614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
Size

1.8MB
MD5

99082dbf332838681ce39f9daf760ddc
SHA1

005846371ae83e62f42e1aadc6fd671ff0401eea
SHA256

614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b
SHA512

5c69cd0cd7b82d05818c3dc15e3f46e6565c64a839f3e65ffc5240fe018e361483548ed599ee8846345867b96e68827cd9a768b5afe5dc214ce9c1d81743b4bb
SSDEEP

49152:Xx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WApgDUYmvFur31yAipQCtXxc0H:XvbjVkjjCAzJ3U7dG1yfpVBlH

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 14 IoCs

pid	Process
528	alg.exe
3324	DiagnosticsHub.StandardCollector.Service.exe
1332	fxssvc.exe
4040	elevation_service.exe
1620	elevation_service.exe
1488	maintenanceservice.exe
2480	msdtc.exe
4652	OSE.EXE
2580	PerceptionSimulationService.exe
4928	perfhost.exe
1172	locator.exe
3228	SensorDataService.exe
3832	snmptrap.exe
3108	spectrum.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 30 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	alg.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\system32\locator.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\system32\dllhost.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\a7c3bb40a5bf65ce.bin	alg.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM65EE.tmp\goopdateres_ko.dll	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM65EE.tmp\goopdateres_pt-PT.dll	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM65EE.tmp\goopdateres_ms.dll	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM65EE.tmp\goopdateres_zh-CN.dll	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM65EE.tmp\goopdateres_zh-TW.dll	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM65EE.tmp\GoogleUpdateCore.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM65EE.tmp\goopdateres_it.dll	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM65EE.tmp\goopdateres_hi.dll	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM65EE.tmp\goopdateres_sw.dll	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM65EE.tmp\goopdateres_lt.dll	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3324	DiagnosticsHub.StandardCollector.Service.exe
3324	DiagnosticsHub.StandardCollector.Service.exe
3324	DiagnosticsHub.StandardCollector.Service.exe
3324	DiagnosticsHub.StandardCollector.Service.exe
3324	DiagnosticsHub.StandardCollector.Service.exe
3324	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
672	Process not Found
672	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4888	614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
Token: SeAuditPrivilege	1332	fxssvc.exe
Token: SeDebugPrivilege	528	alg.exe
Token: SeDebugPrivilege	528	alg.exe
Token: SeDebugPrivilege	528	alg.exe
Token: SeDebugPrivilege	3324	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe
"C:\Users\Admin\AppData\Local\Temp\614a76bd6606b2f493d54cda015ea9372b07a08708c803cff98167e0062fa86b.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4888

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:528

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3324

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2896

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1332

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4040

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1620

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1488

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2480

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4652

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2580

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4928

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1172

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3228

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3832

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
294KB

MD5
fb529565b42cb19686b67692801efb18

SHA1
4ac8c8892ad8545886faaf9895db2030919a5bf9

SHA256
6c9f025db5ebe1e1b459e2c30a212fe91582385895dc32f7fc3596c7d1e97cf0

SHA512
fa228eedc1257e38838e93d56854783b8a666e4f2ffa807f8d8f436fac58da95797e8ce4cf1e1340eab4310039a2874c92ac52158786cc06973e4cca357d79d1

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
31KB

MD5
2d967ddfdce1bba5d77fd7e85ea6ab63

SHA1
f2bb617a4412ba1bb1e3dad9184fa621fe066ed0

SHA256
836a901e5cbce6223cd1df276407f61d218a2e70778d82b98d4933905f324a70

SHA512
c3f05440bc1c74a77f4154ba8407ac41fb96ec846ac181d3448383a1f7472f6d0f41fcfeb88350ce77814836af17df95b34df57042a95d13121f3977075c192b

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
145KB

MD5
ba87d3e140063069ffbb4c0393387a4e

SHA1
6139c4a544a3a60b61d7a12d622cf11066aa4d45

SHA256
8382acc7dbc67eb25168cd3429d696d5059b8ae997588b6cbe761050e63363b7

SHA512
fcf93e56b5cfc01d01280bbc2d1172880261cf0e699b70319973255c72090d8d1d8c559a113428639a22c77bb5005195f0a5e33bf660542ab413694f485b22e0

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
256KB

MD5
febb0a53228f9ea2333adde1a8f3411e

SHA1
2c17f4a08a4ede0643c7bbfb9586cca6c9b5902a

SHA256
37294d0a91f96c1a162d2a49a708cc276f9faa3845a398c30fe897012c386b76

SHA512
334e840ed975dfce7f0021cdd57a50c92ea603440f32a2c277a3be6a6b79049c6d9a610e20b0a4709df38c1fa23ac8375d01bb81202f8f167e03345cc7a4c36a

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
224KB

MD5
5f9120ee419da48235fe9c5545860dd6

SHA1
e68e7ac6034964da86cbe69b214afdb7141edf94

SHA256
76d70498583d1a52325af7dac856fb38bc2d8cde56dd8013e7113f8187d5b7ce

SHA512
e413c6ff2c4a37a544f4451171c397ab2fff3661da927b3d8611c3f45cbe7c7968a44fda8a83ddd3202c8c5407d608a4eda4d31399444304a7183a7a798c95a6

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
278KB

MD5
2ca57626f6f910d1403c46ef4d007249

SHA1
27728ea30696cd0861e2f86bc1aaf0edd19418d5

SHA256
5068f4f7288b17798a48ed523b5df9cbdd475de8f05c9d7f10fe0662fb900613

SHA512
4b6d13d81ca5a28e65aa4bd80a2cbcc488c255aa1e040ca1876ed100c7d77ae729c90a1047bb37b427e4b043485e21c6870a4396c1b4b82c4a5a5360ca70300c

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
177KB

MD5
357ba426e92022f178510958368bd3d1

SHA1
c96b2091cdcb72dbb34624541785266c00bca627

SHA256
a4d05bc6c3bf640370d62afe81229db3f41f3093612ee25556293698d6617d8d

SHA512
be49ac9924b98a57db1c32797a935eb613367c086f877870559a92c8ea25b04b1a6e9961342b67d104ba134e8edb3a534128ebe2adc2391e689b20dd9ba46e17

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
210KB

MD5
486f6a5a27549ba05e23c818a0183fc6

SHA1
047addefe56568d10329dbdda806374956c0a2dd

SHA256
91587808f46b1ae5828703aaa124feac22049a2ca3e24dba87b96f8a97f9c4be

SHA512
21976689af5d087b5d7dbb420d99a4e7ce3c3a415a543fc97b7fd734d15e3a7f878b89454ff5474310f40b4cea23aa914c772bf4b2e8118c0864275220db8f03

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
264KB

MD5
a5b9422897a10681a12fa874d91d83df

SHA1
2e8f688338cf397d6df1f7e5107ca53bd3c637f9

SHA256
6d4a18dc21c998dc4a07c00559b9b9b6ad200d6ca5c9b1c3e1579488d9590493

SHA512
ae7a44f667602e3bdc82ecd0a9e023f684409a6d829ceb5c1e5b99a07364ebda3d7f45a3f890f0483b89126bde4c8acb89020463df2b5012b5c75feb100a38d7

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
204KB

MD5
13cb3a36dcba6c8d4a8f660950047533

SHA1
8fb265247c44fa4215456d99d794f4a300552d07

SHA256
45b2d05187661d27589f35daff639d79c7e96c93586601ba3cb36f434354946e

SHA512
b289031e7ed5094e50f5de75e1840335f16a9132be7db66aded7b9c2a8ac47682c2839ece7b885ca61c05500a5034bff80fb3fc5d9db0209710ed176c63008af

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
289KB

MD5
d824db4d3a859b80d617b8ba4b747488

SHA1
c1737b83ab012fdd5bb6f6092376a715113fc638

SHA256
360be18c373ed637a82ff1af31135240454d9e40343a34b6a0837fab4a7a1bf4

SHA512
117afc6e03047f9103fac1e8d13ef3551f78a34f936462c83724fbd69fe94e338457ac98c8822a13c4926b64deb001ab40d4e84f2f9527b30a856fed86873081

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
192KB

MD5
42258fa4de7865e67b3612dcbd8e3fe6

SHA1
9e9a6405565b59cfc9c0b0c1a50efe4666c84707

SHA256
e18970b613a8b774bc0ba3e6bf58d68af865def5b2e1fc019f44f9c3ad8836cf

SHA512
da986d0bdffa58548a5ebeaba3dfd3ba92c2d58200806a2d127b9b52af83e636a0e1a61bd6fa7d7533d3dbd027631ee80616837f0fd611a802638e606429f0fc

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
241KB

MD5
66459d25e72a050d51656e27cb11af6b

SHA1
ddc68d4cdc36045f93039e84e13ae7b1de856043

SHA256
de5dbfcb8e3c7db0a3999d6771e3c9db9024413256f7d9defe88859f70a1de30

SHA512
716c2d40262e2a42e76bdb1d06560537afc9ec3a306758417c90bc3d54a53d6054676565c6b57e03b2ffce3ba717a0189e96fa3f1c0f9e3660ecb2b3d5505640

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
163KB

MD5
ac5289bef3c50387f1fffa26ec0afad7

SHA1
ddce274442eee39811298387b0d15cf26601ef19

SHA256
92c135afafb822cf837e91fe5cecf9ac2133bd9b8418fb9fee699a972766487e

SHA512
6e17cf464f916ec68b3e8904eb8747634752a184e7c8e91b152089ee755bdbd0aa93d926364e221a5d1764dea4237fdce6e717fa42ec064b6545e66cdc4e613c

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
308KB

MD5
75b3c35262ccf1ee48a8a66931a01249

SHA1
1e55949b19de10b7a33a9b10096d08f07ef03cf7

SHA256
9dbcd7d7a4a81319ecac7345a052771bbc87deb76a9b61cb373a81ea818af9ce

SHA512
29a5f8a666c9e21d2bdc04d8cf0c06a51a0766b46f53fb8e37903139a849ee6b741d4222ce807a939315cf92b1c1fe4b0de3bc44bc51db04c0785284dbadcc3e

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
189KB

MD5
5c9680e71abdff86541f87f8c76612c3

SHA1
2520c035cd6a387e4f1b73e66a0f0c48eea1c5fd

SHA256
75fc6d9f8f3f318aed99ecc099776261184c17e0bbd3e3b9d371bce377ba56ab

SHA512
75de060ed460775ff1db246983112f456406e015c4a761eeb027fcc60cf334cb4e54a383af7a368a9d6c71f266ade8e1b6238895e9e429dd0026cdfcd65bd1c8

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
76KB

MD5
bfc55f61d0f2c476a887d110188d239f

SHA1
fcd01fecda739873d151607fafc5d6e765940375

SHA256
a316615542363eb27b9ae670dd1fbfb31b217f4f6d5b647f8a0d8b659b2627c3

SHA512
d9e1cfe9465228c5097be257235b08ea39862fd63205ea5c84793869932095f6dad1e1a44bb79ede87416a1eb18b46986a2964a9f01ed9175da3e010f7c34e35

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
143KB

MD5
685255c5983121d4c45dd545ffa21c59

SHA1
8131d3a62898c205043849714992d1171e4641f7

SHA256
28cbe8a5e4f9017ea6bb8427d6d74c07985b27fe59cdf7651be8b69f28998443

SHA512
956c447197ef5f37ace7a8fa99ac24f0846129b321670911b5a4e20974552a05999ac08ad5d1766e13c258493f215169550faf7ba399780efc221059e7fa946a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
340KB

MD5
ccd4a0c05567fc994da37b9fb81ddc81

SHA1
5cb5d7273cf0a984f8326c64ec1973f9739a296c

SHA256
ba3f6249023b695c73e91dd78ea797125f571f06a2afeb8a5953d7ae2cfbb1c8

SHA512
59a07dbe5f40140052757f04d1b865068818e9719839d95f7f9ac8d5613a168a0b02a5561f1080572643767aaeaf62887e9386462c37ed91123a4dd0b30b0e75

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
250KB

MD5
394204f5a35e83e0b78f5baf1aacfbf2

SHA1
ad1603b0adfd2f40ef480294b1192e8c6606bc7d

SHA256
3db3c1faeb6d6a7bf3bd4763c5ad46fad0cb4cd99b6497ff72cb90022f5147ac

SHA512
a41dc33d0610a1b73c5b4be68a3175af6b080f49c0a79846d58073a1a56d005c92ba1d1960365f32ef595bf9170479728d07747abd9635d7990d7a4ccbe5831d

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
209KB

MD5
331c6337dc5d6720a9a715e8967576e7

SHA1
30ca8422c5ab73e79e3e78796b80554edb0e2563

SHA256
f514a8334b5df348d95fbefc6fa28659ea51b671966f735356fba8635f3a7874

SHA512
e685b1dc91375cd88c388e40e9f84a977cb2383b28b08ad5c557e6c1596b71bf5382cbfb3d2e857813f9332b4bde6a558c9d4f4d97ba7528e3de35a0bab60901

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
152KB

MD5
edb0cb85c6bd15725577869bfe954538

SHA1
dd1aeaa7402ed2c1533cf61ac54d2bda5b36b3aa

SHA256
b1f9a72e53ab2e4d538b63ffd85abbc2f2bf9d9f7519edcd669a653287ca90f4

SHA512
98a9c7cb9b47154a51f4bc88eb65d784494ea9f42c6f926f367b7176caa4a3d4cc5ebc6b94491ee2189bd2cecb03b2e04ccf61afc4afabbcdd8b002041e71b00

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
180KB

MD5
28d3678392b49f518ab2a1a41d03f821

SHA1
b98b007a769a0c3f362e888a0978aeade1ebfa57

SHA256
4c774c28347586d60415d7724670dbcad1a180b6927da6f47671e4c6de4d2b21

SHA512
b22ce43eb5e3aba8b23c4c7970511aa0aba9b2fe1b4f4cd6a5827f9d755b48bfdb8a133015f2b5918c59e6de5d918a59226a4ce97701d00dd5fedbe695a80262

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
165KB

MD5
f9a7f5bb3c2131c32dd6f87c68a55c83

SHA1
820c5e16ec19d74da2d3a119ce1ad6125ae29025

SHA256
70e6eb04b7388f727042ad45b4e3ef7d65ff8d0b1a646f11a2d24057691bc31f

SHA512
4431ce8e53528647aa45d86e5d1de5a92e026571f8e545b4df93dcbf388e2ae241421386f7f41533c6d7b18b3fd71f79c8b4305eddd23b8333c448bf71acd797

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
214KB

MD5
9ddf3c6956a7a492c5fcab65cd2702d7

SHA1
a41c6d7af86b05597dc52313fb7c89e05f75ae5e

SHA256
f9fbe51e0ed9b5e03b7484747c9db58282898ab3f9ecc3010ff70b888d670695

SHA512
784e0c7edcedbf18b52ed035a033d1f4c9ced5bfbbf67ef075bd1c61c36fbe1323a877b7b7f49df741cc3803d3d5dae4c8309e8741fc3dc25900776efbd477bd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
147KB

MD5
8cad78519aaa64a99d9ab5df319d4c4f

SHA1
b1f9b4225d83dd8b5213ced8d1fcf9d2c9278677

SHA256
7ea1095d94fa52d5e93fe7607e16382a8cd18c965f7f970a6e7e3bb02d52887f

SHA512
29a36c57e2bf2aa53a625dc2c3ce8ba2ab443848f0d49d6401677809fd9d9659470e9be6e6e6278798f305e0a02952fb2903b35b0b083733ef4cdc7ccb37d85b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
177KB

MD5
17a24f1f3bf202b076f50a8371970d55

SHA1
ecadbe58b20338a9daa16a8c99cc0e476e5306a6

SHA256
353811975b56c90d616e7d8c8296c39ffbd70c9de6a61dcee8530f5c2a9a3aab

SHA512
9382ee38f98eb2edbb4b52a4594e3d04eef4ab4f44c609cd0083a374c5f871f0d7f49744084f605cfdffa6c2e161bde84164a73defd62f0af1d045ec245c0b74

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
212KB

MD5
bf695978c3378226084eb30cefdde88e

SHA1
156f43607a565c0ad8d7c6f4eec2836396537200

SHA256
7e9f5eff1a889ccccd4c69e3d1ff59d414e01a4741b88451ebb3c73ec05e5d88

SHA512
c8cf6ab1296528d805ce585548c891846247b686ab1d8499b6beffbc5c1f6fdcd9a3381dc6be216ac4223f4dd4fef1ab9128191daaf2b8217845f0f1532e6278

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
69KB

MD5
d6d8051a44c844d271a101b2e0c3d083

SHA1
91c450bea4b195d82e108c0c3572d55995449d09

SHA256
fc25cf7a036450feebe9f9873d86f8d31bfd37bdbdbc524b5a824925ab2908fb

SHA512
374e61572ae518b40603210dca82633308bc36e3b1e602b96e0959341280542b31fcd6869fa0601817f0b11adb8940695a04f91f00059a00dad81f37e9ac5ebf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
144KB

MD5
54b14ab001e0e0d27f2151114a1e3ab9

SHA1
8f56b7226e4fed2a7a7c419fd634b398665bec90

SHA256
2f19d8b302ab7fd0806f7633e552b2cae0bae69f1e6c77eb22eb6b043966933e

SHA512
8d14590279cf2346a3e806328c4c117f9a8df9ff9c1e5739f03ad091782a6d9983e69beaac15563748e923d6db01c815938f1613ba8d6de4b348df01a4d80883

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
76KB

MD5
ed81b07465ad6cf208e43f9cc7a8d146

SHA1
7bc50b165763f294970eda02a7866aa7ef8524fd

SHA256
35a4d95f74d639567d89a3e0834898b3ce105bb023ad90dac7dafe8c32940b16

SHA512
9d8f38362175700870318e86a79cae5c20731cbe12d26bff996b823605cac7a6acd6898115bf92386728323da46bf74dbba2f0cbd7551a3ed78d5bc3a12bafdd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
125KB

MD5
728a97ea81febc8833988702bcf99365

SHA1
1ec5d06be74fbc293ccc9723c5078183f76e5530

SHA256
417578961be536dc4e862358c3733c14251ac002c086c545b4fa06fd838e0c0a

SHA512
644111857d15c182f21f78720b59bcc30444fed49fcaf5d95c4edb5fe5ccd3278bd9e9dbea528901884a3644e713d17f1df1fbd6059982e44f51872e890206d8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
174KB

MD5
fd005d4afc4d67ebd5307764c0909f88

SHA1
d7ff0eff1a4ee4b58bcd6eb4e8cdcc50c880f62a

SHA256
7bd434fe5d74cb01dbdcac754a872f18360af726c5d4f402bfd29cc3140c351c

SHA512
aa3e64427805ebf03d4720daa868b0ad2ecb9390536fc494d5fa95194e1bfbdab768e39a8ad029f0b57b468b4d682758566a5fa6bfc142b489aa9d87e4273c15

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
134KB

MD5
722dc5c9775900ffd3dbd8e084949b9d

SHA1
8a0cb70e88d3aed2364e45c880095ad507035f17

SHA256
6ee3bfb5b879df72e1ff9ebedf5f9b44265b3b0110387637145f8a4198b86fd0

SHA512
af62768ce4bdba58c5a0279938defd23a06669920c7608e253759d2c57e4082af608dd7f82b63e89b29d4f6a70a0574646341e12c362fa9018ab2438952c1618

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
202KB

MD5
5d54fb1a82c63b18a6563c94165a9f24

SHA1
f95fafd07e39acf55fbb17c5991e7db57d4154a8

SHA256
75deaa52e07e76032c9b058ee65082f74bbf47e39b4fd942cb506c3cc8cfd837

SHA512
495144fc01cb24019df4e1f75b36b7af593bd2a1ff893646bd5043da7af72caa6ebb366f0c74496485cdc122d3b73ed2498a3d017edfccdd88bbdee2d7abdeeb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
339KB

MD5
49b98d82ca299c9fd8ad0589c03cb31f

SHA1
30db2ed59c53aa4a197bbc9946dcf7a0db7c24df

SHA256
0be9e60af236db1f360326b394236bac3a8c20074fdb504bb8e499e6b8524b3f

SHA512
bef0d1bc769c5ae5ccf7dfb4f61facf0ad0adbcda6776520804340dfb7040784e8125039b6ac07b70dd7790e8b25ec4f67d81dd04fe093f056c634a9fafaef05

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
108KB

MD5
f56aafe9374b899105198af8e1efc497

SHA1
a91d01fa055e13b8ef669693e05d67be68adce92

SHA256
dfe364c9ed4c96b990126d1a4ed1dfa000fe14319ba162d64763a734a326eb9d

SHA512
754950a2c1fb4e29a6d51473288ebb6b8366d58bfce670bc353d66f6c0497baf26c3b66186d0a269ef0356aaadb2bf90168d4584839bc987b826202cf7680c46

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
266KB

MD5
0d356d6be58acee8ae4cd905123900bf

SHA1
b0909b74b88a4147cbedd09a10f3b9813b8cf89e

SHA256
c48a5faffc8e0e0c0b3500d6b9e8fff1c124fee237d4d015840c3c6dbc82bdb8

SHA512
6537027e253775775f7a99e13ae836e089079053d5b08e5147dd70ba9a40ed5f901bf696eb7bad3c454f43bff08cdb94019c9ce7a949842893c9aa669e14f48a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
256KB

MD5
fcc386697ace8eec89bebae4188389f1

SHA1
f7251b195bf27edb1c31f555f1ba89e954f50b5c

SHA256
b295b490f93266e18b6cd20ab8308b89169faa0dc5ac8cea14d9d703f77590af

SHA512
cf02951f151a96dfd1e7c11f476179640af79ca1b8aa8508b3bcf8697de4104b63d89fb51c23ac104bdf96b3a39f86cb2579263598e4e6cba48ff4b62d63af15

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
274KB

MD5
88b153e879524a77290c671c451444cf

SHA1
7209e344ecc907d43a91ee33ebb9f4e0d854676c

SHA256
523bd3231744a327238dc715095dd760886547a0dab68802df872abc4afe0180

SHA512
60ae77484c2c6aa030aaa254fabab3017dd914a9124043db1cb640036c33399a41174fa0e54d3ee6d85929c7cc9678aadd288bdfbd99fad1ad9e00572f12805f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
306KB

MD5
c90900c5e48fa48b7a163c20f598a95c

SHA1
b217e556a8f8f04377dea2d2dc8f0f95b8109579

SHA256
415a343a04687a3b72982a26f6524a1b867bd99d4037544906b5d655223ad4e1

SHA512
a9b7fc95b2d10ba07ea1d85d7772ddf00f5b292600b890373348b96b0ca38d013b8ababee3f169590a5e7b227afb37c29b6e2b2eaa8f0132c4df80b224557d01

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
176KB

MD5
075bcc1ae9c1e299ceb63f802e9cb25b

SHA1
9de2e11db3263dcd441c8fcb1b23480efcb6c039

SHA256
abfeaca803b825dda30a4afc5b502057e6670d02efa21d603aaeb0028995e899

SHA512
009dbc2c0fb4255e55a25cb79e7dc118400262df7e053e246948f00a17b3835639f556cefb8ace20e37c01ed842f85e727fa949086afa05f30ec246d0123a68d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
177KB

MD5
98530a7f0d6d52c066a6765f7dea787f

SHA1
265e3371012b3a4161b18ba509cd8d99e2e86c8a

SHA256
e3476fccb803a65fd78214bc89bac585d634913b53425b59c674add24d1b5028

SHA512
1c541fdb1692a9e8a24e26e41025515088404819af8eb7a4357e98e68c2392e035c2fd512d5e67ee73fe29d96ff5e72db1b9e6428df3ad0781d9f27c82810891

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
205KB

MD5
04fdba0de7475f0a45fa933900be45e2

SHA1
fecb728b773d3cc6292f80444c9b6c0737c638ef

SHA256
36d7956da63f5918ac24e46ad2ec43e231004413733f0e77696845e0e1a82268

SHA512
a979cb2b3a4143afe1a9a93e38a616c047cff158b5e90d0ad8f08a8be45b269dab3b880b467abec929a71b31baaf9029064b6a7ca342eeef64938f4c95cd0461

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
121KB

MD5
be583f828928b0982ca223ec22858360

SHA1
46fcea9214e60c38fae8ec64ef1a7414d809989e

SHA256
b13f9fb12d0cbe8d4a05dc5ed5a7cbc14f9f4fe22690bb3e9501182c0f8274f3

SHA512
c6fe71258634e793910d5bb730ab20fcab782e1b7ea0394e28f290abdf57ae24a4d3081afe92e916fe033dc9faaaa96b25b8d7704e41286d993b086b01314657

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
158KB

MD5
b7466ee1ccf352aa44695d14dacbad77

SHA1
1bab6a1b5a0335229fa71deb00e824c8d20306a4

SHA256
e6c802247788727fac84a9411c2f7bbcd1ab0707cd475d9486f604929ccc16b0

SHA512
c3645769fb5a96dba5257d5c19481345f559edbc7edc79da8a8f57944a8fca942d8f5406ea5598d80216c979cec0ea12335fad5c0af621d512e6955dcd0ab837

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
286KB

MD5
9b6450470b64b926b6302aa867ee71e1

SHA1
36b46e9c9a5868dd11a4bdad004b3cc1a39ab49b

SHA256
d4002c1846ba873cd2c9363935f97e9834fd5f03d7a0164cb90a4f0c47573354

SHA512
7e3a5ed766bcbf496d22e9621ca0c9fa6c4352492981491a8a8b53ec011202e0be574594d076864c32a06071696b5826e3cb183992405e3131b7e41df146d33e

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
96KB

MD5
10fe8390d1a4436318d8e58d458f4d2a

SHA1
37eb002e34181dddc0eaa5bb9a2582cbb379a294

SHA256
bb7fa0d70cff35f58e48f2bb0e98549bf11052ae3bdfd8fdbcade63c83a67289

SHA512
d2dcb7cdc5e28a73d938b6c25c7c6b4b2138aae3c7d094ee9fde5ef189fe706b0724edd480b2a60e3ac6b572f2b236fd6eddd9f541570e5495225a97285b608b

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
836KB

MD5
1e632cbe60da3a45243864a9e0ac0595

SHA1
d691dacc2bc07de23b5ea5f83f2c41fafa771448

SHA256
bd908fc9525647fb2b74aa5b8268ad34ae3e93916289cdc4ec7de728373f9b7c

SHA512
37170acf7f4dd5744339699c0069bb7ba6f20e0275e66d7f763794ebaf7c690b731c1dea57ed4987151cc93525a98a1a5a67437137009b17dd503a7d36b2e62e

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
433KB

MD5
e7eb9c17151f28c04e50111547baef1b

SHA1
10b606425ce03438a4cf3e0b17b33b1ffaabe861

SHA256
c8ba4d42e6713c2cb4224fe02ae5f49e76e94514abc887ac1ff5956f4fcaf5a9

SHA512
673b2c5c3fac31043eb4bfa1849ec11471e9327dc9069f4bc1646439edfafe5025210d32ec87c3ed0a578031a19fc5ed0a82d49514088c61abd27a9715ce6961

Download Submit
C:\Windows\System32\Locator.exe

Filesize
138KB

MD5
1665065547dd80b5f15003c4c7b78877

SHA1
e1ec8eb6247b1ccc92a678a8fb7292f6d47dbc6a

SHA256
d5ce6297871222dd586b237cf2cc4e315576fb644d859c2b2671337635e28b54

SHA512
e617b71afe141d8d7401d7255f58d7c1b5709908425e1eb6bc8adce35324e874fe17975704ec50bdc19facd38d0713e0ae15b2aa1e5c685bbe3f4c14b8740b06

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
82KB

MD5
aedc3a81a498670dc5fb60e26b0fb412

SHA1
6e04fcb14841885479fbd01896ad3ed1b5004593

SHA256
d47e2221ad7606d0eb3991efe0ef6d0f1a6c98c43d96ab23c176c3b1045ecaf6

SHA512
4856bd6eb16e1e0031b5518590abb9d81a8971bb4b90482c70c2a8af3ad0fa2ceada14347368d259a878a61f1e7bb5e5c656ece427a2562e58fc726961921aef

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
93KB

MD5
81b28e12e5b58700e2ee674323a6f546

SHA1
b9919457e02b480f4808d4c37f84410c55439405

SHA256
629954dbcf735778d83e74126b4ee0fbe26afed13a45deb663d47388e64343cb

SHA512
d6aaacf46d91405a089c1e936406d587ac1c77e36a9cfc54e346a2407d1a11e7429c4e2c85e7dfa6d8d3dc303ab037378ceab4333db08c70dabde28284c23e83

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
74KB

MD5
3d3852a702dbb0fdc7b9f102eec5c656

SHA1
28b9798e065624cf603ecadba3f1e4ed7f26f4f6

SHA256
19006707dcc9138d4efa042ffe724e5fc67adb3745b3a0d0e10fbedfa8bbf97d

SHA512
0b1c99f6e88191cf799497cbfc217dcf30841251084d900cff57bd1f4dc0b55ad230dd09a99c98268de3a813ea1a3db236088e07021cc28b6f57c7696c9cdb2c

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
271KB

MD5
5fc1a9fc353b22b2b73daaed660b3ee6

SHA1
b29d9fba9b044c6dda03b99faf72c2310384e6ab

SHA256
0ff838642a2e69dc9258ac3f0b789d21cc805e0cad289b6e7baf87d947560cf6

SHA512
2e3050304419288cc93a8c17f28e212734d052a9db7bd4de3111c3c559bfadfe2f9642ebd7ce6aab9416d4f15c8ebeeb43cfdf3c070a7f5f470d7838dc2acaa7

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
22KB

MD5
914bbd5a355c4d347f44325f72304da5

SHA1
8fb4146e00bf80a94a86c42f141a3fc94a020c7b

SHA256
d6c1f23a65f6671f2caf5cdaa3fd3f9e7e816f3524d18e904b60267865c5c062

SHA512
eeeb14c75a428d927fb5366987eaa093d8fbdb48b378379a49ef4c761b4a7177e2c4c3b40f44aa31dab97b46a271dd70719d06bf7167955ec5c7701d758359ca

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.2MB

MD5
51a27a3f98693450911e9a28c869a2c4

SHA1
23e8dfdbbd9e175e1677f430bb25ba10acba106e

SHA256
f5e757715a620babf43f8f0c4ab0eba0a0c32541100942c470509fa21f8f92de

SHA512
24a304e468ea80591d47f287b15adb452a7bf0dc1b9a071351f21e60883248440fafed2acf6c36e2a60ed297e3410a96d37dbc85e5931256b75abc3a798387f9

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
85KB

MD5
43b3cea1dd19cae6d6fefbb0b1acd1ce

SHA1
c669abf62e1a72acf581eae16258196011e67d51

SHA256
971861390ad4a23b12e62382700a5b14dadca4de39bc0e9157fe7813e4dad52d

SHA512
30459188d406a7931ed34fb752a83ff007ba8725b8a2c08217c59426f69571a224b24e9fbd97dceb7a11f1d1aa3908af8b563378870028ec68a7aab476962c5b

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
54KB

MD5
a652be74d584198e0715125a7282ce51

SHA1
ef7b44a816901a11b2b75a1094cd0c848d215f5c

SHA256
2aeb6c50d75fa832fb4af42d0eaaacb0df71ece72fa57e9ad1393c608d834590

SHA512
ad2899d13b964be02a289eb91eb6c4cf0d946938d4342252ca61b50692c4f0285da142cab54b5d07aea128197f84dd0f3814f339bef0003c2608fa258019a11a

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
153KB

MD5
6da93fd4942738fba626db7bd999aae5

SHA1
a7d4a157913304c556968e93b0fd74d92696f9da

SHA256
2b3b0443e36c80932aae9697831221f136e54f7f9d5c8d5df3f8852c4a75bf80

SHA512
7482e63cbce745364531bb81eb28469fb63f951810f4061aa69458b4b6b25be698c09fecc5b634b7728ca0d6d3eca7cb15a85f8edb0e673be91cc57619cd8620

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
191KB

MD5
2410d93a71c8a5de5abbb20f4eb0b378

SHA1
635c1cea242414d20ea097288154db019b0c9fa3

SHA256
5ab5bd3bb9fd98eb5edfb6ba54361b6f229386c367f1d86c87166ee48c252e87

SHA512
073e7855d325118d3f7f00ac7399a8f0f180f1d9cd63f4e3265c835cbd8c9069454b8f6129f1d4a7d72bf203d9cedc84f7bf7ab59ce4bc8cbb99e801b2d46daf

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
68KB

MD5
b0e3a63545ccfe46bae0e7d39e89d6d7

SHA1
0338d2e5633833dc0e1c1bb6aecfa197b850d659

SHA256
a91596c264b952da20db8b327976e4310defbe27cc42b69adda667c36c28d7f4

SHA512
9eb9c3462ec3f89f9ebd70744fd7795b2bedac104da9770e4409c14e6b4c3e60152d4901257049f753793b4fff566db6f2fbfefb86b86fea30db49a3e8ea4aaa

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
64KB

MD5
c6a2333196f4829a7498686ef7bb5ce1

SHA1
7b1b47a59a686c915cc98bcdb71755d84945921a

SHA256
ec818710f84153c09cf66986d207706d83c8a268c4af007efe398be61d00f4b9

SHA512
0b480cbbc0dbec8d74191518fa69653126c2ed7fdd80cb2dc727e4e4a2bcfdb287f18dd638bfacfda55ffca3e9b9af5a2edc5090cb235fd980c7ea82960c3226

Download Submit
C:\odt\office2016setup.exe

Filesize
265KB

MD5
2786cc305ae47a2478f9e0b2673dedf2

SHA1
452b062d8b9a5a00f0fc69e7417044f8010dba3e

SHA256
ffd688ab28aaac2f56ea0a106ecdfb09d6aac6b0550ed30136c4b79db8ba58ff

SHA512
9f29b02db3f77be48737058d0fd2bfa48bb1e87f05e7bf50578f8b4f3c36183c3a0e01884ce014a3fecf210d2597ba71b31880d0a9721e0612b773beadf40637

Download Submit
memory/528-11-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/528-87-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/528-12-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/528-144-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/1172-223-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/1172-215-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/1172-502-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/1332-112-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/1332-119-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1332-106-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/1332-105-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1332-114-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/1488-151-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/1488-158-0x0000000140000000-0x00000001401AA000-memory.dmp

Filesize
1.7MB

Download
memory/1488-143-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/1488-147-0x0000000140000000-0x00000001401AA000-memory.dmp

Filesize
1.7MB

Download
memory/1488-154-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/1620-139-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1620-136-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1620-202-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1620-131-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2480-226-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2480-161-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2480-162-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/2480-170-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/2580-191-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/2580-254-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/2580-197-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/2580-264-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/3108-512-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3108-256-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3108-265-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/3228-235-0x00000000005E0000-0x0000000000640000-memory.dmp

Filesize
384KB

Download
memory/3228-228-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3228-508-0x00000000005E0000-0x0000000000640000-memory.dmp

Filesize
384KB

Download
memory/3228-507-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3324-101-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/3324-94-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/3324-160-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/3324-93-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/3324-100-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/3832-251-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/3832-243-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/3832-509-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/4040-189-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4040-127-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/4040-118-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/4040-121-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4652-241-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/4652-185-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/4652-178-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/4652-249-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/4888-132-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/4888-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/4888-344-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/4888-6-0x0000000000770000-0x00000000007D7000-memory.dmp

Filesize
412KB

Download
memory/4888-1-0x0000000000770000-0x00000000007D7000-memory.dmp

Filesize
412KB

Download
memory/4928-211-0x0000000000600000-0x0000000000667000-memory.dmp

Filesize
412KB

Download
memory/4928-204-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/4928-442-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download