kinsing | 1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603

Analysis

max time kernel
105s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe
Size

1.4MB
MD5

c2970e3d6c555c2a9ad973349a4ff1fa
SHA1

11b38217999b7be9f62f967309e60665756ce7bb
SHA256

1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603
SHA512

3c0c83255856c7003919272900902b13a8c87027b9910a0e8640a5bfca40f807dd59fc0c284989bb7f757c3db9f23ed41df31c450a46df35ad4d1e6e67451ea6
SSDEEP

12288:jF3h/Y+iAlQz3JxJnpz/n/trAUd4RivsiNG8da0BKzIpAaQQPmGrl6ArK73t:jpZYTASz3JvBntrA04EkiNG8BwXGg

Score

10^/10

kinsing loader spyware stealer

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Executes dropped EXE 22 IoCs

Processes:

alg.exeDiagnosticsHub.StandardCollector.Service.exeelevation_service.exeelevation_service.exemaintenanceservice.exeOSE.EXEfxssvc.exemsdtc.exePerceptionSimulationService.exeperfhost.exelocator.exeSensorDataService.exesnmptrap.exespectrum.exessh-agent.exeTieringEngineService.exeAgentService.exevds.exevssvc.exewbengine.exeWmiApSrv.exeSearchIndexer.exe

pid	process
3984	alg.exe
2208	DiagnosticsHub.StandardCollector.Service.exe
3468	elevation_service.exe
2432	elevation_service.exe
4220	maintenanceservice.exe
4632	OSE.EXE
1412	fxssvc.exe
1816	msdtc.exe
3864	PerceptionSimulationService.exe
4380	perfhost.exe
624	locator.exe
3104	SensorDataService.exe
2600	snmptrap.exe
2380	spectrum.exe
2944	ssh-agent.exe
2640	TieringEngineService.exe
536	AgentService.exe
1448	vds.exe
2744	vssvc.exe
4796	wbengine.exe
4476	WmiApSrv.exe
4428	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 28 IoCs

Processes:

elevation_service.exe1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exemsdtc.exeDiagnosticsHub.StandardCollector.Service.exe

description	ioc	process
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\6164297ca5bf65ce.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

Processes:

elevation_service.exeDiagnosticsHub.StandardCollector.Service.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_108796\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{BB1DEBA4-2D0E-4BD3-A275-B48259468944}\chrome_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	elevation_service.exe

Drops file in Windows directory 2 IoCs

Processes:

elevation_service.exemsdtc.exe

description	ioc	process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

spectrum.exeSensorDataService.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TieringEngineService.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

Processes:

fxssvc.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exeDiagnosticsHub.StandardCollector.Service.exe

pid	process
1116	1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe
1116	1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe
1116	1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe
1116	1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe
2208	DiagnosticsHub.StandardCollector.Service.exe
2208	DiagnosticsHub.StandardCollector.Service.exe
2208	DiagnosticsHub.StandardCollector.Service.exe
2208	DiagnosticsHub.StandardCollector.Service.exe
2208	DiagnosticsHub.StandardCollector.Service.exe
2208	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

656
656

pid	process
656
656

Suspicious use of AdjustPrivilegeToken 39 IoCs

Processes:

1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exeDiagnosticsHub.StandardCollector.Service.exeelevation_service.exefxssvc.exeTieringEngineService.exeAgentService.exevssvc.exewbengine.exeSearchIndexer.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	1116	1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe
Token: SeDebugPrivilege	2208	DiagnosticsHub.StandardCollector.Service.exe
Token: SeTakeOwnershipPrivilege	3468	elevation_service.exe
Token: SeAuditPrivilege	1412	fxssvc.exe
Token: SeRestorePrivilege	2640	TieringEngineService.exe
Token: SeManageVolumePrivilege	2640	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	536	AgentService.exe
Token: SeBackupPrivilege	2744	vssvc.exe
Token: SeRestorePrivilege	2744	vssvc.exe
Token: SeAuditPrivilege	2744	vssvc.exe
Token: SeBackupPrivilege	4796	wbengine.exe
Token: SeRestorePrivilege	4796	wbengine.exe
Token: SeSecurityPrivilege	4796	wbengine.exe
Token: 33	4428	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4428	SearchIndexer.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

SearchIndexer.exe

description	pid	process	target process
PID 4428 wrote to memory of 1640	4428	SearchIndexer.exe	SearchProtocolHost.exe
PID 4428 wrote to memory of 1640	4428	SearchIndexer.exe	SearchProtocolHost.exe
PID 4428 wrote to memory of 4588	4428	SearchIndexer.exe	SearchFilterHost.exe
PID 4428 wrote to memory of 4588	4428	SearchIndexer.exe	SearchFilterHost.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe
"C:\Users\Admin\AppData\Local\Temp\1bc7f02f364e4b3d6215c85d80d5a72472975cef36de6d8bbbd5720d022ca603.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1116

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:3984

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2432

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4220

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4632

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4596

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1412

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1816

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3864

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4380

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:624

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3104

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2600

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2380

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2864

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2640

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:536

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:1448

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2744

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4796

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:4476

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4428

C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
2⤵
PID:1640

C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
2⤵
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
Filesize
300KB

MD5
cf82e77e8e2414e03c9aa76ac68f65b6

SHA1
a153371fa32dc21226b00621d796efaa07b4b697

SHA256
3190a5e07754f738b4dd0a3c0f1afb185d5c62833991dc7acc7342626a1737c6

SHA512
9349f3a6f0947d654011172981c1711a40b5c2d9cb7d3f1d1b593e718f3672c87bcab7aea0b3c81cf830f4e2ab8c61ed0163641828dd65141c3bed6f1db94aca

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
Filesize
432KB

MD5
28e2ace7e9bed3826d445856ae2ea343

SHA1
81c1be696b2fb9556ea5bf443c907ce95bc608a6

SHA256
8876e709ea802e98d6b8456041fd9b96404a038839d862e7ac95855ff9fbd023

SHA512
498d32943067ecb929243c37b8b3fa3e4a89c7c4eed82079c6da0715a52123153fabd8455de3149318420ac56e50e1dc4f199f8f204e5e4f24ce01ec9844af2b

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
Filesize
503KB

MD5
98bb193e7793a5317229148e4308a2e3

SHA1
da3a6c8e1212f7a6f4ae17ef8424f678b642f1af

SHA256
345d39ab3b3be3adc9b5f21025f653e4487d33dd2fdab37201701077284ac51a

SHA512
90dc64ddc28b8efc6956d26b2ae2162f76a5aaa0cdd3134dedfbd4eb36ba819185b4cb1373dc861c660a66881ee45e7ba7e028a2f7ee079ee5032cdb84fbdde1

Download Submit
C:\Program Files\7-Zip\7z.exe
Filesize
54KB

MD5
86c9c27e4d7190fd976bcbe34eeac5ca

SHA1
c12fca443a4a064e3ef68ea97906d6bf501445b1

SHA256
8f91f62d7d7b00de409a7e0afaf84ad48cd24ef8ea6dc19434ada5c5bc1ae86c

SHA512
b2da820927fcc3f289d12f5f2903266d329775e718672ab878692f1b456547b447747214c1398e92fc3a61b67e582956b2e3dc5556c694c1fc1b06abfa1fe38d

Download Submit
C:\Program Files\7-Zip\7zFM.exe
Filesize
168KB

MD5
64bfa904cb8b02f34cdfad4e126de446

SHA1
c46ebb6da2f6d5da3612c78b53f8f8c92969f693

SHA256
7ccac62cc0c7c8aadafbed52538fb8cb793d15bbb551157fa0d7c36a877282e7

SHA512
08d4ccbac9d23e297ebf4ce1747aeea7cb1582580d9d7227c0ecc76188c68e90c8d4442c642d47f6191946569cc365553f72a3210ce33f0dce489d0798304244

Download Submit
C:\Program Files\7-Zip\7zG.exe
Filesize
161KB

MD5
1ab2cce6a16e395cdee693b388e8e7ff

SHA1
f87816007bdbd482580df42266d1b77ae487882e

SHA256
542528356ae80be5ff92a0084d13a28e5c262fa444ffa0c80614f400cad835e5

SHA512
9253df5b14c4f3ae78280b4a498f73d9ea69b0d067802d3dfd3d8c56156f487a5c70431c044868aef7dfe2976ce2df1af67f49c57fd3f5b3572e2e6c0a58a24d

Download Submit
C:\Program Files\7-Zip\Uninstall.exe
Filesize
44KB

MD5
3c8b46a2d5b12c6fc29ebc2f55b40e24

SHA1
869902224befa183fdb90d2a237046c3fb63ed7f

SHA256
5213070f8ad27a4496729b99ccf574e3d1ff75d21a7b1654e8d8a0b115247445

SHA512
e25d2e320e5e5dce465a1d6f54ac5c97eea852cb49493f98857940cb28669a1364dcc88123bd662359daee1f125473fb6811cc2cf388fd002293ef62f9687557

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
Filesize
31KB

MD5
124e8f00bf34032b382ac8b2be9e1f93

SHA1
6541b84434eff3430baa875c0d8a3ffccc2dd7c8

SHA256
04e2cee9d7b49056a5dccc5b74a81268252c0712cbda1dbbb9ae2b9c0294ba66

SHA512
8434d107e2c898770f2813a3968974492106ef04dbbdadb918a8d1c376f9ba6aab3a08265ce4332fccb5c3d43386da829c6b4754cef4e54cb0d3893789fe4353

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
Filesize
83KB

MD5
9ddfb7e36eaf3273ae85f3fa8d8d8b5a

SHA1
b93d4e0b27c0989afbe1fd3214f8f537038280f4

SHA256
88da9f1370965900276c0063753e44fce42fcdb31cb9a9dad1f35faa3987d126

SHA512
674bfd21a44329e283745595f1a2340baf8c8d4c75849866a8943d54671090758a34b83bb99b8044fed33fbca76ae069ed21968fbf4f20dcf268ad6fd01954f1

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
Filesize
149KB

MD5
0b9ff7857db8b2ec57ef05ae7bdcafc8

SHA1
4e79cadd7ae861ba3512d5e40ba094a247be4c66

SHA256
7f45f5a398c4476a504401bca85831da1c7cc582e3817bcc541a1280b21aca16

SHA512
9236ef2a57d6ef1c8e7523ddf9603c9410e2199296cb473ec523a4f7cc25eccefe4bcc49fdb72c1a1d0fb1005825bb173ce9bc8446c8f6151b3a735173ba6256

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
Filesize
155KB

MD5
452567c4ed94d4ac61a2f6a986f0fd47

SHA1
53e2c3a5243863bf8c8d384dd059f8a8c1ac89ca

SHA256
caacffb7d341c5cce98467627126176b43fc7b485adff1a936d0547c9d2ac1cb

SHA512
88c0cac493d4ddce7a5e0e6538d8fa1f1fac81710deed59e915fd392fdc4bdff839d142d8c9a57a867abaf0520303d144498efb6cc5b17dae970a5ca92d6afea

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
Filesize
152KB

MD5
72f121db3419b9df13a02959fa0e9dcb

SHA1
57f073d18d2402d1f9b96d35348973ebf2206fe4

SHA256
e4a6de3a27f0799f62a1e1cb4175db1f48b191fc142f086e61c14fde0ba31d8f

SHA512
b45a2552a7ac5137afa45ceea7246d259c115d22cc546fb2ade1d3f9053c052f52ad9050838cf0dda0b3293c42078cedb128bc65dcbe4e706f98e89bc05b7959

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
Filesize
179KB

MD5
0b04d804990bf4d4ab83d0ca8ea3de04

SHA1
03c62ed8fc0120478321a2f864eb9cdc3397ab3b

SHA256
3e359c3e0ae3622f988af137c5218644be528be80975944be735f527e65b2857

SHA512
8627d2f75c602e643ced3c5c54d513bd7335230ac6b11e9bb82a59fa31297a69fe94827df0de9592bf845cd5a5c3b95771725e491172712b10530ab23e9faebb

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
Filesize
108KB

MD5
cd8e2b49aea920aebe71d664c14771d1

SHA1
5a721323838f893f2921772ba4b3271d5900fbe2

SHA256
300f9d6e21d570292b01a141cd751b6b735ae2b00e35dd1ed4dce96ebd638e6c

SHA512
ab24d3f76333375a06d9296f661d542baec91b1e804fa70a30506f85ab582b5a924aff49b44cb5cd45b37b6c58bacb62417f7696b2e302f00fd25fbbcf59dbfe

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
Filesize
241KB

MD5
03447cce42429412fa10d49bcd14fcc2

SHA1
c3151d5d4694bb6a25d251ac7390779d4770c093

SHA256
c942e3375cd045bff43485735651ed1d76748198cfb66c24482183dcebbb6263

SHA512
5cee1a9a118b01e3407a5c570f0591adc321aca68012d2986cdd2d00498c9f8550429e821dac490119a47ee729a3fb60bd82fd88b9d041a6e36fd0ad37fb5bdd

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
Filesize
91KB

MD5
4569286baf639c56eb566013e3858ae1

SHA1
a6647880633f189a38029a809488150c5c3d98e0

SHA256
f1c74fa9468758a51a1450ab491e09eb05c0d3ce44a637aeb74fa01c0632be01

SHA512
f4545ad2e4f2ab6aefd7ec6dc1990f98f9e45de5a4f32100759894821614353b8bcdaa96580215c983ac74806d8eee00e6d821143ec4707a026a423c2e540180

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
Filesize
109KB

MD5
db36041d23cbe0756388b1ae6aff73ca

SHA1
ab6ba2884cbba2e901303dbddfd90ab1127bc88b

SHA256
1789cbe04c46c54c5a90a3731243098be790c879e72c670ddb5f89fd5ad7046e

SHA512
4879c614fadf40c48427c10cafc709dbc06cbae26a0d0ea125f696635666098ca1116ccc87deee1b47236ccbb76045ee9e96cd90372ec49b3428992067d2a2d7

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
Filesize
518KB

MD5
2daa10a4e2bdbc4233204ed1f6ef1ab8

SHA1
37ff5ae2f3b14e7eadb6ac088dce77898c156485

SHA256
b383ce5d79a5ee839140c97f28c0f4b3d92c0438dab490d4a4568a3e50a5b326

SHA512
5cc960102c319a7d4dea2c46b03ff2d141a9a91a0a7e635c66baf6ef176715da7287e8cd836cf8bc6a66574a4cf9f650b8a7b004a9ef7f9a4b6bad8dfd523650

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
Filesize
119KB

MD5
0d0f81fcb3afaa3bdcba81d3ac241370

SHA1
ce564e2e1b582db8d21f31927f2f90a91a2db6e6

SHA256
535cd933f88e758766ed849f82f224bf64d251f5709e4fb3c75195627d376b58

SHA512
2306d7829203f74537fa7677a8ad2f8087f539acf5ee4c7af97529aee33c24894c431a79f8a4b7539a57a95528e8b92ab80f04324205b05c744d7dc55efcc09b

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
Filesize
90KB

MD5
dc61eca041788a2780f52e8c75148c5b

SHA1
269cbcf4de01cf96da8a3d79b9de93312ddce67c

SHA256
828e2041b8ec77af1ffc9ffa210806c30ed4775522e63e43e846cd7682f3cbd8

SHA512
30c9adffb9a0f0ca4f5e174f2e170c20ef5e6c43b4c8a03c6060fc1578f8a33a078acacca521896368200001f0b4dc2b1107e101b4122ff29ac12a3d99d94a13

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
Filesize
101KB

MD5
8680e85c960b1f57b4cf3bcc21a43e2c

SHA1
b7bba8264201b7264d1d76cd93cdf21de9b285a1

SHA256
6ab277c0efa1272c14be25dc398b24ac68044cff40dbebe2d24287ad57aeebd7

SHA512
520b692708dbcf1c2999ee8fd95c8d31df09451ad5640f8326d6a4c8f3fd8ad1e3846459016f8c9bac4dcb050224087fa2dda04310710129d11e4d0d13add8ea

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
Filesize
65KB

MD5
076c74ba5f9e448358e893ce5404e9e7

SHA1
caa437701624581ad9b4961ab07b612cc65bb4e4

SHA256
5a5ff0dffdaf2eaadb1275c1eed2c68f6ae6881038feee79d2d02d6511f92d2f

SHA512
ad2455146c8fdc44ea6627e3aad8034e60a81f160cb58e009f64b79074b029f19be35b1d8febdb44615cfecb6a9ee5f6f1ca9878a165883d9de2587464cba054

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
Filesize
200KB

MD5
7f19e4e5fbe5f07b7c4286089c9cb705

SHA1
4ab279ddf71fedd75ad34a51534ad6f80dfde4b2

SHA256
20bb875b96c805de48ae798859a93a22430f881e4c5a2133eae8818d5944da39

SHA512
9714d92203bcc85d6eacc9b1373fe88956e8aa587a5ad06264e3dd4ad2e673ec69bfb80aab1cd83daa359614b19517a324eb5da10b6efff114e6577e8d7d4946

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
Filesize
22KB

MD5
06bb36f90b02d00f085edcc3d4046afe

SHA1
db1e56c183fe4edda04701bdf7498d0f69b6b399

SHA256
6e296083ab8d82fa8106e1748c72fec1f4adbb4d96ef9e1264c2a2ecd88e335a

SHA512
4a0d483981d93dda712a5eeaf7a00a111f387bbb274fc4007d04b95098096c7016cbeb263a41b8fcab2dbdd94464dc0aa784eb61ef09ef33008090390ccd90eb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe
Filesize
85KB

MD5
85617d1061527d81173f1bba821d61e3

SHA1
932ae1e3ed18035d246f864ac8dd4877d28a5d7a

SHA256
3e56d583e42a992769366a1e7e332114450950f616145935c0eaf1efd56fb728

SHA512
5992a40032c7a63b527a70ac093a8649e8f17eba8a2daa902b766d820b9d3061d0f0605e42d671d16b4e671d59e1d4b7749d91451693db638546fb97c78d2777

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
Filesize
69KB

MD5
b63fc88f7727cf38c3ec1c7a0d0e0ffd

SHA1
88db30efc5bd6f48cd1ef5bb8b5893cdc0107219

SHA256
04a612fab9fb2de81f6532a86536d7d29f54f0cf86895b0d72b11e1c2747db73

SHA512
4515ea046c917a4810d50f053ea14b7ccdb4542eec326360e9b1878cac0f3d0c412f9e31d54130da1242de09c576c8d14ad1d57ed8f12011140d73c4c4a4d5ab

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
Filesize
73KB

MD5
70fe42abf1207f69f2eaafae955519df

SHA1
f94a91ccf270203206ed926984a157e5d8e701a5

SHA256
70c2d9944a7660706851cd9dd72d9262c7559f2f48261cbca9da7da1afd0599e

SHA512
c13d67efcccefddf1df62f1634caf5e18bc111df34776124e3e6dfa39ba2773ef3beba552bc6a227b8cc1bee28a551675904ce8eb71729f4a96c1f9f19356617

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe
Filesize
88KB

MD5
c6521d63fa9b5150af111b6dca89cf9b

SHA1
f70be7d4bb7bbcc0c6053923230d70ae815d5d6e

SHA256
42a4453bb89c632feb5db580aea0e47b1834bdf43d86a62d07e5defa8de8d16b

SHA512
7362d33d985e0537154919a529ef490575a35b97620b6b77b102ebd163fa544db64e13be7fd943e44621c551108b3f56312703f3afd1d3888f1b34911d92f67f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe
Filesize
169KB

MD5
df3000deba530654bb486c803c8974de

SHA1
dd0d7784b7360f9bc77001f7ce8cb37622a1f0a7

SHA256
75605ba9fd01ee94d02a2fcf2534bddf6abb8b196043818c3d95bbc9db699a5b

SHA512
a4f7305e59a2ce4ce1fb00abaf8981557911992f31479b1c9a6c9ba7e7d20b5eb44a2c8782eeae78ae18b97200e8b1779ca05e00df27af335b3970de7d8c1d99

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
Filesize
135KB

MD5
92b6b95666d302eab47602b999a4b4df

SHA1
b7e9d82a776aaa856cf1ff5a86c2b1bc035cb744

SHA256
3e76d6c48f33a295c869be1f19f4c21b5c6170f91518acafdd62afb57b25ecfc

SHA512
42af5e662e4738847281024d7d91233840ca78e4e3dc630832124633011b77b7e68cf32c02d7861b58c7b6d1afa65c64a3b22940dc49d3a4a66608fd1a677bdc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
Filesize
46KB

MD5
a444381106d827ea5cc6db6d100c1e43

SHA1
2f6c099af9c9b2808af602bcde408b0309d99726

SHA256
014a9c410eabdc17fa905e7c8461116ab38e923787e4961a8774a31871067139

SHA512
5703be44f3f78b28e51f9e907ae2f3a8d831b84c306b58c53fd7f94be915ac4e14d839e1a7837e5ef417f09dcfd2cbb62ee0a439a93b64ac5be7063d11bd387d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe
Filesize
187KB

MD5
5c2cc4a06804e93e7e3127b9c39ef239

SHA1
a8b1b27882bb640096225a7b33df116d8e8a64b4

SHA256
004e2b725ce6090e2c3afe0f2df9a1c798cb7aa3220813f74d8a513e859c4883

SHA512
68e2a50483c6cc752172abd0f3957e6dba097cce7a42dc8da5195160fb0a6884fb35b03a7453d78d75dcd5c3daabc48999c37237ceb408dfd55369541bf15142

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe
Filesize
63KB

MD5
a59818f246f02c36b7537ddc9bddf8f9

SHA1
3b382a4499a81e1fb49f34e5a06d7b789b4efc8b

SHA256
dc57104edbcbeda8355ef2aa7f58f2647be0c3f9402e7166e0d4e85f4b02bda7

SHA512
b3c32c7fa2e308bb8e1e29e9d48d086e5c0c05949b9b241e59da2fed0d92a05bfe175d1c7fba125ca44414b2c9c0d584cb5b7d8f7b19d02866ff890afb630487

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
Filesize
64KB

MD5
03312de073d3fed6b673c3d80db9c299

SHA1
1b512bae3558024c9d8ea4989090d83f8a530eb1

SHA256
259f83ee33cfc05d0ce7f62e90c16f0c8ed47e6f5eb1e6c2f16661d5d1ad7cb4

SHA512
052f1e7cd0428402809261d54de98fecc9290db9953322a421fbdc980f04398dd3bbf4427b61129b52e17669bfbb4b88247d23044b99f3edb04c32f90b074e74

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
Filesize
48KB

MD5
9c249c880c8e9430f903557523856dea

SHA1
2a400569faccd6520c7cbb7636e839e1b374d2ce

SHA256
01b21151ee1729431addedb1066fef4a9a968b77e383728fbe0764b39632b8bc

SHA512
b408596d229451dff598d2c8664b4f951ebf0e65e91fb91eafcedc79acac5b8338c330df682b8738a95df69f596e4e1ad62ef3ef614ec59ab0fad3e7ba1a34a9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
Filesize
82KB

MD5
bf2539fb5a0df0df4e90eefb695572c4

SHA1
a4ae91fdd6e5c3e4ee825e1ec5b270eb0c77afd4

SHA256
13d23d2471ca5ee6052756ca850c5220b740ad0f4a461816a59d63e0b4b455bf

SHA512
ab76d64437aed9105e721f5205084445ebd0b0b5b6e2e4cee393db1c8b1658ccb80ff123d3ace9908da061ae5c3091001f8c429aaa2cd0a8a68ce81f09478ff8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
Filesize
95KB

MD5
d9320793ff9686de130deeaa3fcbbf21

SHA1
b3d94af0d3a90e0927d4aad442c7279e571b64ea

SHA256
889ccc4f896de3cd7a8fd959d272e92f200cfed12025d50a553d87028b8216c3

SHA512
de2b0d88eae246f54a1123124b475f8442cc10a19885715935099a6df6849b21793d7af6bb3c9d0b65d8ba093518a4aa796589501450b715693ff54ddd3f578e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
Filesize
73KB

MD5
5dd5131c4fd12c7cfccfbffea7ac6a6f

SHA1
02a2b74417346554eca41382dfd705799f7c29f8

SHA256
8604e26c58fb07bb0af48038fc062db3931e61a40d925abb6f0c2a9ae489f234

SHA512
e2b9940ddeb5ea3bdbddc4344095f235b343c4dd27c1f03edf72a6523db53c6607a941317f1d9eff89b47c9a1443fa21f52da8905f476a960e3c7c0ec4dca7c8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
Filesize
51KB

MD5
4b738211e58c478d64ad193bbde48315

SHA1
9b4645dcf03a91a202fc58821122b9d6ff7ce708

SHA256
7c9b4b9a37b648c56f45901314af2bb2e8f8c0d94bb51f30611d8f1b902bd6db

SHA512
d47b5a0d73f06ef702c7e7ec84ca6e67421d3d8ce2a5ca4801fd5ed34182d544f564f964a8dc6c9aeadc439d1713481348920013912d2147ae4a6531fc7477c1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
Filesize
92KB

MD5
e39d360624cdb70bd8f51939e9bde83e

SHA1
6903126aff2644f34b98bb1e1d86f835dc07874c

SHA256
814e8b4376c31c6e0c732a839d8dafe2cc3d8c1bff943730f5fd55d5f7db28ed

SHA512
f18c9de232a5dc5b99bdc9541b3b0fd47fc4c4048d1c91dd00e5922403975f69dd10ef38f25a9a0879f51bc29946f18593a5563d2a2a835b90aa475cab7eab26

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
Filesize
95KB

MD5
9470f1e1ed388eaf8517bd12194a0727

SHA1
941274dc449393d14f5919689236a1709c80e8b0

SHA256
098860ad52859f0231e112bd66fe10895e36262b0cb15a37502620308c828c41

SHA512
ab12816d3599ac8131e4e5e24441499bae876ae03571345d295ed2d964b0c7f7a647995f228fe5855fe1ce5bd5c6838bcd01b14ad2795bbe4138ee6530a49d10

Download Submit
C:\Program Files\dotnet\dotnet.exe
Filesize
92KB

MD5
c6f77fc0d69c9fcfcba3b9c770503521

SHA1
42d6438a07a3b52ae04fd1d89c30bf8c5de030b2

SHA256
6985348d7ac9dfbb5a3c37c770baf0ebeefabca679b708aab97dc0a00085c9e1

SHA512
d55fc1a3b73e0dc40b5725ba172e2665de79453b1f8c784957a8050798c9fbc48916db18e3508251f1d2320fdff0ae2a4430dfba52406e0fdb49139a6c2bf026

Download Submit
C:\Windows\SysWOW64\perfhost.exe
Filesize
105KB

MD5
29968802aa8879eb05baadbc572b1bd2

SHA1
61f3c314ec8e741c4ce00005dee821100c55dfa5

SHA256
9ad3cd7e45d09d08869e3fa6db15bc932ab715cb78171ec8e8f7f63bb5dbf677

SHA512
a75e52c3499e151671c692bef76e1d791804c2a5f45460a1de3ab041e76a4ac6836315e8835c5bfe4a0f35e0482338af697a4ab244bd7869e1b58bb1449cb231

Download Submit
C:\Windows\System32\AgentService.exe
Filesize
87KB

MD5
a119838e0764d9676e4d44240e5d69e4

SHA1
9d630b63506c32cdb02f97e25fb72d194cf67f00

SHA256
f2e34fc12d80e18fd6d78d3dee9eb6f5a29caff1933ff26efbdcfb21f7e360aa

SHA512
8d222cf3210e5032590e3457f24ef701af36d25244aa78c249db2b3f14132d3cfde55baa2dc5e1d3c6fcebf71c9c7103e75894533efe58ee873a56f974e2ea92

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
Filesize
274KB

MD5
c78ad1f339118e986a0484be2c401d43

SHA1
87d982d027a214af60e43d67a135002874bd1b2a

SHA256
77d48c7ad97917dafaa295027da9a12d488294795bf4f500adab4fa8fca9b59a

SHA512
82b457274a844ee7724d46b7791daeda13e011cf88617959dfd6844786a4b83a1e1eb03d237cf60b552138347b162c9588291c975581c8003c9f3c0930bdfcc7

Download Submit
C:\Windows\System32\FXSSVC.exe
Filesize
1.2MB

MD5
6cbe24fb9c836ef491d0219396e78716

SHA1
c5e697a84966fce1b11175e06e5314f33c6d51d0

SHA256
64c9fbf5a884a4b91ae7e47c40b5606d40865e53c8bf63271fd2cf6ef116e4a8

SHA512
9a6bc4427f576f17d6ab930a54d1154562adaf415875629e6e3da84b2348597eb982ef4b66daf8068da58fc467a3b83e55e62cac1c4c0c54885d596613d28512

Download Submit
C:\Windows\System32\Locator.exe
Filesize
127KB

MD5
b8f330a0b6d9b31f8091cc46d8bcbee0

SHA1
4cc412d3924440bdbcbdfea0d4c02a3c3f3dd8e6

SHA256
258c9204bd693672482eaeb022175afe8a45fbde780262546d662ff2a16f10dc

SHA512
6ac8d23d8981127fb3b8fbae2c6abefe2f089b04169608fea859d09f4a4e3757bc04cd36cb358694cd8aac9095b37a76a972a92cc9872c64bee22fb593bcaf20

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe
Filesize
39KB

MD5
181660328fef43fb4335fee3138fbe0b

SHA1
07385614dc19fbdaee141cb90317a6ad1a72c0ad

SHA256
5c29098eaace885530edec241fa20030da0edd5d3b1152e622556a72c1e016c4

SHA512
ed86c6697e0b259c7b8cc0491de01070217e321e226b7f899ad142dffc5b32f8c242941aea48ee5ee88c81dbcc09efa041a5ea0b0e39b2b510b496245ce05725

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe
Filesize
20KB

MD5
36cbae7f6e0f7a48e1d230503e5e3c6e

SHA1
d1d10857469573deca127ed64d661b23eae123e5

SHA256
72e453246ecbc84ac7ba3f387227038a1d15d190bc751e4593ce5f928853a500

SHA512
918a5867f07081a2dc8e83440fe3bf8e1080bc32e7c144a810b6ddec612d72cfaf0d6db9c65b0e0ffbb13a0a205bd402c45f7239f7f9746d84a0366176b908c2

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
Filesize
207KB

MD5
86c6aa28f07a5d87285ad7bca078c4aa

SHA1
c86ab65ff41c09053e0a5a77b0737f5b6e3495c7

SHA256
cac356cbf26959607c2af9625a83ccfd9250959f23ab7a23fecec8c684271c27

SHA512
04d78ced1b303cf1f88bf3a58afad197ae78afaeaa8b1521b3e7da1f133a250c43809504581b2955e34d85407ced674e83701682d8d75ae88e206fad842c3c83

Download Submit
C:\Windows\System32\SearchIndexer.exe
Filesize
41KB

MD5
7613bfe78caabaf83c7df1a2cd88d71a

SHA1
b2b4e3c607de9fb892f39b2e12e9196c4933ca89

SHA256
d5e3efb410ef172981050006b2c92071c6d2e9ba9efbd9cba0ad28777f8ac421

SHA512
562662199750ea614cffce80293ab267214997b45358391163e47f635404dfa6d2bccc2a6f998e5c7b349c01e80accf89cff8dd8f43070fa79823ed37ed16852

Download Submit
C:\Windows\System32\SensorDataService.exe
Filesize
77KB

MD5
9bd2af25698065e8a051c5246622be8d

SHA1
b8957ad5b1b99fefaa337ba241f70bf5faa91b26

SHA256
8efb5ae53315bf1a14a490fa304f44612427416dd2c0c8dd34beee1e9cb7c7c0

SHA512
5d4079068f1c941cd702760360674f500fd77d1abaa764532f638ef59b8fa6182a0be4feb88c388038eeb5f634145f18abcf3d69e71141b34dffe5f63fc6f33d

Download Submit
C:\Windows\System32\Spectrum.exe
Filesize
73KB

MD5
f232616f73d2cb4c69e4d740fdc99ba3

SHA1
36d0510c33e80a1f676d6dae0a70d5b209f67f35

SHA256
4a64533e9a0a176d7cbb06ebc2880d70725c16322121affa3c7dadde87081ab3

SHA512
76be62b6934ab4637ea70ff75246b88eb76d965a5fdd5cb99f953d493de4334928c3be72a4218ca1c92e0a424009713c7bd2fc8bf620b3a717fca008958cd455

Download Submit
C:\Windows\System32\TieringEngineService.exe
Filesize
149KB

MD5
591444f2ed4c09f74461a2815eda5b1f

SHA1
6639b0f915d451d0303e3fa094da443490689233

SHA256
8ba901453569fad814ab1fcf388d315297dfdd2e91be97fbc7cbd9ad9c006b5d

SHA512
8c15c1b1e12f76eb39850f8a9ddd039b5c07b616f67aed8c4cb38b1661af383797e886a203bc315cb5740fa8542eb27292724306657dfe79c2dea212e5240f9b

Download Submit
C:\Windows\System32\VSSVC.exe
Filesize
104KB

MD5
310c8144046c54f0852ac7528deac720

SHA1
9895e4118c579d5478990f3454395b09f47d8bb2

SHA256
00825d80edc40c050ab9e4b5e7b03c6e58827829626b20763cdcefde501ed49e

SHA512
f3f1dd627199beb307136c443d2700f2325a956666455a5b3902e89da76397c58c859b15315859a006027940392b88ca197390f8eae6085bb1393fd7fe8bcba6

Download Submit
C:\Windows\System32\alg.exe
Filesize
619KB

MD5
a090bedee50390b06bf3abdf1e0b6830

SHA1
b05ac735cf291fe393cc279d16f5c17a19771d3d

SHA256
a83eef267af5624ce8f878e604a400639a4c3fb0073a3fa93d919171cdbc3226

SHA512
4ce58b07677860cd511b7e9fd6b267cc0d137bce68cb9cff6c42581e87f80576b09aa8bdf36b62923f1c0c099745da5ba88a083092db8f3358f0ffbbca8239b8

Download Submit
C:\Windows\System32\msdtc.exe
Filesize
572KB

MD5
08073f0f7a5b8272ce6775c3847a952c

SHA1
9c72e26f3c1507889141bc51a860a7446ed73852

SHA256
b3b247364c67927297c9b8fba6b5e004c4bed504259232875bb134f048206f2e

SHA512
354335d50ed06fe22402ba992e23289f276a4003e0bd4a5627a1f7a7d368e48b070e777f425014f1f294ebce7a707c358d108c243e85cf5253541bdcf3c6a598

Download Submit
C:\Windows\System32\snmptrap.exe
Filesize
63KB

MD5
da1021b9f5985a1ae9159638ad5e43f9

SHA1
56bf88b864183239000685ecaf278feee195697d

SHA256
945e5c246f1715feddafca22701a23399605c7e470551514fab5a3c82dbbc947

SHA512
ba835d65321ea42981e3a6cb23ff07174061030f2079140386101335ff4d4d71e385bfe5626415506667be729d2fb0003bb056874df8eb18e464a81723ca28a3

Download Submit
C:\Windows\System32\vds.exe
Filesize
168KB

MD5
1e54431226feafd528ed1b6eb1ea2622

SHA1
ea8d00bbaee251d4c09e951ee09ce166f2169f71

SHA256
d9d418f66a46923e2e73219c2c2f6c07a9b94d58e6f4db47dfd4c1243f8cce62

SHA512
fbcf88f74be0fd6cb4099a7027d359a549d1b018529f7d41ad98d4167179f2289eae28098442bf4218ab6ee065c44db5fb38f9d9559f6d06b9a35de853e5e0c1

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe
Filesize
132KB

MD5
aaff9b9a2675a870cf63adaf28bcad2c

SHA1
834095eed0a6f1fac7e29c494066cd65418804eb

SHA256
5b157fee1472a76dbc5fbb967b78b4232950023007b396a05f7c6a2955664f6e

SHA512
32eb0eeb4c3b64bdd4b1df634d11a051dd33c11a721e66f9bbdab561fd6d37f850a35513bbb992133b33c370624b3ff34427c875b2d06100a8911e837290409c

Download Submit
C:\Windows\System32\wbengine.exe
Filesize
38KB

MD5
a300f9e7cfaac09eba0c857a923efac3

SHA1
18be7b9410d1edd97475d3f41c932a6b4eff62bf

SHA256
25425f276620855a55d6982f02ed77b644e5ee70d18f6a407d2753706242098b

SHA512
e99102eed3f92426cd6e9f93bbeb676eb3568d676b3b30b8253f3a7a297de1e56d2666260c4ad68507759669b7fb538ffff96e12e11492c3f0a425bf27fc885f

Download Submit
C:\Windows\system32\AppVClient.exe
Filesize
918KB

MD5
bc58cefef7f291aa815feb3c0b6ffef6

SHA1
1637ea04413d434113ff25c47a9cc8960680197d

SHA256
60d6e58466ee7194efd67035343a87dcb5406fd32d154dcab8c05632b1946cfc

SHA512
312252a803f96872fb3e6b411b3e85666805d9dace99d2c285817ffc2ac423f64accae38fbc365b1933b6526ae0925b2522053ffefce5fb49a98182418ef4d45

Download Submit
C:\odt\office2016setup.exe
Filesize
143KB

MD5
a77fda2ff0dd1a370209dc85efa6cd4a

SHA1
d81a3c3a3d1209f2b2c2866b6bf94d839b94e98a

SHA256
13b72abd8f4a9e58b5a58bdce0efee993407e53521b41c4cc216078cc5263d39

SHA512
7670348dc66a591e1d1aaebe0a9bbe9544bd220f36a664c0d838902ecbea17bd40cc1364eb2dde4ccb0b086d514d06489e52a78cb6779a671470d02c040ef3ea

Download Submit
memory/536-326-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/536-449-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/624-284-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/1116-24-0x0000000140000000-0x0000000140218000-memory.dmp

Filesize
2.1MB

Download
memory/1116-19-0x0000000000180000-0x00000000001E0000-memory.dmp

Filesize
384KB

Download
memory/1116-7-0x0000000000180000-0x00000000001E0000-memory.dmp

Filesize
384KB

Download
memory/1116-1-0x0000000140000000-0x0000000140218000-memory.dmp

Filesize
2.1MB

Download
memory/1116-0-0x0000000000180000-0x00000000001E0000-memory.dmp

Filesize
384KB

Download
memory/1412-250-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1412-253-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1448-329-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/1448-451-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/1816-307-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/1816-255-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/2208-176-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/2208-27-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/2208-16-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/2208-17-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/2380-343-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2380-294-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2380-302-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/2432-51-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2432-242-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2432-44-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2432-45-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2600-292-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/2640-441-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/2640-321-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/2744-462-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2744-332-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2944-309-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/2944-318-0x0000000000450000-0x00000000004B0000-memory.dmp

Filesize
384KB

Download
memory/2944-422-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/3104-287-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3104-464-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3104-335-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3468-228-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3468-33-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/3468-34-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3468-40-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/3864-316-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/3864-259-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3864-266-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3864-260-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/3984-12-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3984-80-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/4220-66-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4220-69-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/4220-55-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4220-63-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4220-56-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/4380-273-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4380-274-0x0000000000660000-0x00000000006C7000-memory.dmp

Filesize
412KB

Download
memory/4380-328-0x0000000000660000-0x00000000006C7000-memory.dmp

Filesize
412KB

Download
memory/4380-279-0x0000000000660000-0x00000000006C7000-memory.dmp

Filesize
412KB

Download
memory/4380-324-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4428-344-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4428-490-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4476-340-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download
memory/4476-483-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download
memory/4588-504-0x0000024D21F30000-0x0000024D21F40000-memory.dmp

Filesize
64KB

Download
memory/4588-491-0x0000024D21F30000-0x0000024D21F40000-memory.dmp

Filesize
64KB

Download
memory/4588-450-0x0000024D21F30000-0x0000024D21F40000-memory.dmp

Filesize
64KB

Download
memory/4588-424-0x0000024D21F40000-0x0000024D21F50000-memory.dmp

Filesize
64KB

Download
memory/4588-500-0x0000024D21F30000-0x0000024D21F40000-memory.dmp

Filesize
64KB

Download
memory/4588-442-0x0000024D21F30000-0x0000024D21F40000-memory.dmp

Filesize
64KB

Download
memory/4588-463-0x0000024D21F30000-0x0000024D21F40000-memory.dmp

Filesize
64KB

Download
memory/4588-502-0x0000024D21F30000-0x0000024D21F40000-memory.dmp

Filesize
64KB

Download
memory/4588-423-0x0000024D21F30000-0x0000024D21F40000-memory.dmp

Filesize
64KB

Download
memory/4588-503-0x0000024D21F60000-0x0000024D21F61000-memory.dmp

Filesize
4KB

Download
memory/4588-430-0x0000024D21F60000-0x0000024D21F61000-memory.dmp

Filesize
4KB

Download
memory/4588-481-0x0000024D21F30000-0x0000024D21F40000-memory.dmp

Filesize
64KB

Download
memory/4588-429-0x0000024D21F30000-0x0000024D21F40000-memory.dmp

Filesize
64KB

Download
memory/4632-78-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/4632-243-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4632-72-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/4632-71-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4796-482-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4796-336-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download