464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1

Analysis

max time kernel
131s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
Size

1.8MB
MD5

95e5942aa364c47ab713eda891d00c78
SHA1

c2f6fe071f412c37bbd4100652290fd88cfe6874
SHA256

464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1
SHA512

e76dc76ab377cf54d0551f46b8446353c1777eaf4f29254991c3c0c3e6a9728e87bfd1f3a6d8a26f94bd521fda1b0ab0b6b5f15310d200bac30037e2b5f8825b
SSDEEP

49152:0x5SUW/cxUitIGLsF0nb+tJVYleAMz77+WA4xV7RkaNyFnt:0vbjVkjjCAzJJxVmMyn

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 13 IoCs

pid	Process
4696	alg.exe
780	DiagnosticsHub.StandardCollector.Service.exe
872	fxssvc.exe
3744	elevation_service.exe
1080	elevation_service.exe
3616	maintenanceservice.exe
4296	msdtc.exe
3980	OSE.EXE
3276	PerceptionSimulationService.exe
1780	perfhost.exe
4888	locator.exe
4876	SensorDataService.exe
3052	snmptrap.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\dllhost.exe	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Windows\system32\msiexec.exe	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\935fe84a5bf65ce.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Windows\System32\msdtc.exe	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_es-419.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_kn.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_ru.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_zh-TW.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_108796\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_am.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_cs.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_pt-PT.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_sv.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_gu.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_108796\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_it.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_hr.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_hu.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_es.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_ur.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_no.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\GoogleUpdateComRegisterShell64.exe	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File created	C:\Program Files (x86)\Google\Temp\GUMA671.tmp\goopdateres_is.dll	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
780	DiagnosticsHub.StandardCollector.Service.exe
780	DiagnosticsHub.StandardCollector.Service.exe
780	DiagnosticsHub.StandardCollector.Service.exe
780	DiagnosticsHub.StandardCollector.Service.exe
780	DiagnosticsHub.StandardCollector.Service.exe
780	DiagnosticsHub.StandardCollector.Service.exe
780	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
680	Process not Found
680	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1428	464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
Token: SeAuditPrivilege	872	fxssvc.exe
Token: SeDebugPrivilege	780	DiagnosticsHub.StandardCollector.Service.exe
Token: SeTakeOwnershipPrivilege	3744	elevation_service.exe

C:\Users\Admin\AppData\Local\Temp\464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe
"C:\Users\Admin\AppData\Local\Temp\464426e480630cf2712337cd5fbe9ec402c56d837446cfe420f934145cf6e8d1.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1428

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:4696

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:780

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1648

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:872

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1080

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3616

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4296

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3980

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3276

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:1780

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4888

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
PID:904

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3052

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
PID:4876

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
PID:5104

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2748

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
PID:4748

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
PID:400

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
PID:4388

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4412

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4408

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:4048
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 808 812 820 8192 816 792
  2⤵
  PID:2040
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:4548

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
365KB

MD5
895605ff40f16f19a5df398a2595cae1

SHA1
db83b185413eb7c5675d17abf1710dc05e4e5cf1

SHA256
95ff13096590448789113d4d6dfe08f2e8196cfcabef7a4f1cdc613e1feb0172

SHA512
d6a042804c7fca828f4c2a99099a040c298620ef5a1abc58128f8a9d7d490a4c4802106330a28316a23fd6c576e1d9748c4b5f60b6dcf38d855b8013adfb93cc

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
93KB

MD5
6363bd0c04e5e663e4452bf0b60ae270

SHA1
9b31a901dc53867e84435bf93cd594123b088974

SHA256
37ee6688485dfe9591afcb107f21e94380c3344836c7fddada3ecd3a5664f5e5

SHA512
b3f403c5aee66edd4c119a7f9a6318b48c9895f4012b07143040f8da2a1425f1b18b694c4f681edfd34d68ebc6598f0c97225b302d8bc3e18c473cb0162d53e1

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
92KB

MD5
63d1eb1a21b0954bc2810b629c5dd5b9

SHA1
d8981d1f3bc7c7f655501e5e84d1d08ded7c9697

SHA256
fac57b93ec46d3a86a106c115a65214477f822a322895403960be59ebce7fe98

SHA512
94bd24b12edb21c96f88bb681fc08c55a6c3cf8a7cd1a6e07624ea88d0b9828b8e1b293b6bee237b486635d73387eb3a57a8faf680a7cc846310ecf0d2555919

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
76352e6bb89b43d85addd35a838b310b

SHA1
1255085e5b6cde0843576528f33c6ec8974a9cae

SHA256
533b1f90c4b9b86469219decc99d16ff449c8f2a9a942255dd2bd781194f7a3e

SHA512
f524b7e3074b7407a5256571bdfe85dcfce78e4b6ed668519288b634367aed7250d82abde8f618807810bb277625bbd8df8fa7fec4c19ef44e59065c7fe4658e

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
199KB

MD5
a5808327e116845db09cd5ee9f4ab09a

SHA1
00ccc9be4a5154bf98fb1fc4f0c7352c3f39abc9

SHA256
11133b49143918309afb71d9ad8a44792771e675a7d3e312b54e5f82c10b692a

SHA512
79405d13ddada4825bd464cd3607eae5e73b5c35448259397c525a8d915bac0af4eddd9a66ccd3d2341c27d70e1c2c5a38a279130e269cbefcac6e370f804fe6

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.6MB

MD5
c13ce171bd6ad4c0e84b15b5a25aac5b

SHA1
5a12319fe2dc0b2f3b33898e4350c7e6ff3fd024

SHA256
179a07c926d70bd54e4431b40c776442b8068caec897a3d87a6c26b3f5997c23

SHA512
f475137006e58f8431506860a9edc2a8e299904cac1beee286c4a18c189f40e7ede2e27e522d9f64dc2b2d6cecdd183907ab7f174377cc6b4413d8d861b114fa

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
640KB

MD5
385a49ab25b537bf86f11590b720f47e

SHA1
8021395438138fed2a5e54e2f432596561e6f1e7

SHA256
788c6adce32b4cec0949f60ae5aef91289361fa702985c35da5f7c40e4175747

SHA512
4aef9f1a68c8eb88d9fc8775c8aaa2b2c6de3332ce647a260a1b520f8fd741382a18996cd0266a280a328f1b066e47afb710ccb8009b311f7c7767ab7e0ae2fe

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.5MB

MD5
65fbb2e792add34b70b0edc171772d43

SHA1
e2ac721fd7af49118d9dd91ac54fcaf8b4c75298

SHA256
2f26e79fd7ecb95597caec0086b97ef4e52471455f755f9c467f0e3eb3302093

SHA512
8ce13925eae640a54dd0649101fe715d23cc825297152665603bb40370753fde427573b2bfad56526e520ece40120c420fe6c1816648edc2902c18921e1151c5

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.4MB

MD5
9a30f11d9e40d774eb03d86c4aca575d

SHA1
01c3e808f110e15edbe19c42191ae1090dabcc45

SHA256
af891d63019fede25e517830a2c7e0e6360971b3b8596b8ba1c31428cbdefcb8

SHA512
d8c5c3cc9aae990780af5396c34d45019a25593bc8346622c56c66be1860ad13294f5083cfec74cbc6b5a641188792293e9f608290b9d56e53f20b54e5b46d6c

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
893KB

MD5
3774651994cb2b43205e12ceee7d20ba

SHA1
f75392e7c9a55ef83fc79b605bc4b5458c2b94ab

SHA256
53902e061f19af11eac892ae0d109212ebd7c291b6e2059afb72857ddf68deb3

SHA512
e5a0ca644979a69304c5e214d4bb0d28d62f0d2563613ed764ca54940943dd2823976b3f4ddaf99aa4186af31b607a1363ca7cd57696fef22168161c3b92c82b

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1024KB

MD5
ee5a5718d98354ed5567251e49ce6402

SHA1
8594d8cc17aa957c56cc54920975543b618d6997

SHA256
6cedfbfe98fa5727dab4c75dab7125d018ac9dae6dd4a9935509e8000398afc1

SHA512
7bd482d09b5ad380c09a9d7a3557f430e8590994be63f1f22a6b4c1a51cd6ee51bea24a8daf36dccb09dbd765ed11ea48d17e84af7571cd886eb170ac822ec5f

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
92KB

MD5
164887e147a99dc2fb61846b9ef5d9f8

SHA1
e21bf15688327ab53b0dccbf4c9d4adf2fc8ed82

SHA256
696768c1579c6d0b5cbd036bda2a9a6fd3df7c36929241c6c9cd939839ca8b82

SHA512
1525f4b12cfdd2f3e5fcf0de62866a091e2ad52119baa9153fbf6c5d7e8c7676a44b245e023331b092a03d2b88e09edb9af52bcdad0e0178f613ee3de34bd9ae

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.6MB

MD5
ec9e947f5be29ea18dfc74853af71c40

SHA1
6ffd263b330df8971f08246449748c6316023834

SHA256
144b0d909a4280d8d483d67c5bf2017c5bab651706d20261a950246529302c7c

SHA512
2fa8522fb4b47e1eb1b0131c01628551e2d602d50eae5cb15e8c23adf97cbc4cf9fd04248025bae1f5415c5fa85b252b7a8489d38a9beba122c33167c14bb3a9

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
348KB

MD5
0a6fc04fabe8e675f2d5f3d5c3d33317

SHA1
a5f9bab65f893eeec844fb5af676ef21c862b16a

SHA256
6e355b4857f6f16e02fa4178fcf796c663c3f62d992a5aa37cbc30799dd38a99

SHA512
1e3749191be798231d118374b8f3a1ad07f37201ef9f876ec8cdb62aaa75a80167d0a52ccfca151465e7ec71ce5d9bee5a6335504386e654d4e710fec9f8719c

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
859KB

MD5
75af568f02af41df8dd8c9386e87cd51

SHA1
63c0b8add0f7fdeffdb5bf32169415b698b954a7

SHA256
9af472579330fd9f860c0602c60afb7c1b1434d975f59d74a201433641cdacda

SHA512
0d82294b2e7a791c37e57bf69febf664625b504b6eeb1ed2622a72dd02f8241a060c40b6b057850b63d4f7a6217c76fa754ecd9acd9fa8add48c571ec28d429b

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
92KB

MD5
2d936596b4e42d62d4f6c4299f0ef6dc

SHA1
6968c5c487209474946fabed0a232598b3d434dd

SHA256
77eefe9d9ea1a6de6e02a6156883b8d9f48bc61e78ae3a2697ccb0ce1a0cd89e

SHA512
5b443fcbc1e27d0578e687e73cf1ca2efc8f7f3c6b1761acea613d2512ae5dcc086c127d2da77a932b8a49c6a2928f990669cd6a467f1c0748847b53b84886fa

Download Submit
memory/400-465-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/400-568-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/780-140-0x0000000140000000-0x0000000140294000-memory.dmp

Filesize
2.6MB

Download
memory/780-26-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/780-20-0x0000000140000000-0x0000000140294000-memory.dmp

Filesize
2.6MB

Download
memory/780-19-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/872-101-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/872-96-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/904-435-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/904-444-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/904-483-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1080-111-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1080-120-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1080-239-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1080-114-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1428-7-0x0000000000A70000-0x0000000000AD7000-memory.dmp

Filesize
412KB

Download
memory/1428-112-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1428-6-0x0000000000A70000-0x0000000000AD7000-memory.dmp

Filesize
412KB

Download
memory/1428-1-0x0000000000A70000-0x0000000000AD7000-memory.dmp

Filesize
412KB

Download
memory/1428-233-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1428-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1780-463-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/1780-415-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/1780-467-0x00000000008A0000-0x0000000000907000-memory.dmp

Filesize
412KB

Download
memory/1780-416-0x00000000008A0000-0x0000000000907000-memory.dmp

Filesize
412KB

Download
memory/1976-583-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1976-476-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/2040-566-0x0000018266F50000-0x0000018266F60000-memory.dmp

Filesize
64KB

Download
memory/2040-567-0x0000018266F60000-0x0000018266F70000-memory.dmp

Filesize
64KB

Download
memory/2040-581-0x0000018266F50000-0x0000018266F60000-memory.dmp

Filesize
64KB

Download
memory/2040-573-0x0000018266F50000-0x0000018266F60000-memory.dmp

Filesize
64KB

Download
memory/3052-433-0x0000000140000000-0x0000000140281000-memory.dmp

Filesize
2.5MB

Download
memory/3052-478-0x0000000140000000-0x0000000140281000-memory.dmp

Filesize
2.5MB

Download
memory/3276-235-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/3276-407-0x0000000140000000-0x0000000140296000-memory.dmp

Filesize
2.6MB

Download
memory/3276-252-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/3276-234-0x0000000140000000-0x0000000140296000-memory.dmp

Filesize
2.6MB

Download
memory/3616-138-0x0000000140000000-0x00000001402B5000-memory.dmp

Filesize
2.7MB

Download
memory/3616-132-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/3616-124-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/3616-128-0x0000000140000000-0x00000001402B5000-memory.dmp

Filesize
2.7MB

Download
memory/3616-135-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/3744-107-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/3744-228-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3744-100-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3744-99-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/3980-215-0x0000000000800000-0x0000000000860000-memory.dmp

Filesize
384KB

Download
memory/3980-222-0x0000000000800000-0x0000000000860000-memory.dmp

Filesize
384KB

Download
memory/3980-216-0x0000000140000000-0x00000001402BA000-memory.dmp

Filesize
2.7MB

Download
memory/3980-406-0x0000000140000000-0x00000001402BA000-memory.dmp

Filesize
2.7MB

Download
memory/4048-485-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4048-593-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4296-141-0x0000000140000000-0x00000001402A4000-memory.dmp

Filesize
2.6MB

Download
memory/4388-468-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4388-582-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4408-481-0x0000000140000000-0x00000001402B1000-memory.dmp

Filesize
2.7MB

Download
memory/4408-592-0x0000000140000000-0x00000001402B1000-memory.dmp

Filesize
2.7MB

Download
memory/4412-471-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4412-580-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4696-12-0x0000000140000000-0x0000000140295000-memory.dmp

Filesize
2.6MB

Download
memory/4696-125-0x0000000140000000-0x0000000140295000-memory.dmp

Filesize
2.6MB

Download
memory/4748-460-0x0000000140000000-0x00000001402CD000-memory.dmp

Filesize
2.8MB

Download
memory/4748-561-0x0000000140000000-0x00000001402CD000-memory.dmp

Filesize
2.8MB

Download
memory/4876-474-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4876-584-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4876-428-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4888-426-0x0000000140000000-0x0000000140280000-memory.dmp

Filesize
2.5MB

Download
memory/5104-558-0x0000000140000000-0x00000001402ED000-memory.dmp

Filesize
2.9MB

Download
memory/5104-449-0x0000000140000000-0x00000001402ED000-memory.dmp

Filesize
2.9MB

Download
memory/5104-456-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download