327208cd89de9065acd494b880eb00520b3dbc8e9440ab6d698

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
235KB

MD5
54a7cf71576d41f251915c8783488772

SHA1
aafda67d37be93c729f675ed4bd277231b8ea3c2

SHA256
c9388a16d726f7fddc976a962c63f3b2bb7c7d19540cec04c245c1c00483ebfe

SHA512
24de7689ece152c74b50dd6173c08bfc85ebe127642c45a009475d6d51cc5d46028d98a632fc4f15b725c3c2b9032d9050ffaf3f1c3987e9efe1174c6bb3a460

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
188KB

MD5
fd5bddde850b3845ee89074b2a0b87eb

SHA1
3af69dc98df560f594a68b77fe7997996bbea19c

SHA256
3c3b21f0929e8d288b755ee169d31250296051afcd220aa92968122e4ed452bc

SHA512
e8dadb4d88828022f6d0ca9178b1589290b6b52941cd46c18f14cdf159fd94b978cb2d7cadb0ed424796ef301fda48225fc621fd5ba0905f0a3191f135c8f82b

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
384KB

MD5
907e833a984184e28a1fd67e02459ddb

SHA1
becf2f9eefc1604737134e88d9a2456fc6021f37

SHA256
8e6a6cd3485be4bbede1d794b57432cf243aacfd9754a1d2f6016297e858690a

SHA512
1d51f9567132d72ab57010ded1110e5862c9eafc72ebd4e3c3268254e533e280316fff8d10f66842989513831eea4386596d5514ee916b1ed4c5a85dde1fdf79

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
21KB

MD5
d25351e793daa5a648a6de747bbb364c

SHA1
75c34569a36baa095180f9742b0f37375770af28

SHA256
731cbae29840e2e83e10148993f126536c33b824091841603ae1ccf13ba2c05a

SHA512
1399c43dbd59df9de3a06cbc2c7d4632a0845cd5c9e8e636603e7206ad67b4b701d61f0b57028061966347da712acaf60b57c9ea6e64d8d92172e131d8828162

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
56KB

MD5
a8cfa07966a2bc30d011a4cdb1cfe76d

SHA1
2fe39be84c8f857ea2d0f68029bc331026b3aa89

SHA256
694994846ebf042db49983e2b9026aed5a81b2b101136bfed04a6eb090f3a7ae

SHA512
cedba5cf748108ca5ce584d422745110d925c0c9e4c9cc7671be4ab8256eca6f699ea6f4785ec200428832ac9988d78e47f5e8d06c0814c8b1d4d45ef2340eb8

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
2dfd348e35b60c5835d980870359001a

SHA1
d7939ad8501bbff2b8dcf7a086bad6fb54a0c89c

SHA256
9e768d51f87868c3356110aea2fb1397f3278f9ace8b0d9b42eaa660dc500afc

SHA512
26b3d0c504593bf8618fc8a8006ac652fc097dbd4a35a09774a4e95f73a6829314c5ee6908952cffee8e34288dfcea6492985a679d901083052e69c4120518f0

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
878KB

MD5
8cf6ea3b2009fb249ebe4cc66149d44e

SHA1
1ad27de346e467dabc5e332fa69a7c2d8de2d414

SHA256
ba5278b724f5635a4f564e4610d4c2ba568ba643febeace3f4375f76dcd3c7b2

SHA512
603b1a0e77c32b7487eaf935e9befdca5267673cab56d31c2ca7e13b2a4250da895bc98dd42d4eaacd92d7ee7a89442d411df3987be5fb85b1c38c67c0e1ef7a

Download Submit
C:\Windows\System32\Locator.exe

Filesize
34KB

MD5
2b419b561d6b10d1e52a8fe9cfed707e

SHA1
a2dbdd90b06f11ef3c5eaaa1c96270973d08d064

SHA256
d8dc168780933b8d23bea82c282c48cd9de3f02f43e23a4d5b72e50fe35e5322

SHA512
c3d074c387636a68566c3beecfd0113ca34c8d04f61c1d4bb6406396a9ccff2007b448bde5701f9d010c5769ba41b434537a41ced965c444c58ac1a0646120df

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
164KB

MD5
78ecf9b6b336dc1989c066fa7693b86d

SHA1
cfe0348e1f8469da6bc5209e93d288a74ff72089

SHA256
98113395f292d9589cb425209878ded3207da2dd37bb9f1da3e6f6daec41bce3

SHA512
f9692a20c9b954bd406f9702ce06366ea370b94f15582d98772d985c804c6c731a1671df171e256bc26b70cefeccb4b4bcfd8e870d86841da432de765ad1bc6a

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
171KB

MD5
6d8cdfff1aa0e240203dcb6cd6075466

SHA1
ecd7a29d992d8867c4d0a337b7fedee76273c83e

SHA256
0bb29fc02d84312135dbab36eba9207007c993b006ce7e23abc3a671a43667d4

SHA512
30c253d803be1e360872940971b13479213a37fe1e009b31ea38c53400b02a9e8f348c2d9d0d1c1a285e46f2eff8f07d9cd58d321ca9b03c16d0b193355ce4a1

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
30KB

MD5
c901b35116835ac34fc35889e29d8a86

SHA1
35a319c79655e3ca75bff971bfb9f848c3c7fce0

SHA256
16d15c9a658a2d6c2e82b8fe481d78585bb23d63c3de9149c16d905832ed2cd8

SHA512
a88269fffb9fe4a9c91a5e330617c706691c782f297f2a0b30f79db1e9041630b921830abfda1f8dca177180c20f965a37d2399f344dfc161e2544fd86e3d5d6

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
6KB

MD5
12c20820e6f47e0ca927fbb50cb101c4

SHA1
46e0b50d268caed62fd775270d2ae9045cf39fa7

SHA256
c0e9b4fba381851aa6c9ed3c6fef216e0f483f0f4cb18333ca98807bd27e8dde

SHA512
ed4f11230e97a94448442d7832c71d7bf727a55f8dbcbc8ddf380889adbeb6ee0f09b02682a0de71ef925a3c6b9bafffd98ef6e6728f7a8c6243722837b5fe01

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.2MB

MD5
a8667dbaded27f6b5d62716f332844d5

SHA1
79f85ef050b067f5726bab49a9b31087b69804fd

SHA256
a58647c2831cafe965ffc6daddf9eff04aef555a1527f2af0382c4c4ac2621d6

SHA512
7c48fd06dfda580fc9999e6547da779557e9f3f513d7961b953a53b2a6d19705e971ebab9171ed5572ee99f47834646583d4a66b411d55bc4a6689560f5609c8

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
130KB

MD5
a9033b0315631dad3fe715f3d453e528

SHA1
a97169d2c6db6e2116d0e096fbf5df5ac883dde2

SHA256
13267ab6ce5f28fe42a6c5a8d57cff46f7ae6e88efa315f03c2c228b7c54a5f8

SHA512
f76a281a7ad5baaa85446436e583465689238949add4cad51df4722a3068d776ce2e348e570021bc7107c8d066937efbec60fe3e6e29546cc344e97aa1445adc

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
57KB

MD5
e6386580348d268b2f07944338efe43e

SHA1
8224ccdd425373d01ddc3b06ab557f4b37221cd8

SHA256
6034bce2fa631daafd007494e103effae230bfb72349eebf67f7509c8a4d1b1f

SHA512
bb0d46b7afb74505825a9b0fc2d7ddc9b6c9542e02bac72ec76a04cd3cab0f306cbb8e9ae9787f1a1fc8157b22159afb463483945a3f835e0d3d4e1beb3cb99b

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
51bb32b50d691996b306f81bfb094e09

SHA1
44fb70a7b333852e5ff77a2119240ee61b55d8ca

SHA256
479488c1cf89a76e1c3f2fa820cb6f2d708a8949d160952f10c6133af0dadc46

SHA512
5298338782e454280f02b0999cbc515f07ae185bc52544134b86789bab9c309551deb324409bc01afee78e7e698857ca633f2eb7628d193f184cdc5f544fb6cb

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
125KB

MD5
e4b301da38ac2dbb8e733b225ded58b2

SHA1
33d90904d8f31098986805c75d52c7d40edefbea

SHA256
c8ad3c0c264e34639b0f61c8689fc1b9615d5d423b3f142f8957b0fb49b99b42

SHA512
522c9879b2b7ace00af050c40a9f26ca7dfce6d413d796da4d48d557393e442aa753342c95b96dd36cb468bbbc952919aedb79db93ca1215d98723469b03f0e1

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
109KB

MD5
02e7401b05b45ef0d8fdfdd269048896

SHA1
333d08a11120721f2daff9f9f793a513726bd9a5

SHA256
28f410f28babcb1296d6af4ddf3d94d75e9cdf1e383970576e38a4c8d7a988bb

SHA512
3c71a0fece640ac175659f2fe58a5cfe65b40fd89a803e06fb893e37066d1dfc642846e9feb23522b31b043ff4facb0523876b56bc5ea2f22a9721fe817107fc

Download Submit
C:\Windows\system32\AgentService.exe

Filesize
268KB

MD5
08b70bf7c93ceb04617e935b33b4a769

SHA1
eb40a1b2d4735546a8180c4c7bd78bfc1a20c893

SHA256
a8b3cb35580b67a406a465461ef03a1c8fe0f7ffca5da01b689d4e77883c2e4c

SHA512
9dcb234e333ef0b11caa3c77673477d6ec9853de1851791c50f0769edaaf96d762e3af95a15e979107c8eeb8a15a3dda0784da9fd51fd225017b5b563ecdc8da

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
81KB

MD5
3d1c6de8ee2126567291ed2e5f9632f8

SHA1
9d90370774393295567c707e28c0b00b9c146a1a

SHA256
f554f7af13780a3977fe1e7ba6db00b6fc3b5c0469cf7ec82f21710e8a5797a8

SHA512
d0ce2d50ea0191ba4d15aa3949f5ffdf16c9026a8d64b9d706eff8c3d4cd53b49f1772005313a8fe7530cef628536b53fc3d829a7200c307b1f66e48febe5df0

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
41KB

MD5
99def965599e5f8189fc7ab5dbf95af6

SHA1
be2f87b3e4f3c7ec5ba753ebbc5e8bdf0b0d07da

SHA256
d27f205fcaaae9e4b14862ccc788a6ba821e394d9bbc5dea79af3db175c807d8

SHA512
465e7c48dbf16e9b1a0590f192abf0ba87e978305fecb61b3fec345f5105032e1b5440b16e3c6031a0225d0aeb10ad12158fb066f33f888dac1edaf0acd0385d

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
17KB

MD5
888e733fbe9860431d6228d4d412c551

SHA1
700faa9bdf18363c3c74e87a2b7dc340c4a86e4b

SHA256
d14558ba1ea251aaa5b56e6da9d6578a3d5631db20a7e97a0b464db43d411f7a

SHA512
7c814b3aeb252a951d1ee9e8e31cf51badafcf6770e929d65f7416019c9d989fa690333815fa32a6e473cb0b451a54c43121d4c1490970493cc65e9a1430e8b5

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
72KB

MD5
3fbc1a551623650aefff1ad768a9d397

SHA1
83246aee2cccf3cb218f6c6b69a05f31f4cfd981

SHA256
aaaf4fbd82344d17fa28e8324eb6fcf7bf4eb77697cc0104f2f2b93f088671f1

SHA512
0ebfe25a41f2bc944dae3dff4a7c9478fb26353591d9c385b05edaef0ffbe70e4618dc34c544698b00e2d637ba9bc5eaf007f8534216ab6f8da7b5fd3282d796

Download Submit
C:\odt\office2016setup.exe

Filesize
435KB

MD5
7c56649d3ec62702b471926e0ddfad5c

SHA1
7de58a696646d1849f79b906a55ea343b17aa0d2

SHA256
c31f8e3b9e8d9ed84b81ccafbcd0f15009eec7da7a9daba3eabc9480b1f0bbcc

SHA512
2562e76869d70fc2914d79553898ba6010a91722f358aae27e8eabadf125491c4add817eb4281184a6545ec6a6acc15ec6605b61e5100837a17932a5a387b330

Download Submit
memory/392-118-0x0000000000C70000-0x0000000000CD0000-memory.dmp

Filesize
384KB

Download
memory/392-119-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/392-189-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/392-125-0x0000000000C70000-0x0000000000CD0000-memory.dmp

Filesize
384KB

Download
memory/516-154-0x0000000000C40000-0x0000000000CA0000-memory.dmp

Filesize
384KB

Download
memory/516-143-0x0000000000C40000-0x0000000000CA0000-memory.dmp

Filesize
384KB

Download
memory/516-144-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/516-151-0x0000000000C40000-0x0000000000CA0000-memory.dmp

Filesize
384KB

Download
memory/516-157-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/1444-160-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1444-161-0x0000000000CE0000-0x0000000000D40000-memory.dmp

Filesize
384KB

Download
memory/1444-225-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1444-168-0x0000000000CE0000-0x0000000000D40000-memory.dmp

Filesize
384KB

Download
memory/1608-181-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/1608-174-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1608-241-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1640-13-0x0000000000620000-0x0000000000680000-memory.dmp

Filesize
384KB

Download
memory/1640-29-0x0000000000620000-0x0000000000680000-memory.dmp

Filesize
384KB

Download
memory/1640-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1640-142-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1656-279-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1656-222-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/1656-213-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1680-191-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/1680-252-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/1680-198-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/1936-94-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/1936-100-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/1936-93-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1936-159-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1972-550-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/1972-289-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/1972-280-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2028-548-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2028-362-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2028-235-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/2028-547-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/2028-228-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2152-6-0x00000000023C0000-0x0000000002427000-memory.dmp

Filesize
412KB

Download
memory/2152-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2152-129-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2152-7-0x00000000023C0000-0x0000000002427000-memory.dmp

Filesize
412KB

Download
memory/2152-373-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2152-1-0x00000000023C0000-0x0000000002427000-memory.dmp

Filesize
412KB

Download
memory/2196-544-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2196-254-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2196-261-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/2892-267-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2892-276-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/2892-549-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/3272-383-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3272-388-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3272-386-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3272-363-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3336-210-0x00000000007E0000-0x0000000000847000-memory.dmp

Filesize
412KB

Download
memory/3336-204-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3336-266-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3748-201-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3748-130-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3748-132-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3748-138-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3888-105-0x0000000000DE0000-0x0000000000E40000-memory.dmp

Filesize
384KB

Download
memory/3888-104-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3888-111-0x0000000000DE0000-0x0000000000E40000-memory.dmp

Filesize
384KB

Download
memory/3888-117-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3888-114-0x0000000000DE0000-0x0000000000E40000-memory.dmp

Filesize
384KB

Download
memory/4472-243-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4472-249-0x0000000000630000-0x0000000000690000-memory.dmp

Filesize
384KB

Download
memory/4472-503-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download