4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
Size

1.8MB
MD5

02f4e95067e45481c1023e54027770b4
SHA1

32342ce6781ec362a6b44144335532d9c9ce43d3
SHA256

4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0
SHA512

b91275620285a718e6fc25da56daec90e05d5a2293e387271b6396389bee98135a1c2d87155dfa052b31e220c7d0f129d0ffa74b8a55ee188ad7b86ce9ac0c9f
SSDEEP

49152:tx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAPkQ/qoLEw:tvbjVkjjCAzJQqo4w

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 15 IoCs

pid	Process
780	alg.exe
2296	DiagnosticsHub.StandardCollector.Service.exe
976	fxssvc.exe
820	elevation_service.exe
3976	elevation_service.exe
3128	maintenanceservice.exe
4940	msdtc.exe
3432	OSE.EXE
1892	PerceptionSimulationService.exe
884	perfhost.exe
4296	locator.exe
4072	SensorDataService.exe
2708	snmptrap.exe
4596	spectrum.exe
2380	ssh-agent.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 31 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\locator.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\System32\msdtc.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\system32\msiexec.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\system32\spectrum.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\152d52196319cddc.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Google\Temp\GUT83D7.tmp	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83D6.tmp\goopdateres_hr.dll	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83D6.tmp\goopdateres_vi.dll	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83D6.tmp\psmachine.dll	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83D6.tmp\goopdateres_tr.dll	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83D6.tmp\goopdateres_fr.dll	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83D6.tmp\GoogleUpdateSetup.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83D6.tmp\goopdateres_fa.dll	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83D6.tmp\goopdateres_iw.dll	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83D6.tmp\goopdateres_sr.dll	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2296	DiagnosticsHub.StandardCollector.Service.exe
2296	DiagnosticsHub.StandardCollector.Service.exe
2296	DiagnosticsHub.StandardCollector.Service.exe
2296	DiagnosticsHub.StandardCollector.Service.exe
2296	DiagnosticsHub.StandardCollector.Service.exe
2296	DiagnosticsHub.StandardCollector.Service.exe
2296	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
672	Process not Found
672	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	852	4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
Token: SeAuditPrivilege	976	fxssvc.exe
Token: SeDebugPrivilege	780	alg.exe
Token: SeDebugPrivilege	780	alg.exe
Token: SeDebugPrivilege	780	alg.exe
Token: SeDebugPrivilege	2296	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe
"C:\Users\Admin\AppData\Local\Temp\4c1dd93ce4eb994ad0e2f78d3b8c5245653ab204948a247fa2241517109389f0.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:852

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:780

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2296

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4928

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:820

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3976

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3128

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4940

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3432

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1892

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:884

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4296

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4072

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2708

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:3880

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
62857fcb69939aab87135c78d5ba7a07

SHA1
da0f65f35dad13d6fef7f83fae46ff263a47a8b6

SHA256
029cb99562be389a4b435356e4424284a7b67dd086b5ba28a3c34578ee5574e0

SHA512
747289dfe948efd9760e498ce6175818a495a71a19e985c2028b46454ecf175e7c39a78668a16d69fea6bed7f294291dc9cf3033a1ca9452649dcee0d6899fd8

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
375KB

MD5
710420bd0511a625ed8bdcf61b88330b

SHA1
6052f6aba66c9a2d33b9c66e4ee272ee79f17707

SHA256
553e783fe509dbc7b0841864ae7066713c469656ebe50b5c2d41e391f9f81955

SHA512
a0f1bff275975f3185d3704a80d513dbc1720bbf4824cffa21f1f0bba724e4728cfaa90d26965a5d1c60c2ab8a4038799b1a94f920048c742cfc5d4da0e1c870

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
74KB

MD5
229be82dff0f2a61ba31d5fbf2a1e15c

SHA1
18c50473fc160ed843e0e6259a0a81b091451c30

SHA256
a23d37005bffa340555c20ecdd30e05c0071693798861c57fc146138df842df9

SHA512
da1bcdaac71c6f7ed79c0db55a0ee52cd714c077c282bb841b2c442ba0e2a6d49a9b6410f9b2b741868396e1b7da5a89977da0555523968820d5e30c2970d545

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
356KB

MD5
4b0229f55213ccb7c6a4c2b1251c1cf4

SHA1
fd1e714c44ef2f289544614dda220619d93741f0

SHA256
e39c78ad7cc44745da3b0a5380ad87585be9a530a1cbf9dfa552d67afd554167

SHA512
73568c85bf013771279f2708955da9651aadcff05c00b65915653239316507af15ff0c09591b968c83c53f24c48e08d0545273cbdc1694eb4f9a71249efd9882

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
121KB

MD5
67dc86b484910cf084471c3356e5fba9

SHA1
965975f0291908b514c944ba3463bee59be9f791

SHA256
49124d706d1e65af6e831d3cb2460a7b5b7805b62b48d5a479ad4068e8811c39

SHA512
924f6b66de21809750eff937c89baa5aa93bcf703226c50ab6f76c8d2e3ed14202e6a0640761799d956c8e7cf8babd0749f7d308d15af779e4cdd9e7f369116b

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
451KB

MD5
84ce85343d002b708713b3ceca1bbaa8

SHA1
d24d1d31d8464252ba139229df89129896a44b5b

SHA256
6d8309df5b1d2483984054681ba7799c4cdb42bee0745d2d53536d2e76166104

SHA512
313427ea18e28415ae737479d31663bf7187d5db92b0a0e6e25d2d4d3f821b9be8a47f294923adffaf00ff86d8fb3d27b009ab218b712f97ae0e6d60bbcccbf2

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
361KB

MD5
cd9965773b0980d44b9af346d07237ca

SHA1
d9c5fea737d3e92fa87ce3eb30dbc5e891471826

SHA256
2fb8162dc3273bbf80eb427ffc02cd1d5db95bf4361fe69fe7436fd3855933c7

SHA512
72c32127136e8f72dc596798beea2fd02408db16289093db375ab136892f67be2e17e93b0d12e523d588790628a298f3a3a48790e311dc1c6910a6873056d435

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
285KB

MD5
bf58f07a3ec017b81663b9be01e47f06

SHA1
c41cea665270dbb86f7ba4390ce2abffb2b5a2e0

SHA256
cd9c5bb523e020eb23061818c9e9e5d443748ff814af30447d90657cd97e8071

SHA512
1d439409665811a923e702dde5e250f4171b489beed532ec3c746ded0c07093c310f946358d15d7015194157b4e69f9bca9f54b66388f7b71a2f0828556c3d33

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
62KB

MD5
dc2ceba41fe2080700a592ab5a0f4133

SHA1
804aea7bdb5ddfb5c81b793222edaed42d35ab58

SHA256
1fb8b5e2d3e9193c30118046c64bbc1b553bd39bd9048a2547776f3a0ad64801

SHA512
e410525299c158a606692d8607124abfed752e6e4099cfdab4340c09d56af5862b3b8d487faeaac023c4628feded993ab810df69e6b5859b260763eee03e6eb1

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
69KB

MD5
f033ec1f790cfaeaee208d8d525f5d68

SHA1
a9f916d8914ea27992ce230819745191089c8466

SHA256
26b84acd71d7572b2a1796575a38fa3cfcd0dad5b4dd49a0470c5f3321ce87b0

SHA512
46cc9c9f1442ee91b690e92ca40ee9d12eda63738660994e7c3037a579f081a6794934ae607d72d563bf56356b77cb74757eb3db99287f1bb04bba15d8b02f82

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
69KB

MD5
052d1b1fbe5d1932b9bd5ce9088fe082

SHA1
6e046e5e08ddf2123a3cadd96c4f93f1e8af1817

SHA256
d260641b9fce89208592aae05e77a1a9f2551e45373c2169954fc90cf9647835

SHA512
3a98d7dbb245d805df7a3d303eb8d5b107b069e7d4e4e00cce9958c33f3354621d3c35210e2ecbd6f6b294a7b7502432bcbcda54e25c9384003639e60b8d9a79

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
287KB

MD5
35dfc2a9cfa6e3ed529004b6a80ddcc1

SHA1
81c46385181fbd568c9cd8c03ebe012b1f3b71d3

SHA256
acf1400f0f0a20823f20817c9fc81c340151f15922dea9ed9db0566db96c8601

SHA512
002edf19ca5f6f38f4bbf6b0f0ab06f346a4c141bdd21e5dcc6ab03d8ca49c048ad8f114115aa7722d710f43a797d5f70371c4375309c92db2b2be5212b13efe

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
441KB

MD5
844fa900930b78cf6a6eb98d5a17cedf

SHA1
d7b3542e218edf7b600780bc83da060a333fac8c

SHA256
869f2455237bf756d0dd32f1c5334c031088bec882370c24f98ff9f6378ac388

SHA512
a9e3b46029f4f451e807dfaa29e298e7b2956fe8d81d618da938321e1a73d5a71220210d4b9cff0a8c2585f7fb299b9025f074ffa7754b95a1d717018e6e9094

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
397KB

MD5
0c234053aa2aec4a0a2a2b18078043de

SHA1
f90d1341fec6ea27fac34a3e3d3a68dc530bb1b0

SHA256
d787cbabab87610394e292c87bfd0777fabadb0330cfd7e87e5680bba2c8df68

SHA512
e01ed612c3135a5b7ab59c14c2644e7d0b9bdfe0c566cd08b837d38c1cb3ca2b42b284ba7ea3eb082425133be3db4da6a4c424453fdaf3b53f2db5ed3f16a122

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
321KB

MD5
daf026189e89a07e375847aba196924d

SHA1
fb5f2f92d1a772e1f93bcd2d46bc2f3aeb787a32

SHA256
93506bf9ad2bfff0be2a95fbb5c3de183669a550ddf388ccde26cb0fa63e49b6

SHA512
37775ccf8f201ef34258431f7288cb2a35969d489c5016821b65a180a801b64b0617945624b99f24e35e3e83b5ac72951102db899d10331bc9a07a6a650eab65

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
18KB

MD5
0b269091210ba12d4e3330d5324cfb0c

SHA1
d7fec8eadc951c683468179ea3a2af3337ab87d2

SHA256
82b2a33bd5741703f0c1c33597debb52d979c030376cd22cadcda33a4ad69442

SHA512
1f77132b82946e147013a173a706cc1d069fdde6fcdcb96e3c139a3d5a877f3fee99f68e239246eb31290e2d75880005e263b95b0ad6f012697d6179fd7e6967

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
248KB

MD5
b55ebc2cdb0ffcab4dbdc4ee739ad8d0

SHA1
05e62c151db47cb038f7e66f4836e7a1268b99dc

SHA256
1e7aff958fcd1f73f462ec96ef9642c42562212141abd9ed8983fcba809f4a4c

SHA512
dad2e4a8467be615309f216deb60a1639d92173ca412804bffabc59c43a60930fe72fa7482856030fbb3d195c5432c0580a7a4ac8575708a5836d7542ba159e8

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
82KB

MD5
709401284d957e9753854044c237ac35

SHA1
0285ca767e97033750f34559f7a09e8ad72423e7

SHA256
2de0681a6a46a56632f8e383e8a9c6c231e1645f7e03b9feef063758fa76b52e

SHA512
d3fbbae49ace36220e5e599ee5be7b1f1f19625e9abb6ee55f8a850e7b44837aa5e308471be9c6a23852c608d92b0521ae22d13f08830d5ded1ff82f5b0ea539

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
35KB

MD5
b616fc2ecd881bbed95650ff87fc3995

SHA1
357f071aeb74083251eb3972b24bf5b167511105

SHA256
3a7163f898a52d050af85476f21015cc61b037d48f4c0088c96de50fb7812537

SHA512
795ef8d6471f553909fa8b1b79062172820f277a07d96207b971695cdf000840d4c1f445945c3aae70ea7e83596bd3cbdfc1d9d88c6f5639692722900fe9c83b

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
298KB

MD5
ed5ebfc39dfced91d7cbdbd43495d2b2

SHA1
3a9288e8dac2c6378d0aa28b114eb0a6a03d80cb

SHA256
a1d2a95e807d03627dc8908f607bcc1362e2cda6582f285a25cfbf17906ddd8f

SHA512
287f03368b24f1a923ea30b1b37ac7c86c814de10a365a6c28ce44f759813825a1c4e19e2fe8e5f16b42e9ed9db58d80be268853a8b212da8724f77f00d622aa

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
131KB

MD5
cb847a9e00d0f9bf5b553f9698656dc1

SHA1
b66f6affc13415ef8d464ec7b50d3cfd0292cf7c

SHA256
76c5230057b692ec1676f1539de43d9a8269f6c4b9785cf3a34b1168b7a46115

SHA512
b22e626433ce749511b00192e85bc6f03f91e515722427b5e4a13000855539b7a18737787e49589873d491bdab181e1981dd4922d5b1af6e4360822c0b94a879

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
88KB

MD5
f151a15beea8b1d72a6aeaa62af12d1e

SHA1
169bad951516f0a165026866ef3c8e8096ed6bb6

SHA256
ec115c94255941d3a8e7721e040162e8cc1f5146f3f629c954aba1a401cc8af7

SHA512
e1189af2597711e557dc08a2c5be69c6f48750dfa2a4d750a3493eb50a78a5e2d0edff18382a22c3854aaaee703379e97c0edcebcc7a9720e72c4e160561a579

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
73KB

MD5
eb310d11b066c093d22337a0d8fc06e3

SHA1
1737a1588906ddc1faa8f3696ac7d45471e8a347

SHA256
445c83be1bb9395ea04a4f148704cacb411eba1ffdd67fa76f54324569988a26

SHA512
45a4fbd8c7467afdcf7b37f834aa01421ee8c0e78012bd5b9ccae446f703a388a66b24dc4e2e8ee279a21c128d9756da45968d15156e6793659662369bc50adc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
117KB

MD5
56fa53433c168f001a8dc7aadab84b59

SHA1
052379783a9af3aeee1f1bc41c537550eb30a9c8

SHA256
3b91b3de1288e32a5eef7c9862e359efa1523a0ef640f6d51610d5a7d0133e83

SHA512
79ced2a60b4a6884c3879050b0d1c162fb14de5bab25f46a785e359ba799ec011dcc750bc94b0edf9c0bacccb491bb8a2e07af92e871b8693671e8fd7e5e6251

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
131KB

MD5
4155060bb03674963cc723f14ce59eb2

SHA1
c5222a04d8911739635324a54ddb83849e4b7000

SHA256
87d8ed81c9fde20be1866d4aa67866fb2839c7bcbe327d0c6d0de8fc0428941a

SHA512
6a6c04f4ddcf251cd7e3cefa32c68b6fb28ea15c2f4f17ebdf132e1f21bc67592c3104dd7662deb1ec0e1303fe6de3126806a8186ca4afbf79a04d30e18b335b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
75KB

MD5
e8d6b634bd39105243cbbf5dc9c037c9

SHA1
1d4a2f5ebe041cb6963785ce23fe3a55de0f355e

SHA256
330cefc4330561e26830af5146cd37946f0b568cc038268abf3294b40232f356

SHA512
74a51d88b8e1243b507cecb07033d7859e8c6bda20d243b8bce58b1d33060aa001437e5e0f5ce740da17a7aab420364f9b71e548d47d0767df20158747d94ba8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
38KB

MD5
809e2f3ee362533007e7c0269d92c975

SHA1
fa495064234b2e6d96265fe3d6f3afe65ccb772d

SHA256
5d71e98770b4fb7f95af4e3e1a03938c4314ab3092b67ddbb4d0899986541bf9

SHA512
6f1805ece4721ffb40d5984eb8a1f9bcbfda44dad56c99e467a4fc4fa0a9238fbcd7cb5a511dd0e1729c4f6287d1885bad78b3bacee7050f187ff626daa337f0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
96KB

MD5
dad64f8b0fb19bed12c5f4f008dd0479

SHA1
df40acbbe07a312d8f56d5f017ccf79aefc04f2e

SHA256
4d28c155034da8ace703c0b394d04986e0ad52cb2e8122f4fdfd8ccc14de2ccf

SHA512
78825ea669e1ba8db35fa7afca8c709ca20c5b10e2061adb4ae4fe5f9f1e9ea567b7072d460d7f6ff062ebe498aca5cbbb74b2f4caced3a0f1a959dae911881d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
93KB

MD5
d0cd580b0e5a228a99c52f357808be65

SHA1
79386c58497124a7decaa620d2a79092e47caa17

SHA256
04e914893b24b6deb2adbdeaba5458bfcaa279564dcef73621cbffec7ccf3d7b

SHA512
3aa0b376099c8067278c4ba92bd2a89d7fef2c4f18fa31694aeafecaa9cb964e7d110a55f76c42b41529323375e9a6b9a95e3d73232a96ce7febe8462b6a2d2b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
76KB

MD5
2b88f9c20e8ca362554458496b5150ea

SHA1
f344dafa7c5c4d7a76370b1d9cc4eb8b7c2f834e

SHA256
01417b651c037a3e4f79f86a780abad269fd1dcabce702feec661708684c4577

SHA512
8b36284071968eeb0c2f55ce41eb71118b01b68e26e038ef080c346d4f4537b9f9ec7ad111d84b21481724d49af12f1d13f92655110e23221a4ba58408985dfb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
64KB

MD5
2e6df340cc5a420a7968728cff74fd0c

SHA1
3512a1311fbe71d698ad7a4872c8b64b8880f0c7

SHA256
5e4cf8d222993f13e5ff0045e5dcd80cfdbd587f372d57b1e837361d42e24345

SHA512
41ee5618681a87face1194655fd6f4ba4eb67353acf3c34a0ff51947bd4c2093a39b639f63648c9ada4d33229b79a6da0723876f9fe5ccbafe6f706d66b4a45b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
81KB

MD5
e2d0acbb1909a1ede6c65858df9779ee

SHA1
b8a80d05188ceba541633e2b558c7ada4beed6a7

SHA256
d1c5ba382d65a4f9f5125081c61d544814e4c2f83254c4877232e928d4112eee

SHA512
8074d4ed84d148a8bd0a7c8400293192e8ef692552ad7c2815af06ed0f53a3441789565e85cad5ac8303014b03e5c470fb6498487f0ae377a6d5acf59cf166c4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
68KB

MD5
4cfe2afcefa61852a56d4110e6c3131b

SHA1
592ae064e186d593043ccbd2f91105a7e87c95bf

SHA256
70cc8d8f03abcc810fbbc6d1273549c62ec93166b86a34db3f3c34e8a8e8f6fc

SHA512
bdf4b411fb9ec2dd4df2d3f08a9d39d4728eb7be08647b6ea1e645c34477fbc3935d74849d88ee8b3e307bce3eeb7801eda2b720dafcaf6393a01ebb6bfd9441

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
109KB

MD5
218e0e79babb0088010e2b55d3ceb959

SHA1
64f8376d7211ee28a8faf6f4945ca7571eb27086

SHA256
aa2a04966f50d8e607c11654f70ba1d3b0036537c08544ab8018d20f3d4a09b2

SHA512
b4c2f2bf69f96207a03cc4ac667af0dfa49a264419846ce101746759eeb354a1c1976f497b59390f58a8013f6896ceedcd8104eb5165e05776380d41ed5c91be

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
96KB

MD5
d919afdc2e24d60f5a781e1d3d5198d1

SHA1
9268e6abf10fce4ba701ba37684f8030859885cc

SHA256
c9b75f24a3b871f08e86b397185ca5b8641f069e3ed3b39c5533bb4e9ab8f1db

SHA512
cb247dd1973737fafef737d377ba414edea2776d93c33a2129e34aa9d73cceaca85044cdf630735cf8f2ee4ed636025f2ac141e19e06524d324bd752e2f8ead7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
99KB

MD5
334219131ac43fc95a8a60fa4c78c53e

SHA1
be575cecefd2393500c03b3ce2e3432de02b5ad5

SHA256
cbcfb2cdbf90ee370a82e6aa0a285abd458c5f820ad870bbbe920d8f0081d19a

SHA512
2645a0c98b51509c47a049d3c50caf4b6139d6676fe71ba3b598770d9c4347af9a99a9432653ae2d77497ade94b705fe00b9a24eb5cf0481fef9100b74a061a4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
61KB

MD5
1c0456fcc1d0f30065cca41983b71c0d

SHA1
34056125fe1849392192c6c611804a5e059c63ce

SHA256
e9c385cb74c79bb94d6a68f431e00e9029a99889b70b43fe6c49a22a03fc5305

SHA512
61d305b1f5b3ab83345f15d26e0136cef66e37cac39d4b7ef83df57d6a27e5298739e4e1519ac0edd2870fdb730f6a9b5cc7a1cb76d1707109046c18865ebe6c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
85KB

MD5
c146743131d040730fd6b6f0cfd7eae1

SHA1
8707a651c914796b31c5d957feaaf59bcccb85d0

SHA256
5d92c597592bc991726f1cf4299ad4b63b1ceb0d636ff424653f0c6ac727462e

SHA512
717d132e38cafd93d37d79868e26b0a26a49867bf2950b49a19826505cfabba4b3811fd1a5b1f0abb25fff1d0737d1015fba466ee5dcf600c94378e5d02af542

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
73KB

MD5
6fc1b6d8b57d9ba314b93e72d6777ed0

SHA1
765f86e0c3666b6995b123906459018f82d0da24

SHA256
dd2f4532edd8b1d847b5235c5c2f89749d1201983b54b2e4c6e273d415e0d713

SHA512
6e2a7ca976db7b3bc674c0ef9663bea8653f9a506c5f0b01b922ede9bbfab544e977beec891e85eda01fce2376ec9bbfe27c9ed27cd318301e880bad716fb93b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
55KB

MD5
55f029d53cc06031c83f683c7649c26d

SHA1
159fd38193a60a67ffedd6af1b35d0504066fa3d

SHA256
feab0b51bc93ef311b4f4aa598346879a3d36376dfc5c2a09ab42bda73c09c29

SHA512
d68b039dcabf234e8fe522f7fb990e476f10b318b51399c1c4967c61a7467a3a726cdf7f4efceba36d4aff19fe17a733fb929fcfe4a4f997f953cfda4e60499f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
59KB

MD5
eef46c6532c8f0acac21537569982573

SHA1
fd044e04ade6cd224af04755938f91de8a3348f7

SHA256
701f31efe418a1da1b924b09fd23d4a4f5bf863972f7f1c45348a3c5e92fa2e7

SHA512
971bd0340d0d97249a75b872981e98b1f55655be173f4f69a83e6c112463ff8127700300c0662895cd0f9c11ad58754f725a646a75888a27875db63baa2ce59e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
128KB

MD5
28b62d9aa5284c4be403a3e6d33e91e7

SHA1
10ee60128c8618e33a62b0868f642d4d03a24b9f

SHA256
d93ad4e8b5dd61ddc674d05ebc4b9c56c5e83ef108ba467925d29215703f1342

SHA512
8c952c5884796f012d0eba0bb024d2373a52b213ac12d8e592fb09ff50386822f366bc3a340a8d14caeae0103b0e81b2d22b5a28856bb390ad74007a398e717a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
64KB

MD5
e7b5f097da5312a1d95e141c03124d27

SHA1
a2500cedcebc59a61f5bdf49d1f97e4fcd916b10

SHA256
02b9a1a50dba672ab274b19ee2a2f9837d9b91777987ec391623d332dfc13467

SHA512
0f2d8bde2e666d4f65a7eba28f21bf898d6773044e15d93eeb46eb575f5ea2866923879976b53df4749b8829dd65bc85ad1614711a4abba0ee7f8934ec18a965

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
57KB

MD5
3846895fd9ffed06c4b23c0f64916444

SHA1
5b0d0b841163789221d18c9af98a8c07c80bbc1a

SHA256
fbd616633e35ae27f1fbb8bceb43aca204208d99d61c1f6e66d5610246aec642

SHA512
c72c06ff88f6c1d94fce6911aabcf3da16ad55aaa29f9d2c8e2c622d5e4e600560555d269a506c82aa550f5531e8909494049913a69c9eb32fb495b63c4b3265

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
225KB

MD5
8be3999bbaecb60d8bfe8b9f6025bfd3

SHA1
1edd8301d6f5ffe5be4d910591acef58788b455b

SHA256
0fc38bc2b802a466c6f87a5b5f8117f43c3455b004030e94db1c0c6bba59a271

SHA512
33f6d56a19a2f342b7e42fcd080f0af7b0f3bddba8cad1aee6c209af689ba61ff07a9e56e59a06edf35c92ca9cd153582d29e08a381d31ee8ce23ca5a4247268

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
351KB

MD5
d8c3c42f98fd403022f34cb725a1119c

SHA1
83d06082fccd0c2782a61a83c1c8e6157ef49f6c

SHA256
f882026165534592bf131e78bb5d18da14c8094c27c77b4110bfe9733320f6f9

SHA512
e115984f9ad4d94027d4a8e12c902a17a7fb779ab494c802edd1eb2317e5fdbe50e21b33c7c87c575aaaeb7ceef13ff0c521ebd11ed923b0bc0e808689a8635a

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
f6d7724a22e7c1e73165258fa717624c

SHA1
09494bacb8d6b2ad0480ba7f839c7b401f3a5734

SHA256
3b170fc876e83899cd21bb4f915e310ae22db130ece8af8bd688da4f6703e050

SHA512
777976da56159b0c17d8e53eb214effbdba1b0bde32c03f3fa9b36c1db5e189dc68e4a9fc14650e3801cfb4cccbd838138901d77c6ee6aed59991095b9195a65

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
d7ac6642a53c0a9c7bcbfcce2185f85b

SHA1
00178b7dbfb3ea8809da7e2ffaad00bde57a5730

SHA256
a50ed91c7140b65a974553897058b79e463dd8c27912741601656038537095db

SHA512
ff65ab3a4332291a2e4477c726593c9c83d1a16569ab2c8a4b5e2c45d3d2ef7366fbe96d048d3e97af3589a54665fda57d225d22b2a89d1f7fea2b41cf4bf125

Download Submit
C:\Windows\System32\Locator.exe

Filesize
390KB

MD5
24cf2611e0bf590fd94f8108752b82ac

SHA1
e5c29c0f345d5dd2ac953ffb528b4765956539aa

SHA256
3d3cfa576f4ea1d71b868835e2d269fd71d9bb806f60e30b86ad25888bff1d5f

SHA512
0dc6ad50a03b6d972209ab2c3ac0ea1321f02c0a46652d6dfa17edbb47bda259766e75677a54a535ee13a86bf91ce1c33729ad76165062d793edc107c73ed3e9

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
214KB

MD5
2767fecefe1c5956c41101b08babac69

SHA1
3ad0f8ce8d76e99a6ecd1f5a64823a2873b9c257

SHA256
11585183a6d822613802952d8bd57c3f3200b18e6e8c17957eb62b868aa5451b

SHA512
e3b937ca038858af0c9f6e536a1dbc3912c0fee1691bcb119bee2d13e79e3efcbe472b5edc9aa3937d25b15ba48cec78d94713644ec368308e1871b2a45e63e6

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
192KB

MD5
3ac3b5637a8641abb93536b941e15573

SHA1
d0ed0bed8f9b5d5ddad7d8cd64f81b85392eb67d

SHA256
aef98bd7dd54af010c4f7703bb93c911f598171754892fb73fd8c31e8efb82de

SHA512
ac1f19fd2d3a839bc085ed8a474f721150dc18ad042d215dea791e9bbd4b9b9ae4eaf920764dc471c89b243c1d7ec48675905b3bb8c53dd62f55b0ab81e34abf

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
257KB

MD5
93c07afa676d2c1845df5f52c9d8cce7

SHA1
ac4bdea859e02e74b16e73cf9d65a70ea7be1fbe

SHA256
a857018e7ed25cc91ef19914461303b8f035f768e114bdac02a5c6d82dc09f57

SHA512
f45c5758269705f6faa6c269a81d0ae353ba4ccc8d8ee351ceebea376aadf52fdddd32ff9c7babea0fa8f31a81c271e3d17533898bd397f09daf2cfd7ea10ec7

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
275KB

MD5
8a03a3765e29ba196175d193f42f5cf0

SHA1
39489ede2be040c1a8fc79b2e5ebfac4683768e7

SHA256
b03d17401f086f3d1f739a63e4821ecd3b767de3ffb56cab21652a9c2500fa63

SHA512
3332c07d885614cac224262781e626e62ba677dd7be35f88a1eaa72c45f84463753708c64b2928e26e6e11aeffd184036a4a5a7d18b69d64a970564d4f555835

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.2MB

MD5
b79db895e16a857d90a2637e13ddd0c0

SHA1
20323713256c8fd1b696409f6d87a36aa267af02

SHA256
b4316f9260ca26fb6e749b4101fc39200ad471ed3afca5a7be61a1b2eddeccd2

SHA512
e54eb2510c6bd77065c28175c446aab6aea9e0a8a3ad269642e3178cbe0979551e2e1d4d5cf0e7a1c88d5d4b24893f55e0127953072e2700d73e1bd0d05c4c0a

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
328KB

MD5
7a1c4f4549bf0040c16dd0626e5aa7ea

SHA1
c7001a51b24ae55df1b36cfd6440b51c38747196

SHA256
4b12a447561938bbae41ea8bd950ac3cc53e83aa96064e3578d04da866ad1100

SHA512
a69a9639206d03fb9c6cdbd3f489e7118c42d5d8db41b0408f042d59cb22d3a45abc5a34446a48ee2ff3c52925b8236499c7dcaac8a5e945fa1953873346d57e

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
16b1b293c59552acdfa3f2aed2918d9a

SHA1
32a372cfc59102e47503992c202b864c44e1263f

SHA256
879fc5703206441802f0c11b906608131930783029f3b28fa5a631a569ae4e5e

SHA512
6dd58ce6c03633cbdedb1b95b1b62657d455917e112f996f0f220749e3145c539dcd17bf2201447d38bc9b9799aeafaa970d9cb1faaba3faf1caa41d7d29f2d9

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
704KB

MD5
3e1351633df3abf6501ae7e4654f1f60

SHA1
4fed188d06a2edc417290494b11e6786c5caf2f3

SHA256
a5fb37df81b13881ca3929c8dcdbb1ad9b82f9aea4b7cf0b721f6df314e8e216

SHA512
b36a58cfafdd9dc18565febced48d0265160ba3808e433d9a5a0187c9133fc31c09b435847e9f5e645a685b35531f4435c84e5024a61064a624f654741928b67

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
48KB

MD5
875c3363a5806720ee331fc00301dfaf

SHA1
1635007aa4d54fd764f475fd4cc7b3e055a579ab

SHA256
2eb861c6f29b32cb223cad4d9a45ed195d16d4d43212b6bda7d4405eff8cdd32

SHA512
a19388dd595a7f23d4ad9a9b6a1d3ffc2a714e8cdec88532bd38372c98d6d8fd1d1d6aca7f2fc1d1dcda44aee8deeeba908ded76ab69151a26b0ccc369b5875d

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
57KB

MD5
4df4568fde6f673b0d82cf5b9911b057

SHA1
5b1ebb9ca4495470d7105bce14be1889fbcfe8a9

SHA256
467be6e9b6a0d657c9c512bb5ee626ca5fa8afda51f3cf87c64104965c06816d

SHA512
02881e43f7f93fb0bef9a915ac3f7802ede663ece854dc175636b667e14189a87f5c7411ef173171ee165f0e4e95ae82eb8849ae119db8c53dab094a0453e68f

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
98KB

MD5
8b0de7f6ea61a19a0d6be5d1d089c848

SHA1
0778bdc8eb75bb5edfbb01cd6c1691429a637df9

SHA256
37d190cab140b5a7ba237de823c1c28d1ef0555a7b33dda852c60e3106c448a1

SHA512
dc4157993114c059594882208756c46eac580570469f8253165db39eb622968fe5b732463eb05bff47b3d53ce83a323ac3b626947574155437ea4267c7385ab0

Download Submit
C:\Windows\system32\TieringEngineService.exe

Filesize
77KB

MD5
4b4165cae7a665d116709ee38da21497

SHA1
c69473f0c873c7080400dd248fce650168d50b93

SHA256
816ac4f89cec444ca4a66c214da64bf79b22c2faceaefafeccd5a61c3de6e1c7

SHA512
c980b9df926bc38424e4bb43297567a0a7b3fbf2326799ad3c8113eaa12bbc0609513564fe3d47e102886423df68134c1a631c64cc27890545fdedca9517c193

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
107KB

MD5
7c1e8d949f9c378c4bd3f6c7c93e627b

SHA1
be0934cfa14f740803f07026d32ecd2e24488fd4

SHA256
28827684faa036725a2fe9cef295d0793f0d0fd067101672bafe24bce428b9a5

SHA512
0caf9d9860f6740b7bc21518752cffd87cce9413704dc0e7b7fb9e8ddc28e7be4f43103b457f099d7028fa34607c73d689893636d8377056ad247df8774439c5

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
148KB

MD5
d53f13ecb00ed825332fb36995ac5f51

SHA1
8d4db602c8362f1684deb4d98964fc74c6f558df

SHA256
70a2b9e3c788d23a3def7dcc4b85a507c32ae9e2e38b9e7fe50ac3fe60d6989b

SHA512
6a36dd26ccd61bbf65b00ec8603d0751d0960b06629dc7271c15d51933626c70ed3b2c4033e2b1614892e3d9381b4a71a50fbf86a62fc88996abf1e5086ee038

Download Submit
C:\odt\office2016setup.exe

Filesize
151KB

MD5
00ea3066a3c15745c9fa7dc707d2df0d

SHA1
a75ae5c2bf4424b29f1f63b45b238a59048c4d22

SHA256
3117a3022d16d3bccc869c217a26b1cc6825c2bf99a9288dea77557fe6c2e514

SHA512
b6be65583ffe4c33df033c3fcf8d63ade53655d904f6745f026eb6d2f7f207f496994c9d7ea6f17e3294663a934de34dabe035ceeb8de1a10371aa056283a04a

Download Submit
memory/780-22-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/780-144-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/780-13-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/780-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/820-120-0x0000000000CC0000-0x0000000000D20000-memory.dmp

Filesize
384KB

Download
memory/820-190-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/820-119-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/820-126-0x0000000000CC0000-0x0000000000D20000-memory.dmp

Filesize
384KB

Download
memory/852-7-0x00000000024B0000-0x0000000002516000-memory.dmp

Filesize
408KB

Download
memory/852-355-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/852-1-0x00000000024B0000-0x0000000002516000-memory.dmp

Filesize
408KB

Download
memory/852-131-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/852-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/884-275-0x0000000000520000-0x0000000000586000-memory.dmp

Filesize
408KB

Download
memory/884-268-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/884-210-0x0000000000520000-0x0000000000586000-memory.dmp

Filesize
408KB

Download
memory/884-205-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/976-106-0x0000000000A40000-0x0000000000AA0000-memory.dmp

Filesize
384KB

Download
memory/976-112-0x0000000000A40000-0x0000000000AA0000-memory.dmp

Filesize
384KB

Download
memory/976-118-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/976-105-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/976-115-0x0000000000A40000-0x0000000000AA0000-memory.dmp

Filesize
384KB

Download
memory/1892-253-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/1892-192-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/1892-199-0x0000000000BC0000-0x0000000000C20000-memory.dmp

Filesize
384KB

Download
memory/2296-160-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2296-93-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2296-94-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/2296-101-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/2380-270-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2380-348-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2380-527-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2708-523-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/2708-522-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2708-248-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/2708-243-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/3128-151-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/3128-146-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/3128-143-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/3128-156-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/3128-158-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/3432-241-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3432-183-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/3432-174-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3976-133-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3976-130-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3976-139-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3976-204-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4072-515-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4072-235-0x00000000005E0000-0x0000000000640000-memory.dmp

Filesize
384KB

Download
memory/4072-229-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4072-520-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4072-521-0x00000000005E0000-0x0000000000640000-memory.dmp

Filesize
384KB

Download
memory/4296-478-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4296-215-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4296-222-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/4596-255-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4596-524-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4596-263-0x0000000000560000-0x00000000005C0000-memory.dmp

Filesize
384KB

Download
memory/4940-161-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4940-162-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/4940-170-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/4940-227-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download