f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/01/2024, 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
Size

1.8MB
MD5

e4903c4fb68b63a5be0c094b88d587e1
SHA1

4aceadbbeee51cd52cae594aca98fc71406154c1
SHA256

f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e
SHA512

f1f3a5338fb62ab1abc218de5418f7f1a681d884fd208c1e112c37ecaf2a5a5b26660257af9ca3e209a9fdcdb3fe617dd137b5de9439fb1556ed0ca6395ff1e9
SSDEEP

49152:Ux5SUW/cxUitIGLsF0nb+tJVYleAMz77+WACPYayvYNhVes:UvbjVkjjCAzJPP9yvMVV

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 14 IoCs

pid	Process
1568	alg.exe
1816	DiagnosticsHub.StandardCollector.Service.exe
3300	fxssvc.exe
4936	elevation_service.exe
1328	elevation_service.exe
2124	maintenanceservice.exe
4772	msdtc.exe
468	OSE.EXE
5100	PerceptionSimulationService.exe
4016	perfhost.exe
4992	locator.exe
372	SensorDataService.exe
3288	snmptrap.exe
976	spectrum.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 30 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	alg.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\b0082514007a37.bin	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\system32\locator.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\system32\spectrum.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM67D2.tmp\goopdateres_ms.dll	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM67D2.tmp\GoogleCrashHandler64.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File created	C:\Program Files (x86)\Google\Temp\GUM67D2.tmp\goopdateres_ca.dll	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM67D2.tmp\goopdateres_en.dll	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM67D2.tmp\goopdateres_de.dll	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File created	C:\Program Files (x86)\Google\Temp\GUM67D2.tmp\goopdateres_fr.dll	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM67D2.tmp\goopdateres_th.dll	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1816	DiagnosticsHub.StandardCollector.Service.exe
1816	DiagnosticsHub.StandardCollector.Service.exe
1816	DiagnosticsHub.StandardCollector.Service.exe
1816	DiagnosticsHub.StandardCollector.Service.exe
1816	DiagnosticsHub.StandardCollector.Service.exe
1816	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
672	Process not Found
672	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1212	f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
Token: SeAuditPrivilege	3300	fxssvc.exe
Token: SeDebugPrivilege	1568	alg.exe
Token: SeDebugPrivilege	1568	alg.exe
Token: SeDebugPrivilege	1568	alg.exe
Token: SeDebugPrivilege	1816	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe
"C:\Users\Admin\AppData\Local\Temp\f5f59ca077602bc5db3c61f3a1fa2464865a8f006eb2a6192a519c136c4bfd5e.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1212

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1568

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1816

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4112

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3300

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1328

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2124

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4772

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:468

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:5100

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4016

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4992

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:372

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3288

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
b5c02f3698f47bd618f43ca82c4fc60e

SHA1
61ad396b0469592f08a5b8210cc4ff74985669c7

SHA256
8ac8e2e48c028ef9978d16f44b53fc13fc41c618dad36728b7f1ff4b3ee1e8b9

SHA512
4908982f9868aa702d8fc7d452091ed338b5a19a17184aba40ec12d27f907b580771c416814d4ba7a5231218674ab5190c77a37d5ebd6459613c466ddd12c357

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
5f9a52da445eabdcab235dfd75606a73

SHA1
1ae3241e997257f69af934cf23ae6d2491678b9c

SHA256
dc42d3b1214e55b3ffa3e5e5cc5568a8440f334a0db9b02301b9cecc04c21ed8

SHA512
fd0387ea3fd257a5cdcce903dd4bf339dcc014bdc8d97411ee3a37782907801ab7deb5136cb62d02b9d1635a76566ea0f03750fdb372059c2dd70466e4475228

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
782KB

MD5
65bf01e1a207fe9a02d85c9c7377e58b

SHA1
9877ff267a4c291be31e48a0cd8ac238e4159aaf

SHA256
4b739acd8130f9c96fb01507ee181438f0873c7ddfce71a907eabcd62b123ba7

SHA512
31227dcdee8d49a7137432310a655e90758c236928df133963d3157fade908f3c9c317741cc00742dfe6fdbd10c7f54f9acdc7ba0376eae3fe62b28d3d652a24

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
183KB

MD5
211c2751d37018ed88c8cfec999ba279

SHA1
f9ac20dd585d1c963e16ed67c6b0e1c401f9ea84

SHA256
28455ddf711612dbc1748b883bcf061d361e693809f5994394beed5050b025d6

SHA512
764a85f3af18f8ea5e33d81833dbdde0cb3c7523329105f52b0c7b5735174c3efd16527416dc8e0acc0e39743cbac4b14cba1670b42759f173aea337415872e8

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
167KB

MD5
61acfdead809feb7b0f3a77943a0c002

SHA1
782b9cb2870a56b6c687189ad46b579f76737ba2

SHA256
7f397f620d04e112476f9391b339e887b268b14692d1dd538e0273e6124121af

SHA512
4af6a07b43fc92114e31ed662064d1acb6f57ae2c36a9a469b0ee66558b8bca1013b2ccce65a23aadbc8ea15e1b4f2715d35fe7e2af3350b88ebd44540f1bc46

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
735eacad81322fb76f8f7dc1dd713c61

SHA1
64e3455452a7bc828894dc3319f016f38612bf6c

SHA256
34d9595275942f8fe6c23e46e24f31e73e411636c3296ef83cec36a76ab97baa

SHA512
c3a6011b0477407d5f346392d9fef4d65c94fc7811947e5268c8b09815efc8384aa15e6e19cf8dde38940fe726fa02a6172897b9cd3a6f094ec2ac7e05d74240

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
7f1554c6b97c01e5ce9bb66decfef670

SHA1
d8fafc88b1b631191dbbb8e837246ff598f66041

SHA256
1302032b8ccd28c96ee4e5b2cb49f4c197773c63a52430389b5f5e6c0f21a718

SHA512
798a32d7423f4512b2a04ce0bad90c7aaafb0ed5629e286bd7abdd65c7fa5418437a2a11720b90f4bd3bf985c20e963a5945f52627521a7fad42424def508040

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
f817642bb43dd818d164cca8854644e6

SHA1
1f02d2f87f820978eeea74e84b53ca44091bf03a

SHA256
bef9a7f0c9af4e88a3d6bf5b61660297891a9eb7e7d30b1ee1f368faefae593d

SHA512
d6c0e95bd4cd11fbd676152430380eb91a208e620e2106e59623d46e39420f4fb09c0a647c665ea34ba07aef1c842442e36a8c647294dccb73835dc523378d92

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
47802f97060e2b0fe7a82ce80add3598

SHA1
2c1d821dfd54a08b43bfdd2b47d4984de90c7575

SHA256
873d1391d5831a9be18daee965316c6da073687cdb9071452bb4aa2cfafdac00

SHA512
8a37bec7d0476a1ee81035afa5529f79606c9a70675b265583fddbf25d8ae73974675707a99108a9cb505a881402b90739a6ad438fd96a1068f3db77603c8a61

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
9429c7c331595e5b84940454fbb3a72e

SHA1
1d76cbaedd6cb492f33a691c3938959c891db1d3

SHA256
3b3ef22e22ac7ae3a272c0faccf141a84a817e8a3ddb4ad515afb868b8b2f559

SHA512
6124179fbd4a909ee6d4a69e95d3d813f2f0948cbd08b94bd070705750bc85c511aa8aff874705f29a6313b6ec1fc1d53b9e555f24d9294584eff8bd50c962e0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
19a9a76cfc896ad0727a9fbb8c4c16a4

SHA1
4bba5d9dfb3bbecbf3a3cc3f3c32cd9251fff8ef

SHA256
cc7c52c7000260da398a65b8e155cc31b9eaf681784356c8b4eb0f67ab08fa6e

SHA512
87c08d33e17b39c64a5f9802e56c46834f302adf443779c50f358b49966c0ee9db20c14150d192564d7b4f34a65bb394c46e7a640ab5b3046b9bec9c82e3d2b5

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
7fc1c83ee1cfe081c67d4a7fb99f983f

SHA1
fdfd0759945f47373ebaaa6036d7d1eceaaf7787

SHA256
dbf94d0237e7b34aee9e3d36962ddfd09904bc1884e2ea52ee663bef0f0fddf4

SHA512
5a3031a647f233f71a0b4b69a0602bbfcced9b7808acaa5fee773c4bec761535254c2edeeecc2371077f54bb049685770f10fc6cb415c08b81f5a38a8a2795ac

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
9094dc87556fd7fc38f07ceb5022cb58

SHA1
772e972b1009a46d67f8600f32756fef88dfcc7f

SHA256
22ce14268c5fc86a486175be70f9a376a0e710a7fb8b7f6e36f61cad20dc73a4

SHA512
6f4d9b73008c765d352aea2a2bef2fd31be0bb126afe6bb5c8b5338bedadcaeb503757c76fbc2f9b1a64dd855350096367a92c002d8bcab3f3824407950c068e

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
79KB

MD5
2b6df30b322a5adac275b19251e9b1f5

SHA1
5af5293ac456da2148a9fb666c4ed521591154d1

SHA256
299a79da74e0d3ec6434ee6ecf62e417c96bf20f72082db9ef6dcb08b8e35f66

SHA512
468696d6274b617dea295d1d02fe42ca03d0605fa89b76f6549cd830495cba37434a91d4fb152d2c057c777df196afa1e566708520cdb4ac5120871c8bd4894a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
9a933032a745fbe5a23f9b006dab5653

SHA1
a86422f27345275d46f758eac14731c40fee8cd9

SHA256
a802073ce119e936c38467397e57e96c3d96fcf6da09c6959794bb4db5e268fe

SHA512
f4852887ea77fd83f0ac9b3ec71aab8bdeb50b0d66beea0a4977fd5b2d8d858490cc65ab19ba058157a01c1c4ff5f5ffc4fb4c14a8f622e714e0fd1fdce6c193

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
891e80b96090fcf0f425e01a81b4d52e

SHA1
cbac2ff6d334ff44e0a40caa4e2861e19813d95c

SHA256
2ef555af4203d92312b7992666393cadcbbe1c6cf97a64e2803ec723c2f0d13e

SHA512
dadd34a82ba94700e027cfd219bfd3303eeda6925351007a8a497caeb2bbd436111b888432dac305668996e302910b71a1d0d3005699d17ef34f8baa9d4dcc0c

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
7f41f172ede06e1f4a42811fef7d7954

SHA1
7fa3a47a2e70e8e529bb7a44df52c1e5a82be3e6

SHA256
bacd89823f94e110f7f11643c311f6d065164b68060b725a0be3e6722270a1bf

SHA512
d94f7736fb4b428a4ffe2e67accd6977031b1486e446955e72249172d15c2e44e47b7ce948a35ac740e81ab6919b8e792a37768096a20ccb8f8d21b5787dc841

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
227d160087eccfa21e6c74cda6c0c3a2

SHA1
cb89afbf72469cb91553a58e25bf8a14642f5691

SHA256
3aa75b810bc2d08e7cbed38948a06d376122e986a8821b81000bb12229109800

SHA512
056f9b198c77e03e8105324b4ba6471b51967363f6844368d100f0887f1cbc65de6e12434b325668b37c5552f18c4374274daeab21f966fdb03cf5537372464e

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
6d1a75d42ec381a9b859e02e7e6e5460

SHA1
0515fcc6f1c395c44265ccc336175c05803c1a5f

SHA256
241f4e94a14e4b1e49a9e864d23d4054c5a31996b11148d96a46697dd8261776

SHA512
8d1fdf220cfd06e269167d52d637d2eedb0b4c2d1f570524ebecfd3c7c674b9e795228a83e7548f1d835dd1741f6d9e92cc793629098d854cf2c28f64f0ade4d

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
e127fddcf71a75e073e51b82f59847f9

SHA1
b34027f0bd6bd42a0be62816037821beb557a597

SHA256
9fe814787099e3ba64de658a20bca3b52dd3bef7ef47ed9ef9c00403c7e11e29

SHA512
7957dccbd761112f17c46c0aed2e41654b03e1b7d2ecf6a5bb66f0a5aca65f7510816c8e410b50addc26056bfc30b60eef944892078d3d085c2ac9843389b6ce

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
0d4a9a86cea7978fe5377c339878edaf

SHA1
c51f8434146a3f884eed3195e263de66a66131d6

SHA256
39575684619c373f26bc6ee3efbe1f59dd9a43ca62ce493ebf52e97841b38436

SHA512
6f86c308d5a3d91886179e96a4ba19ec045f365ec42fd21dd662a3243722a80e0e8e9f0471a4aa90ee3eaa3f655090423a13d6d507369566fd0d066352e09ea9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
6d0ab28752c3cf35b07934b265187581

SHA1
342640dd7f6516bd5ce209c1f9d9b3db96139d71

SHA256
d2ab22af1a0ecae63d8b995885e526d1f8ca31a994101411d029b38f6b5dcb5f

SHA512
8fcf5f98ded5c4c87a3a25af9506ba99f676809a3b21e4e568076a12bdcd9cb1db578a9264d21f4957538e57d233d199460549222bc9c5c655943ccd80a06b21

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
27c341a521cd1cabdb2d4d916a0e855a

SHA1
6043c3c948d19c43f6586d2813b8f74f008aea09

SHA256
7b044e8b6a5be8bbbf01ebe7d6c805ff95ed470782411585c36c75dbd11ce878

SHA512
031130a5bcf85bcd0fb09ec86b5dd9d7214740147a65b89357d6b8c3a302e4b3a620d4eba68e16d5291111471c14096a264c007ff5e6d147dafed67568a5c0c5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
62c5b57f732130c663994dff2fc36193

SHA1
5df4814362d8d9be0f78ce4014b3738675414b94

SHA256
95162b0c13a45743a326d65e480a2d71920ebebe6f6be9eb53d0efcfe0450a53

SHA512
cc7e961dd3f5f5d4defe44e9b3d9c60e482090ddced1cc79373ac45f721004898a8d79a9000be8b0162a44545933fe1f569a76d12d529f21028c32c6442e0ffb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
ea3cb2ad0f664b5a6261baf3bd3c56ea

SHA1
38294aec9f11f81b9547e1f9cb6808e10bd8d423

SHA256
2c087664501c1c542abc83f040df5a9e15d21653658dff185cbf22234ca8198c

SHA512
1c8dbdb4bae47a60412606b8c422786c71d67d22fc6c383ce345b11be1181a843379b60ffe1425c52772a4175091fd70dd8112ddcd55362b1f484713a2628a75

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
7995a0823c9c26d14a35639c85e4c050

SHA1
297c8dd30c55521b817e38427057f6ed708e3324

SHA256
3cea52b07a662682e6edb4a7415e9db1125952ccd85ae471ce755343c67b066d

SHA512
0dda5158738fed1e629d1db3e3130087c20e50a66c73f66c716a3a65783e5f45a7d59c88cf3f8cc1d0a1cbef7fa4f76895cec5b4c68c1234dfc57afb9edfa067

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
fe34b37823876e2e0610c6cb0320d85d

SHA1
dd1117a601476a5fa6947e9bf382ed715e9ea909

SHA256
342d94efcf556907744102c2798903e0bd9f4a2a3c0c772c8c064d4d14bfe985

SHA512
b881cb02e3c57d9f807fe379f1df8e8578eb11039e028a754247ca94bcc278d9160f5aff06106119ba79eda00d1260b589f2c21f4c5ce6e0921c7b843e57a7c4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
b727b533df4f4c9b02ebc296e0806058

SHA1
8de857b8379d7d88c67debbcd3af7f4a436e651a

SHA256
5521c8f317187145b78a20fccc0a07cb9f31bd4cb0dc8f17464870af1cf3b519

SHA512
75e79f13f638a3a620370ba946ac6133739fb1d3bf3bebc88fb9549bd458738c8f246064d6285cc055d1e77120f30f86a6adc1c0d5e3035d293126202f99a2cd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
9a721c9aa9df06df28eb041826dc1e5d

SHA1
cf442a93c781ef8eb460fb453471ade0b676b8d8

SHA256
9cb96745b17a6e9ed9b3ead55c3429dd4e831696a639e318edfe6125cce74ec6

SHA512
0cefd711fc44cdb616fe591fa46be088de011e13940a5fb3fb5e8c7492457c810801d45f45740894a35038ce5406eb2aa92202137ac0ea9a736a527612703e2b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
a7d0ff386e0003d4e9a15aa5c23fec58

SHA1
c31fb07ea07527235bc4108d6b0da031ac6c1b11

SHA256
6b75b3b987d401b00ba7bcb34be595b82689f1fd07b816e7237ee9222e763966

SHA512
6d16f4db5a8debb1b1f1628a5e97cf385bad98df815e3577e5aeb71281a270e2a54936e66188093c90e0532b0f6baac4f3f9a80f3e1916d77731f5d996699261

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
8adc94a092df864d72e2de07f41e6f5a

SHA1
26955ac38132250c486d26b145d84a9b64d6c842

SHA256
5a764a0040a3e58366625847a0608cd7aec4078962c344521cf29780ad5c8c3b

SHA512
4b7508ee6a0a4736121b889014af6e26c214c21b573b8c502f243bf5cab8ce474d36c765b7d9ecfb96ae06a37f67cbd6275f640ccf58874c3a422095b93c819e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
55daf7d4caf174998cbaf9f2d430fa18

SHA1
683e09065251afc7695d822cbb055a08a964ecf4

SHA256
bcb1661bdcd3e3022bb9c05f127febb53895621a09f19486b1ef0027544db7fd

SHA512
dbf1592e02848d167e318520ef28afe9bfc07e1dbb8b21c1abcbefd9ef6603432f64fb077ec5d87cbafa0ced37e9b373c1b26497be02e64d96c813718cd17e4c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
cdaadd0f4a9d781a6f364a333d4073e8

SHA1
0d8df4d57fd1599eae6f8f1e8006f0cc1ae81751

SHA256
090693250d290907ce3b0fefbe03b4a020bacf0057e4bfe3c8a6676dfd0f809a

SHA512
577ac711542c8b7796cd33762a29f7c2ca3dbe8fae89a1cdaa07405fc4edf021e952bef1e46d2ffd8113cefd7156b9d7b3a19ceb8666d93e619558e1f572b0cf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
f12284c6d1589bc51bb169c0135bf94e

SHA1
1030eb536ea81bd995b73889dae3f8b12e56b5e9

SHA256
b2d70e9a04828c5ab293fb9dc65c1f663d1c89c6a62acd7dce8f135e796d0e48

SHA512
b778b40a1edcdc9e430c903e3c2c2a17e83cab60bee621d51451464d97bbbd271f2e2cfe395546b53f508bdfb630228f6b7f0b2c5e90b85eaad58a3e614e95de

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
78e81f3ec751b9aba461e79dbb7d3ebd

SHA1
3ce3c4fa83afc676ceb39cec92cf12f0de0620d3

SHA256
31e74a98ed7ec2e8b8fdcb7038febba0d1f661dd76b73cbc74962746973a2d4e

SHA512
01dbc152465aa62a7f5853476511a720b2bac360ed95028cfbb698f581b465111c9b72c412956e406b3b7d220e575a3fe0815bf3ddfd68d401ff3b7d35f8870b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
733KB

MD5
f904dea82ae3b032da29ac37a1031bc0

SHA1
968596ab78485b48e9123c2d44c5877b115376ca

SHA256
436ba341d13e613b5b5d02c897fc0144fc31e0b7d3886fe3b0c61fb34a8973fd

SHA512
84768e584deb342c895ef12962b7f51fea5ec24634da0b6b497e9f27bb55fea8b8ecabfcda2a3258d45fb9202bf74e223f6c0d088b141d699abb25bcba8f5f51

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
833abece10c3e9f639faf2ad11d98541

SHA1
134f2261e9e9c6a6bf7ef74cf20997948341249f

SHA256
58e733534e1f3edf3b6bd834819333b2148c0e1022eac597c6babcab0ad460f2

SHA512
3baf8f1d4557266ed5890d4881fca9c8bd86e05c32d7a56a85ebfedd3b7e04a1bac30b04f7396b36b169820d669281dd052e9f34783ef3a84c5e350ff953ad9f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
550KB

MD5
bd2197a3b94dfef74753f78b45fa141f

SHA1
76698f034cb6a2f3cec8e7130ae029461bf0019b

SHA256
44cae3be4c3cc67a2a0d0f5fc002bcfef46d5eb9d80967577f1478998ff7a099

SHA512
a107d03e806275b71e998dbcbb3000484c855b6ff86928b718ad9a8846d3a4f08716b17eea217169ceb1f8bc1e39fd30f326488ad38c0a697a474bd04432a953

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
1ba1c0a007fffa8bbc83715480ab109f

SHA1
1710d8ab4352ef729b72dacac37d0136e2e2da81

SHA256
ce1d095b4a826f36b75b374354a415e897b012a5c84ab1a7065102ac52213c40

SHA512
db7c9b8c7a2b96f0c10f72420064310f86d7f04b517cd92564d1a68c21ffee4cdf224ad217a84c4dd0f7beb0d497ff934252c7a446f3df2dd5caefaf07caddb2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
501KB

MD5
6d9f1c75e7a1dae71ba11ab9bfb09bc8

SHA1
1aa8a4876c78041a00b13ab64e78407f00256018

SHA256
ea7650a3af777bab1e8c443f28b0beffd4d2be0e026947d0d10eac9d6ece1a13

SHA512
085f1d19366bafc31bef13359ddcca1c6fb498a70f01805b910293e005d7c7a73b4498312f59b5db4e0a6f213dd26ba126898cf3f07b07c67c50573e860889c7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
51KB

MD5
3d20c7837c939e5c3d96585bf6ed0392

SHA1
cb49df89ac38aa04bed03efef6fc2b611a1f3307

SHA256
2e4767a9ef61556857a1e57e36838151b10782b3bc449446d1be0ed0eb6cbd8c

SHA512
4c2758aac05e9ce378ec0c000d12b9e6a13c8f39284e528856ff8c113c5690eb560d44cb2595f7f650f3f35d8a3ae27a2cddf5c2981619694053d7bf05ee15ad

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
65KB

MD5
1a182996f339edd1f1094036112aa598

SHA1
7790b9e26d39a88b7e41e56f3eab22f057e7d215

SHA256
2bcebe5376567ea5a6fba94cefe0bd15f1fd8c9eed27b207f0c84cb14e3729fd

SHA512
eb359269393a9f059ba0435f1fb57aaf42fefa0bef27a205f887a31e9c4c09702a7ef3bf2e001aa4831e94fd99ad818e8ccc48d59ec2e0560e0045f6b205d57c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
51KB

MD5
1c2a31221a3b4c6a022f9fdb66374281

SHA1
f02b12cd4283948204bae20e2201b8be2883e5a6

SHA256
839f0be3de7b7c3916028f26e31147ad2b3b99da87444b311b2e8ddc175e35a8

SHA512
c9feaf23bbab478a44a84d8e06232130c2d9a8e0fa9ca2412fb84d2ff61210bb616aebbd66bfbc3a92d4d3753fac3d85c4cba958f73cb1b33a773af30d983833

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
61KB

MD5
0e4863275cc0482ccec7624f7dd3b73c

SHA1
e5d37f57caaa7338d57d0815452f8aa7d7805f10

SHA256
967096d1726df0a936cd23412132c819d58f2f909a90b357e9f088da864c9262

SHA512
aff5d56596b8c8f5b045ed397c642cdcc2cdfc638ff7c3e6781f9fead73a64bd42f4c34f7d140f88d10319795fce653ddbe72b6d8284609de31140ed7772c44c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
64KB

MD5
7ec2f6c50d8e5179b1f0194de5678a63

SHA1
e002c241e77dae3f9567ef38de117678a7dfb0e7

SHA256
e9313972aeca57c945969f9d23d609a141293b48b058f783c5e306d2767c020b

SHA512
03d0376632ee7494edc2bd62c5c05223c4759a40b275ddac6bb2f2f842ade0c422c1038c0e4cece2a9061ede0cecc04157e3d68c79e667a130d9b8f51fde8c0c

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
696KB

MD5
2cf024a59d4a48ca8c4529559686517c

SHA1
110c3fc16d59a24f5dd863c976c73aa7ec633863

SHA256
e1a43e552a0e0001c022b67d9fbb7d39c5a0f2dfbedc7a188dfd8c336a9c4d03

SHA512
9edf5f529c1c8c08b26ae7b6aab03ff12c795b2121abe40690804a4b2ad283d8bbbf304541406bede99b0261529a60c141c767278e95462e8a322d881e44884b

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
25b00680d450fff5d4827bf1161d7ea7

SHA1
058e22fcd614618edc74761a1ef3b30108bccc52

SHA256
6a35a9b6e00d6983ae04a0a7bd81d5c3d08b7d8365c1f1d6901ffa2431369d65

SHA512
79d18601862e51ef24c21422e0af6b93b7273b4f70085710000d0a52e2b4d2b8c9b42480b5614300dac211713852f62d3b2f74b312dd18446680008b72d2748e

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
0802522f2d05e2ce8b9eef62a1d00f4c

SHA1
ae443ffa8eb1dc290e1ef262e49a197d1ec5aaf5

SHA256
c4199a6db64d5e3de89b6acea6dcc20f025f2fe32a058d34ed8a3e5434bdafe6

SHA512
b0967651763c6efb70e433d90cb69d88a23ccf721c9c8c344bdb1c20f9b46f4a2f4a2672f5a1d09547349b4f21a54eaee726abf13c6b71d65c590928136a46fe

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
9931ea490d1520bbe45506fb1f9dd0eb

SHA1
807639b20c5329916d0848c26be5a9f6cd7e299e

SHA256
2f58dba4fde0856d849c3dd8436a1f29cb5506eb477c72fa02f58a8cc85d3182

SHA512
30a240da70ad781b621886d5453141b01dffed7bd9ba1a133f21788d99a28c2763cfc27af984d191937dc0db9b0bbd8b8c1b070824050a86575d4d90666b90f0

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
e66b407db6192c5d2835822296433fda

SHA1
acc16905ee70cd0b7782c3e205bd93105bc0a24e

SHA256
8fcb9c65d0cb360865edb0a37930f3c20a6561bcacf94337762639eb74437ebb

SHA512
85f08158a300db589197ef040d9a1d6e69b126037217bf7dcee81857f28f9426e93c3d4b3762bfbcd027b661c48abb3efddfd708f7338e89edd5ad37c9fef917

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
f2f529693ea997ec50737ec97803f59a

SHA1
38c23d54e3a6882d949970e9ca34a0d6a0ed4385

SHA256
7241b3f2c081f89a2c49e03defc0e227dbdc3d20ee8583bf755efdb9ac743a7d

SHA512
7e9120cedc71679de0b585a4baf3c033129fd3498a2ec289c86a18046219613c15984b13e39e81d4d33508ce43c61e6afec4965dfc0961bf03fddbf59d76fc10

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
f18f159c9ce2a352d9c928b26b52eb8b

SHA1
89432cf32d40e82c56091ab068397cf2365132e7

SHA256
c4b102aff8ecb2eb08f46fabaaee3584111f019ad13813cb607a82900e1806f2

SHA512
74acc6b36cc25c7b96f05e9a37f253ad7b2e9922cecce7eeac090f6fb17f62bb78eb06caebc8290e58c999b84135cbe33367d8dca63772cb72761890961c8a9b

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
b22f85c6a04ed52db34f6eb17507cd73

SHA1
3b420345e2c2622f36322d22ca089ebafc1a09b3

SHA256
688c07c184791c21d840b729a246beb935e528cb6a8e6add845b1f012ffbbc2b

SHA512
fe26305fc763d0871789ec8aa3b72e8056224c8104470a45ff70a0a87d9c7b0dfc04c9c99cd21343bbeaa7d94e5d526bdc13a300d0cde3c95c25641fdf9248d4

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
790KB

MD5
cb3001075e629c42bc10d708612d8b64

SHA1
7ffa173e9aff402c2ded42be2c4673e6e76267f9

SHA256
1295e7dd18ea6a4e4bbefa103f565befad65cafeb63ce1dc54c6e02e03be4a4b

SHA512
3010cef8bf89e6470fd977636eaf800f85dd1d5a4be2ec9172d543dfe1b60438165408605043d8c91ca2a6db2c187ef56c93fa609a682b971afbd3bf4684f033

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
2ba37785629f3e518bf794ec48bf53cb

SHA1
3ba812a549446929e3b25c645a9bf2a66eff497c

SHA256
c0a5a11bf9c7619aac56ed4fd50f6c4d23e94b56bbd9826e0c85e76b9a73f736

SHA512
1aa09c8e0394fb8d59648ad8ed8de96d81ebfd1336ed9907567ed6502711fcc2b83e53d11cc7dba641cace8bc579f6253d3bc2d88b620cececf73d4f9939f63d

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
228be73bda6216dad26c8cf0e092f129

SHA1
f047e16bb0e62367d5d8c5a3d1c76b1be65efcea

SHA256
acc63bc2061a13468c6165416165c1d0b299b2cba8b619fd3ec0723c3b225dd0

SHA512
893c5f611079f8a6a9d884165fa9e6c049cf241dc6f9c5be8d515c61ab2062bb97cc758e788461e39a5d18a883dbcd00c00173ad2a436f6d8907c6157b0b0906

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
5e6e598d19c928d36c34209268fe70b1

SHA1
5bcac138378ee903817f628708257b2024ad0219

SHA256
39f4fb9c92fa6be6082f29186a913e686544b2ea519300908084cbdabc3dc44c

SHA512
745f19af959c66aff6ef407ed0cf5aa16bf3c7169720cd96f3a98b425bf12f8f856417333c86f38c8f89addda40be36e34a1df59c3337ddf50dcb8dadd4d708f

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
f107ec7f29a36aed3aea9bc04f455689

SHA1
466b6a875a092466d3ebb26218c4ef1899dd3a04

SHA256
89e65b6aead30417c3dc4badf2de8b803edcdf1df3e0c1f40d9d0f2f9a6170d4

SHA512
a8905c92db178f1175a83580ed792345c0f26bc9adabbf632d32592ea0693164b344150f118e25cd85b2e201e73c64024c5efa04e501cd15bce9a4252a2f6656

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
caa90a3243d47c152f6d83dd856fb148

SHA1
25e7721e7a1a66b6472aea213920586951d06a18

SHA256
9fcfdd63083da6c416e8b70029c99e62648a8f123ea166eb53d121db276aa652

SHA512
da83705d94b2ef41f6375df3479c490999c4e316bf70eef714ef6c8a63d92852eb32460418eccca703ee9da695d155ef49131befffdba6172f1a48b2cc8865e0

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
9cacd94d9cdfe92bf2a4392d6996ab76

SHA1
d04709285a3264d968f171730e3211bc4d559894

SHA256
80726288c160d6af63b5db5c5eba991f0438929352fc70f2de501eff2af6e3b7

SHA512
a87939991b33a8f2b7bcb89e8628664f91cc10462094dd1c4d7fa30c664e2d9ab690a4e3b589c8289f9f322a642f87170524f0a9c3841c0705b2ecda897cee67

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
7613d7c4defc5ea60af72c3a5c21a6c6

SHA1
7026f51b91d9333e860f6089e7fdaff5f207d717

SHA256
5f850a5ce1501bfc43a948bf0044d8304d0e02cb8ef33195a7404ec79943c993

SHA512
917eabfc4b9d5bcade81a0387b89db4574964cb6ad0ac1b0e16c8eddb773f454d40fa7faf61ecbcd9f34e76916c509389bfc6f2938e275adbcf1479e3db9bea8

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
b0202030c8f9cdb7191df6a2b6c6f7c8

SHA1
09d5ae407cd453b702929594cc873d78fbf30fd4

SHA256
524ee3f941e5748e86e55f69cc013e04d0fdd909837bcb78a77dea82eb451a5b

SHA512
92aa42f5518d908d598cd4f3b347683695e96738d1362da203f687ae414074a9f9b6f1add93ec07250fd7b269d6630967abfcbc36b568d79dcded2ab7686d538

Download Submit
memory/372-224-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/372-233-0x00000000005E0000-0x0000000000640000-memory.dmp

Filesize
384KB

Download
memory/372-502-0x00000000005E0000-0x0000000000640000-memory.dmp

Filesize
384KB

Download
memory/372-501-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/468-237-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/468-183-0x0000000000900000-0x0000000000960000-memory.dmp

Filesize
384KB

Download
memory/468-175-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/976-253-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/976-259-0x0000000000560000-0x00000000005C0000-memory.dmp

Filesize
384KB

Download
memory/976-507-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1212-6-0x00000000008A0000-0x0000000000906000-memory.dmp

Filesize
408KB

Download
memory/1212-130-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1212-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1212-336-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1212-1-0x00000000008A0000-0x0000000000906000-memory.dmp

Filesize
408KB

Download
memory/1212-7-0x00000000008A0000-0x0000000000906000-memory.dmp

Filesize
408KB

Download
memory/1328-199-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1328-137-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1328-129-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1328-133-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1568-19-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/1568-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1568-141-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1568-13-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/1816-93-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/1816-157-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1816-94-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1816-100-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/2124-144-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/2124-149-0x0000000001EB0000-0x0000000001F10000-memory.dmp

Filesize
384KB

Download
memory/2124-152-0x0000000001EB0000-0x0000000001F10000-memory.dmp

Filesize
384KB

Download
memory/2124-155-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/2124-142-0x0000000001EB0000-0x0000000001F10000-memory.dmp

Filesize
384KB

Download
memory/3288-504-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/3288-239-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/3288-246-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/3300-118-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3300-116-0x0000000000E70000-0x0000000000ED0000-memory.dmp

Filesize
384KB

Download
memory/3300-111-0x0000000000E70000-0x0000000000ED0000-memory.dmp

Filesize
384KB

Download
memory/3300-105-0x0000000000E70000-0x0000000000ED0000-memory.dmp

Filesize
384KB

Download
memory/3300-104-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4016-207-0x0000000000660000-0x00000000006C6000-memory.dmp

Filesize
408KB

Download
memory/4016-201-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4016-398-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4772-223-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4772-167-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/4772-159-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/4772-158-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4936-125-0x0000000000DB0000-0x0000000000E10000-memory.dmp

Filesize
384KB

Download
memory/4936-186-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4936-119-0x0000000000DB0000-0x0000000000E10000-memory.dmp

Filesize
384KB

Download
memory/4936-115-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4992-211-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4992-220-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/4992-494-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/5100-187-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/5100-196-0x0000000000B60000-0x0000000000BC0000-memory.dmp

Filesize
384KB

Download
memory/5100-250-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download