1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
Size

1.8MB
MD5

98634542919726b66b1e305224ce58bc
SHA1

0483a6ec826efffff036c1cbdc57cc9bafc49173
SHA256

1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc
SHA512

7cb17ddbe7469e8ef17680fd4c76e7e10957286eed0c6b78a2ecbfdf1701b59eab2f5e1699970534d7223d50c1f5abd52019ba3c6a57bdd7b44b486ac636fc28
SSDEEP

49152:oKJ0WR7AFPyyiSruXKpk3WFDL9zxnSZEjhMjSax84:oKlBAFPydSS6W6X9lnaQWdO

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 21 IoCs

Processes:

alg.exeDiagnosticsHub.StandardCollector.Service.exefxssvc.exeelevation_service.exeelevation_service.exemaintenanceservice.exemsdtc.exeOSE.EXEPerceptionSimulationService.exeperfhost.exelocator.exeSensorDataService.exesnmptrap.exespectrum.exessh-agent.exeTieringEngineService.exeAgentService.exevds.exevssvc.exewbengine.exeWmiApSrv.exe

pid	process
4084	alg.exe
5016	DiagnosticsHub.StandardCollector.Service.exe
2928	fxssvc.exe
5288	elevation_service.exe
3192	elevation_service.exe
3656	maintenanceservice.exe
4884	msdtc.exe
3264	OSE.EXE
1724	PerceptionSimulationService.exe
4348	perfhost.exe
5404	locator.exe
2232	SensorDataService.exe
2764	snmptrap.exe
1688	spectrum.exe
5344	ssh-agent.exe
4420	TieringEngineService.exe
2052	AgentService.exe
5112	vds.exe
3076	vssvc.exe
5180	wbengine.exe
5184	WmiApSrv.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 36 IoCs

Processes:

1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exealg.exeDiagnosticsHub.StandardCollector.Service.exemsdtc.exe

description	ioc	process
File opened for modification	C:\Windows\System32\msdtc.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\wbengine.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\locator.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\spectrum.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\AgentService.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\System32\vds.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\33c05d0b1f063bd9.bin	alg.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\dllhost.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\vssvc.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe

Drops file in Program Files directory 64 IoCs

Processes:

alg.exeDiagnosticsHub.StandardCollector.Service.exe1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_cs.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_kn.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_pt-BR.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_hi.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_ur.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_zh-CN.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_ar.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_et.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_id.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\GoogleUpdateBroker.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_ro.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_vi.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\psmachine_64.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4BDE.tmp\goopdateres_nl.dll	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

Processes:

alg.exeDiagnosticsHub.StandardCollector.Service.exe1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exemsdtc.exe

description	ioc	process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

spectrum.exeSensorDataService.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TieringEngineService.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

Processes:

fxssvc.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

DiagnosticsHub.StandardCollector.Service.exe

pid	process
5016	DiagnosticsHub.StandardCollector.Service.exe
5016	DiagnosticsHub.StandardCollector.Service.exe
5016	DiagnosticsHub.StandardCollector.Service.exe
5016	DiagnosticsHub.StandardCollector.Service.exe
5016	DiagnosticsHub.StandardCollector.Service.exe
5016	DiagnosticsHub.StandardCollector.Service.exe
5016	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

656
656

pid	process
656
656

Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes:

1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exefxssvc.exeTieringEngineService.exeAgentService.exevssvc.exewbengine.exealg.exeDiagnosticsHub.StandardCollector.Service.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	3148	1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
Token: SeAuditPrivilege	2928	fxssvc.exe
Token: SeRestorePrivilege	4420	TieringEngineService.exe
Token: SeManageVolumePrivilege	4420	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	2052	AgentService.exe
Token: SeBackupPrivilege	3076	vssvc.exe
Token: SeRestorePrivilege	3076	vssvc.exe
Token: SeAuditPrivilege	3076	vssvc.exe
Token: SeBackupPrivilege	5180	wbengine.exe
Token: SeRestorePrivilege	5180	wbengine.exe
Token: SeSecurityPrivilege	5180	wbengine.exe
Token: SeDebugPrivilege	4084	alg.exe
Token: SeDebugPrivilege	4084	alg.exe
Token: SeDebugPrivilege	4084	alg.exe
Token: SeDebugPrivilege	5016	DiagnosticsHub.StandardCollector.Service.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe
"C:\Users\Admin\AppData\Local\Temp\1fd353b5a5a6cc0fec53e0c33b8b18cd2fad3ab141a1cabe819f6ab0f53b22cc.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3148

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4084

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5016

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:5012

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2928

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:5288

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3192

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3656

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4884

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3264

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1724

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4348

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:5404

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2232

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2764

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:3652

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:5344

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4420

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2052

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:5112

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3076

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5180

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:5184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
704KB

MD5
b3fe3c9314bd4afc4be237210b503c89

SHA1
d828e2ea6fa23eaf8588bf04440b94674764afc4

SHA256
5697390ec5fdd1379a4688740198205a29429da9a03987563a6c2f9f196222fa

SHA512
415bae88f0b695b7d75beb58c3c02ee0f2187b1c1d3a9bbd768ce662504f233fc0a70582a6f1b304fe51c74982af7421d0aa46ee6a8c154eb7b06f96574cfa13

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
530e96644af0cc76677cbe10506aa4eb

SHA1
735f4a5c6eb75fdc74bb7525a23dfb4b763c7663

SHA256
085d85c6d1d5cf99874fb3dee84cd98ca1d657439a60c9b6cf486a05a2dd5ca8

SHA512
a10d0fb237b6180a48a257a09e15fd91e693d3c9751df6a1b9a0f6ac697863ac1f2f1e42e34bc07032b054ed10186700028d8cb11f02e27ead8922d21c128894

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
640KB

MD5
498af9070177e73e6017f7cd14d1ce60

SHA1
0658b1fabe2be3bd977a319f6ec2e4258b9ff0c2

SHA256
cf12bf9c0f2bceff5c231c668668f3186c350400060391bbcd3cc2984e7a1bde

SHA512
ded59f70bed0c8d5b0b0f07356fb1eb444e2a2edc076eacc9a612c54f6145a5f774af0dafc85ce1e687772d2a54fa8cb2441045cd3146cd2d24c3fa2f035f7de

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
9fca1db5299a7fb7d8a979ae9d59595b

SHA1
d66d74ea64b6b0b2c7a6de2ae7e6880fa85a2ac5

SHA256
efee3f0852dd61f5786ebaf46b4abfe40a4540e231898d77d04e90dea43cbff1

SHA512
bd3422d445baf64c88dde9a0ed59c4c15c30844bfca0a17da6e167a8762ce3c3a0628df1926f0e05bc763b36c6300c10269808599a1dfc6e2f046520fc7a840b

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
c96cbc6d56e07a5b2d593fdf9660cb43

SHA1
86d05b824a4bec77a664416329fadad3e122e85b

SHA256
5863713108c83adf77e7975a8025ce02b65c852d7487ad43031dc902ee7af9a7

SHA512
b1eacfff6f269626f79b9084f86291946df820c4977c2ccb5f1be103c4f967c48dc5175580be4c0bb09fa7cfe73a57da0e4d9980290ac60d5a6d07daa2cb73fb

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
494bc7cb8a143ebe185bee3e22afd8d9

SHA1
13e241d70f9a4f06805ca8b4fcd90c81cec6b5d9

SHA256
171019454228b8f5c5edfa1dccddda14f81b5cfc81b8b3ff0df9c06da9c45500

SHA512
69b044dd59195e64b92506d4fd6f3c120119749d67631c5795d55387bcf0f994b993adff1bef6afd2a4014f751d7ff90f8b333e495d62783f50ddf3935239b42

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
73e61566aa54445e0f2f91b4a90ddb10

SHA1
9c33674264be60fab33035c4b5c9d589f02d81eb

SHA256
caa8240ec8c97542c1d9f2a85557ad7c0b1c46ec71f5ef0dd9b6926f6ef47374

SHA512
7b8316ede0c5c57bc1568be8f52cc68e7df325c4755ad0376c360da7d25a3cb5e44fb20f8d2c612cb59f724f9a1441fe43ffa1a34333f740b7bd69d42dd9be6a

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
0167e0c9e56df29e64dc7f0e5cea3375

SHA1
69a4e0abad3d052f16df95c88900408f3d33280c

SHA256
4c8cb1f18edbd9c3a312eab27ab0bce94758c000a469c62b3b7da148a5d6c524

SHA512
d38cb0a31d199a8da789330da78a026a76c58190a057b84157aceffa76c15d8804e4a7f97bbca5958ac6aab098b01ccf3a4ada273404140767709f0cec6f8070

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
84a012ad7708db11d41d14c4810edeb7

SHA1
e08107a503fa13d71743b75491402b41861429f4

SHA256
67979ab549a1dfbeba1ff8552f3c3976c0806167cfc74155c947e9c21796bd8b

SHA512
6dca3d65c3d3e976f35d48938041e363937b9b2d2fd587e2b145c0a9b800136993a1f44de8f369c13b6b2e3a671060f229ecbd88de9c05ae6ccb7f4b77c09a51

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
832KB

MD5
07670b933af3887ba7a20d00e61706f1

SHA1
70cb737e6675a89902cdcbfe0a432636946dcfe0

SHA256
efbbf9d2caf493c8b18e5ec18d7cfaaac41d4bfbc2b191b929fa9d8009c9c18c

SHA512
eb2320f7aaea357c9909cd132048d38e3fd2f8ea8ec9084236e2c2198f8639bb61beae4cfcb1e0a5716b6205fa74eeca4a1e0ee7455e4dd767a55631dcfb2f41

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
960KB

MD5
901f69b5f66ec91d6202d154dc11274a

SHA1
b52faa9e47ce40dc9aa08b6490eed9972869a287

SHA256
23a1e7aefa545c4ee3806b67821e6e73d970033ae7f167ca2011c8abbcc59f98

SHA512
dbdca4598ca79728747a8cdf811163d8646cefdce7dac47be615b5c7f5b2b738ba255cdda3e8daa9dbfc98db9d4ae411481cf04deae1d00640719bdf23dad858

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
7b1079c5eafc77908490c25c4793324f

SHA1
1c393d130ec8127d6dcdb91e5185cdc6a1a0ff1d

SHA256
31afcdaf53525cffa40f4468b4c194a872fd0bce6a1350f6cd56bce8cdd7008a

SHA512
8a68e429ea7e799396f97afda2bd0c8f605647e5463d06c917a18fb8bd261789a88d0c7419f703e8d648ce9e0befdd14994bcb455642cad08fcb9660b0cc1a0a

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
8b1c989b468b1890e0aa232bc5f2e889

SHA1
b30eb7ff12fa804d89ce52290cc9c9cb16958b93

SHA256
3e698a4ab079121b11270dc43fdf7f1ee9047c74feb56e89c5bb1dc4064e875a

SHA512
6eebee4a0a22204e1f10ba05d3801ff56498a57abde8fdcf0122bae5fa84f67c39067901789a3b26b22661871598de0e00b721343aa85502d9589a92a30fe29e

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
01bf8c18eebbde2bffa6fd0d51de1c24

SHA1
c3299c54eaf230ededf5fec70a2df91cf7e44c67

SHA256
994c2458599b66f0b0c91c1acb18aa27c2033c814d08e9ba8c7a85a5df89d53f

SHA512
0ba1683db233012af1a0f70ab8af7276747897da1ac1bb6f33754194e91ac789216a0d616fed6e661b0b2bbaa9e2a36335a3bbb5cfb7261b8cc925a2fa0ec373

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
041d7d6008d6c8e619253fd4e22cbd24

SHA1
2af91613c6a59308cdadcf5ce6e1b0e88e89e4cb

SHA256
31aa7f4ffe48ba6a89ede03a6bc984c8c1b9d361065393d6c620e402cd870737

SHA512
93d2eb5079a14d0a683876d6cbee6e5f0fc9c48db62b5951585cf0289ad9816bd131db92290df57971a6a22cbee772c2789c60ce845b486fbc5680d23f12bf67

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
1.2MB

MD5
9063e7fff7e9d4d7e7aa141427999fde

SHA1
b7eaa126e50be73118541e0bfbfd1e359603160a

SHA256
e98495fecd9c1a5cb8e9900fb8b88023da98a255ec5128aff7517a9dad46833c

SHA512
df540dd9c5f6083a357906d649418a9d7957348e0df1550deb482aeeaad5c4c132beef844ccef2da8c6a168953660eba0732c968ba49afb5f6cee2af29393b6e

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
1.3MB

MD5
5d11ef74e72ccc9dc35470d353b43a3b

SHA1
41cf5cc7958e9d9f3c117295bc0e6dfc5b452a86

SHA256
2aea72d128acde9f241dc0881e7dbbe8664b752a2e3ae4bd7a5be06b7603828c

SHA512
48cbabe8d3d17e00e8f53076a101a10a9ceb48c5a1091d80cadd3a302b8bd0d72a993915a7a1d3f06caacf88917773c7c14d3293a1915b8768d0f8779e81ea3a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
1.4MB

MD5
fa1b11ba82bd4ba4f38540e8f6a3df46

SHA1
032ce786f0a7cd72906e8d9550a77396bcb17714

SHA256
ad36641703b30869bf81e73930f870e2e9a92037538561474df589489218344a

SHA512
dd77733aa9f9baf14ef9de540395a297625f6eb980398f0dc992d695e0e212b40ce96e5eb7e2bbc30af2ff21eca4744520d2c612f7f14b2945a944946214014d

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
bc9bb2a00bd47a64ae48d614d819426c

SHA1
1f57c4e2e7ed3e002a465e46cd14d6ccf59b5a4b

SHA256
5dadea74077d607196a2723844569839a0fe4544a3c3a84d6daee0958f224fe9

SHA512
a4bd8bf62b7784c4728242a4a8b04f651edbf60111cb6a58133b284df240d813631eaa825f2a34e7fe8fe4821a242a799c36375fd0505b4c380d038ad0b37c44

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.2MB

MD5
0eee03f2848cea0daa30d7bd3dd5e489

SHA1
209b77c3d5629a3d29007dfa2ec383c1ffbec71b

SHA256
6bc4f7d94dd00d17e08882c6ecbb2255b0d1d9df518e07faf45e712f1d8716e6

SHA512
88647dec99e2cbe4fe5a083f819b37db0036d72ac403c85d10f641524096adb9b9413de5a8de0853195b47a3de79c4592aedfad0ce50b3d79d6c023138e179eb

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.2MB

MD5
7ad07b74af54b324b02d57d752f73820

SHA1
bc736b84c886e244b4d734b00ba6f3901f2a7ea1

SHA256
3ec7e0faafbe5671a1fe2608ab9ebb501bc265be8cf8c4089b209902906b542a

SHA512
2b038bff6f9fb0a576c1b8c1d47abd11449d7bb712669ab926e4dfb1cacb792750fd7b36366c03e90ebb839e2cc86d71baf7ee32c249a7babd73a77abac3ddb0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
405f8d3e2024719c6b5e8b459bb5f2c5

SHA1
0667c9e38391ec67efed872951afdbf41eb944a3

SHA256
5defe4617bfef51e78c68499c17f40c4fb92815afaa00e9e68bd2e8e57aa7462

SHA512
29f03220c022385856c499f71a23fef220b43e6f10744dd99692dd3a7d25e7f4682acec1bee75349461fa0efbc4af5331091095d8e2c3e4d1e4a338a0afb5d3c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.1MB

MD5
998ea3276db154c83dc5150b0444355c

SHA1
1643e68f6e72df9ffe7e1cae642ccf3fdf16115d

SHA256
0b443829e85aa5bff5b890ec597edb32fe8b450bd5875968b6b7c53d1b780cd8

SHA512
5dc3f9cc7a52ac6984155a1e08adf0455cfef5246b3a09895699df4b254edab9f2225641f0b8e9de51011e45b8c21d47084dc4da5c0bed01e1348a1c356dd9f0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.1MB

MD5
4c023169a8164dcc8755f212beb3a8d4

SHA1
566ebd880dd411c255fd045c93a7198f3a8c9efa

SHA256
3c60804e38f0375021c81897d35d6f5652de879c41d9994fb4cb3b37924acac4

SHA512
ba559127ce385f35c3249ad424ada50208100b1b049e6380f4a0593fb75c5e4d55caac9adb83208315368b7c340e692d08785701868c6948f61186daf60c4005

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.1MB

MD5
584cca1463496f6adc4ebcf4b75b5a9f

SHA1
88f85c239af1b7566c8e41563567461034c96ead

SHA256
599c749953530aff6fc037434735163898d43750f87d4e8c13ceba9439c03c49

SHA512
4200735a088a23a753d43d50a518b429a1c5dfb9287be9e952321f7fc16d7d8df1a409cc49d0e1286248606eca3cbfb53495df00e255f7de3c3fedee3797036a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
66f80c89300c07f283cdf9d597d1a7a4

SHA1
2db7208a9a518fb8d2a31ae2ed12d9a9223aa131

SHA256
101ae63ae6baf06cdf934fb5eaed4955363dc673c2ef39dc2d6ebc316627ec14

SHA512
5757c1c6675b6cafe7b7539b95e72b71b2d0d9050be8bc76be407a7f6632f22af465b77578c9e01a904175fbcd918896a181606f3e3f87c51c6d3a044bf5369b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.1MB

MD5
730247e2265b14f30754a393b041d8e5

SHA1
a5568328952083ce9f8af1ad2a98b10ca4863bef

SHA256
50f718fe6b377ead700e170ff1e3b343445529c941aee2031427595477713836

SHA512
ac5b1b0cec8ba337738e1e29f77d832bf8dab642a7c1b5f43d9ec5a4f6802e30f51c59afa4aefb87c1354e37b241e136813c0e76aa4ba3076c70c76247282e86

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.1MB

MD5
dff332c5ab83f7214ed70bc5daf5a282

SHA1
d805a97af426e61d4b37c0dab48c85cb6cb81c58

SHA256
54022c5095275e02cc990a11dbcf4855a3a58cadaac968301c696bcd32092739

SHA512
fdf0673f416bee81fe1d05fd8f03da5592c677d8bdf0e3b2d465ed28412d0da01b75d04a2dd94728f10c25595214a53e5ca1fa63dacc7c2065ebcfab82fdc68e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1024KB

MD5
e0711a86eebc920cb6a0e6af276bcd38

SHA1
cfdaae0f83e9a9760697631101825397a8009ff5

SHA256
f1d371b7f4eb660b31f645725d84b7087958e9a679ef6bea467cc1bbf2b8a893

SHA512
18db2718690f028a8e498c62d6b287f2c1e895fbc639d8bed05da1b7278c5842f8fa1cb8b9f237e7804a99a8d3629d4f1b67d1bdb35b7318f1e59d4b0d5e77f8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1024KB

MD5
b85ae3fa1da85af477f7bb455d1350be

SHA1
6176e69101e7c3311578e9018e3130d8bf079193

SHA256
a6796798c715343b22de6c7ed91e83f1612a9d24e8fe2b4040a6e16242d4cace

SHA512
eb80785dddc9c53de1889571e23e801d76c6555e9193da6739b6c826c380e1bed8ad486035a2f0184c6b7811b880407ba5e1da1dec0920e0b1108425dad2ddd4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
896KB

MD5
e839f89b9a56fef0eb1b32002ea78826

SHA1
b2b3f88e8c96185118507eab07c40a1f8a05fd7e

SHA256
595ff9ac0dfb64abe530431fbdd409b35b490c8bf9e3446cf39748a5f718dd30

SHA512
f0f0d18efa2a3b1a696c8f2f92d86d91985b9fbbabbc3f147528153b68165c3ec00dd83b695ed0fc20c3178d8797bee5958902e0f1e985407634f48ce262d2c4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
960KB

MD5
49281a66aa8688ff3a38abcecb49379e

SHA1
fac386d7b828832a1f45c2632807bf2fff537025

SHA256
d1299059fe8aa5ffe8410126d4a963b50c02c69c2dbeff2956c60cb6e2185843

SHA512
f29870e38cd2e9c42162594768527de8099d55a08a2df5bf755ac90932d59114352e772e3d061b68e6324063da3453f0338d57d0ca8e3b83821e1433c28036e4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1024KB

MD5
031ed2862826e7d98cc0a75cc3cd217e

SHA1
dd7ad2b6c04ba2323a97f828c0d934ada6fd29a4

SHA256
266b12800847aef79c52f31c013741fc874a35260375d5cb93f116b74193bd8c

SHA512
6f6b273711cefdfbfe80544387bd0f73885dd1652b2eeacb9e253555c900c70e9e0eb177f46b7676c0e1c2951e597a4fb835bdcdc4bc6c9eeb468110f18e044b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
896KB

MD5
bce989b6d8bb8ae5317974b651af56d5

SHA1
3fab269a7c9c1462944ea9360badd4a85d7c7398

SHA256
6ca822a9a2eaace6196c6ac87c89e6a000215ad5fdeb0fa7e626b4122eaa81be

SHA512
f18a785b93b25ef1135a560bc8c63fb82622b8ed8dcbd5a17b2e5ddbec2dac82979f5ff102a3b7ee754cd8c035a3a0239bb561ef1d7b9410262615fbd8a24f11

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
960KB

MD5
6cfd5b59c3f1a1c4c2b303557560326a

SHA1
42d63b94fe864308cdf40e8951c41bd66dd6b3ee

SHA256
0fd0f5a9a38a0b7cf508e729b3cc5e85c2e563ca35fe7607898de603cedc1cba

SHA512
c82381bdd35c91166ec76c3f52b93956e0ead13d23e3b1438fa7643c911432b8d5458518bc46ed87982312155d4de59102bdd95b86dd7e599ac90abc6518992e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
960KB

MD5
771c2c968cf6948676efd5b07a516962

SHA1
b48a48e8df0d2411009af5adad616dedd28c3567

SHA256
84e374afff39813dcce5a2dfaebe108e2931dd0a312ffc80578986133e00aeea

SHA512
734036b40c975c513b89fbecc6f65ae1319f873c01413082490b53c7d7f8c5fa4efbd461f7bb7b3dae1bd22574dbd0b6d04b80a7a61c39c89125ce842405f38a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
960KB

MD5
4b5a31b6c1ff112936be06c4e692c8ea

SHA1
2e9467d2515c487d9625fd956f4a323606859e59

SHA256
024e9b5ad401a7dc479076b34daad0c0b9ea08151856bb612426506dc9d1c7bd

SHA512
18a3aa2ef31cd975798cbf3301b88624cae3c8a2e167cdeec72f03f641cd42a987a5b2cc9ef4d263ebea9d515cfb205bd800e1c022ce7c84713e592436a36e14

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
832KB

MD5
cd6648714b2f62bbc2e04bbd0c230e8c

SHA1
3264c1ccc3a67ac9a0633249b5e79b8898927901

SHA256
53d6983dcf79a870e9dbbf9ad13f64af349e947e580d8bbcfb19ffdb47f921f5

SHA512
7f09dc226cfe93d6a54e1c3151ad4ab5ae36b39156338ed7230fba4d7d8831be21e21959d9d62dbc24cf917917febc38411a17a592d11d59e30f35b887fff0d6

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
ffc5a08032374d92e4ed7822e1cd08c0

SHA1
3eca27a780a0db9f4bde3fb93c78328f5a6c6e56

SHA256
d2749eea50251eb946c70ba60553443b9215dc17f6d1514f320465ef76d77944

SHA512
321c8679c57a2a7d4b06151497168f2d478bd64e4c9cb5aaedf0e72082eec00c2b8df70314c9a8225e8b018f09f78896383b17fcd7a75dd331f012a6824a52d7

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
48bb2439fba181db4ca43d76d96edcf9

SHA1
b24d395a5c049e091e8e6982a907665418b6a821

SHA256
a68800f6f8d9b1aa049c03ce33cc2bb120c0b135530a55c5fb06ae01dd5f76ea

SHA512
1c7d6b56801236dc4321051f68fc4685ab9f1033cb5f65124df57212b4be16c80764f561addb0fe7ae6530973bccbf5913787331d8ffaf885263bdd35c225a3e

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
6121c120fa561580c190573f6cbe96a1

SHA1
2ac146773a6c13c4225e57e95a7821766fdcb9c7

SHA256
b21884d293dfe5bb9ace5176fee0c73b6f42b9dd73f16fef01c41950e417ab7b

SHA512
7f95e5612d4ea9aa1ee309dda281fc505fcdf141ccd396c817755b6c325558c5d5472197b370062f7240b0f66a853f21f5aa88ea98cbee7145ab38bd5e607a35

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
83e3d3d66697cdf5137cb9acd220a4f4

SHA1
365ebfceb60c2c621b391f1661533a48b7f48146

SHA256
e4092101e4d579c635c85c24c05f93a672fab6324e7abe288ed768d5c103af30

SHA512
b600b9146288d8b7c1f686d43660923266ebf4ce5b9644662d9ab9571eb9c9597e75a27b7ebded704bb97194847fe3c00356b8f447bbfb18bd78a7f6b28344f1

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
0068a797df3143202fa747c8c81c379a

SHA1
50f1c8231ce0a0c1e70a9394e6a3b789968b3af5

SHA256
337d951929a155bbf15d9c2ce08e9cddc36b89a8437f1f1882874f9292a95c8e

SHA512
dd49a5611d84a19f6dee8b337c78e5d141c5d155b3542008b2099bd2fb39f238c91e877ec6c196ddc7b721a679e15e5b41a04e399f6465cdbf1af78cbbdc220f

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
8822915ca32f4bef5ab95fe626019496

SHA1
e81aaa45e24bc489df1b9271dbd5f24f8a63a5cb

SHA256
1ca4d8cf3c40131cd49bba9977de2f03b22f9c39cf881b7cce029eccbdb1a526

SHA512
7c533b1f4dd41346329b398cad15ba1b411fb3a8ddae64c1f7487a7a98c8f609ea9a5b8e3c7b5568bd2b96401894573b0cc2d2d0f09941587960606102503227

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
39cfaee798d1902bbaf3d48319c65397

SHA1
127f9c50c978dbcf4ba8dd94e89e33e5b31fee0c

SHA256
d19c09fef5a0f848e981bef48118fa05f47397df3699aff9e0a980f974f48265

SHA512
dd6236c712accbb8f7c2cf0d88aea2aba367a38dcc00241aac27ee342ad4bc023a3fdb684b9759290340e3f4860607c57a5ef39501b3791050ff4aae7354e5c9

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
4bbad381700b4fa3659195691fa5c77b

SHA1
5dccaff57d3cdf1149f21faaa06ef61a15de3679

SHA256
85013e2052b75517cee58d8934e558b710a22f43c52a24c083cc72fddb5b6155

SHA512
ef0a488be847b7371f70caa9ab23ef99bd5f2d63b9a71c5101e6388ad3cbd1aba6bbdb8258c83e9ac5ebade5ac0f128355e7b80f52dc10393d4678802620ffe2

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.0MB

MD5
f2a6b838e3ed8bcd39be71029a2a43a0

SHA1
6ab4e8e11dc03886ba25ea993ace4415c45cf0ce

SHA256
b527506965acffe23aa582a4045fa556c12c8a6fb5a677f3f6bcd5e1fd7e8392

SHA512
759d84dc8323afaed83e912cec23eb319fc411ab26f1c6238eb610f69b6500272409585e1c98e569948e35371d76c5ae840ee98ea708648eed2d5589ba535326

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
814f9e5c3078d37ed0d1c6924c3bdb0a

SHA1
888a7c008cd6d5027ea6882f3bd5e03b25c5a258

SHA256
6e6f21e682d78b10e0852f30a4f06521e834acbde783423c3748e1d0d9f114fb

SHA512
653ec627c830a7d4355be8c80156a73e35b2d4ae603e470e120b52ca516a5e3095bbb1f88c09764c22cb83c45a4c9bea5388369e852d44ff3d9167d0064d507d

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
eeb118866af991abf3863428489bc739

SHA1
d5d2c79650af61ec474123d6a054ab71102965b5

SHA256
a9fb4f49844daa611186996963965fc15601214c1c6914fe0a178133becd05e7

SHA512
e103d84b44819f454aa987977fbc4129e90f7b0b9c0579da6f705a075e5f18daa055f94f7e55f48e8a09a3685e3cd40f1f7364e2f07ec6a5bcb3dc6a3334d7b5

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
82d31708fc5871527a95487ba529510b

SHA1
c9dde7d2a6ed32253da48f8d9fae978176bdf658

SHA256
ecd332290f0cc337dda42ef652cc67d744c0cddb9dd322a2c336600f54c41979

SHA512
adb04b1625dfdc7dc8888475eb4552af3fb24f596695bd9e90a1d2c14c5bab764c3bae7f6d060e413f227b330b992e0cdd4e7e1ab6576eca1db3e53863fd7647

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
62f53d7a6f7a68ff6e74a72385ed5127

SHA1
7134b2ffb324168a8feeb7569b0095a9d1106394

SHA256
0a35871271722bb0c913ad4373044fe1c6ad17f543cd61d048e717c1a0ea0c89

SHA512
d8164719bf61e5d7fb7e50346ebcb8a9a99409bec673914205198126ae8735b11cb2b0feb18a5238f032151ba27a931a16c4a571054c1c0ea0ee6cc5fb150dab

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
687e6fd33638c40445ace0f966fa8d63

SHA1
2a58dc485bb608dddca15da56f1ea175bac49b61

SHA256
dbc626afb079fc230c0a9904b2f5677171229be03c2106159e788c91cb5a7715

SHA512
c102abd10ad0a42c4904fdf87218d8d7de1d91f424203b5a13041283d75b78ba6d2aa48ae2e4225ebb475f10a53b62f0f8afe2e4c16fa2a2fda9e71163b75b5e

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
4dda664f2d49ae2500159e1d7dcf26fb

SHA1
311c50f760849e7f2f63c9a4f5bfa6dc18fd218c

SHA256
73eb2f4a7f05b902f2082e0988e866b50af52cfd4ebc98cc8d4d241c40bf7973

SHA512
9b0d9f28b5e82488530f97734c4df1a5d95182dbec14d878f4c911cf454584a9616a579bc3d5bf1edcb74c7ceb0bb2273a9f0d49ab37ad1c77aa987f143a6383

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
29a04ce2e1016d8870325a1e838d2438

SHA1
6deaaffc864c652115ff775145c302c53e658eb2

SHA256
f274b4b0d711540bb78914247bba4e919d75b872e0372738b5290b7237f6989b

SHA512
c0f70aa7f12135f6b74414f478683218953b75e0935d6b4bb8bf5093a280d5f8045628225ce7de4cbcd240adf0eed6df1942fb59890edac9d6176e3623f29b37

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
144d900b5ef3714191ee9cfc006cbeae

SHA1
a8c9974d457a530f737c0a0ab135b08b50460370

SHA256
cb7ed60699a9d4376564745ffc7c9f531b03158ad39b8f622c7bcbb4cf775694

SHA512
ec22c76175aa10b2a7ed91528a48b20e3df0bf7b2979bdebd92f86475599fdfa94ddeded5b8851280becad175cb918406bcefaf12b425971edaa860474f7bdd3

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.4MB

MD5
6e68679815153a148f9354af97527919

SHA1
111cd4c7e904a7aca820f80ad176b0677ca60491

SHA256
9d5c003c828b62f50e78f01de412cf4bcddaa1fbd4fb9a7c998a7982c1eec3f6

SHA512
7c7c7c5d958ad4ea8ba06d9b307fe3b9918e843bf884efba40e94cd90a30d6b864bd166e688b75abb79e392fe799c4e78fdda985085e30d05b3de01a5e9a5024

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
3f0ab81d427f5c86bb8b6dcf10764b04

SHA1
90a2fd0567ddb48667bf52a2bfdf3e9ac1a7e6c8

SHA256
e27c4dcd76c1b93b3f14c24554d45a7f7f8fe26ed9e3058e4bfaadecb51e6838

SHA512
d356e124186ea027a5abb3824cc41787092567b16fd6a4356ef821521a826619eca0bffebe49311877c51a08cd8bbbcda8595d45bf1f26037ea12ca6a867c70e

Download Submit
C:\Windows\system32\AgentService.exe

Filesize
604KB

MD5
04586a0213c7afe3bfad853420c3278c

SHA1
5c73a6976453aea1599be5be5b9871f2cf384aad

SHA256
a8bd2d76a56a40d319a41483ecff0a55593425dd503db8181a8a762ba9ec85e3

SHA512
ec018c983808b2f27e0183d9786b85dde203ad86e5a146da14965cc5b5833c012ee01c91532599a46b5cb9cbf949e33bd6c344aa53f0f592604bb1bff90bb3c2

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
768KB

MD5
a168b84c98e8c3b9718e0f004c6441c0

SHA1
9f21975080374e2d1d22dfc93c4c5aae323c584a

SHA256
5e43bee8e6ea506a62a05fbd30b8c8c14a686f5cd6225ae760def384f0344e07

SHA512
eea7bebcd5d34c5a212a026e609394c06b0d27a13dc6179e7623da7de66602b5e5f8eb9a31ac1fd6c7dd2f6c045872db1a0bf391cad68875099bb6632464e28f

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
832KB

MD5
1ebcc4deb1205fa2b37c940979c698c4

SHA1
cd66f380042d83791a0516b6bd1c5777fb917843

SHA256
8ad2c0d255e297cee8190e1c2e10e9e061a650cd3d60c597d9cfc0db03bf6e8d

SHA512
22d07909819933b87412bf2a9a7cdb933dbb5035da35a5db72b4b09f97561ad6159be9efd0f1a9b2d0db7d1c5655c61f76b7b88563d5c5c614ecb50439471b45

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
704KB

MD5
459341744a7296f05a8ecde203e76c83

SHA1
d76c0fdd6ca912af809b0e48e687a6dd0c30f009

SHA256
2e9d8fac81a2f7c42ba02dfca57008387d9bcc341941daf0df165f8c1ca85dd8

SHA512
46d448719cdbd26d3658ae3af327497103ab6d7575a13c6b869fa3ceadce5c36682edec573e4b22dae9d8b21d73165cc3a13c61f7dfc14f0716a860783ce8cf9

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
960KB

MD5
e95d6e9e105cd310dcf503cee6a4fce8

SHA1
e73557287d0c0b454dc69305214c9417cda431a6

SHA256
98a28b2ed8c411b734e9838a7b09e7020b4f0551aff54e38c3a7c32656db75c5

SHA512
5d9cabba9694e704674bcd7cd907e52849d45b48476146dfab2aa08c1c7b3814abc2322ad1dc9d97c005812340f53fcf3709b2cd169bfb097de7c2f9e029eccf

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
55c83702468d98b6b7195775da6f7980

SHA1
fe9c6963fecf1bfc1f6cd5e715f1d7b5fe57a59a

SHA256
737f816051d3de38aeed07e5ffba9021cf554cd7d966c830131c918b62a3ae14

SHA512
e1d3fe4e41697e08d0f8f95f097ef81829e40dcb195be2a8d08850d6920b445852c5f2f6f82f31538af1080b72521f8caee915768d6e5b5818bcdafc444d2c5a

Download Submit
memory/1688-245-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1688-255-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/1688-314-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1724-253-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/1724-199-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/1724-192-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/2052-293-0x0000000000610000-0x0000000000670000-memory.dmp

Filesize
384KB

Download
memory/2052-287-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/2052-298-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/2052-299-0x0000000000610000-0x0000000000670000-memory.dmp

Filesize
384KB

Download
memory/2232-590-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2232-284-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2232-591-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/2232-228-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/2232-218-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2764-241-0x0000000000620000-0x0000000000680000-memory.dmp

Filesize
384KB

Download
memory/2764-232-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/2764-301-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/2928-112-0x0000000000E70000-0x0000000000ED0000-memory.dmp

Filesize
384KB

Download
memory/2928-124-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2928-106-0x0000000000E70000-0x0000000000ED0000-memory.dmp

Filesize
384KB

Download
memory/2928-105-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2928-120-0x0000000000E70000-0x0000000000ED0000-memory.dmp

Filesize
384KB

Download
memory/3076-593-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3076-315-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3076-324-0x0000000000580000-0x00000000005E0000-memory.dmp

Filesize
384KB

Download
memory/3148-6-0x0000000000A60000-0x0000000000AC7000-memory.dmp

Filesize
412KB

Download
memory/3148-131-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/3148-420-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/3148-0-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/3148-7-0x0000000000A60000-0x0000000000AC7000-memory.dmp

Filesize
412KB

Download
memory/3148-1-0x0000000000A60000-0x0000000000AC7000-memory.dmp

Filesize
412KB

Download
memory/3192-132-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3192-133-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3192-202-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3192-139-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3264-185-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/3264-178-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/3264-240-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/3656-158-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/3656-155-0x0000000001850000-0x00000000018B0000-memory.dmp

Filesize
384KB

Download
memory/3656-144-0x0000000001850000-0x00000000018B0000-memory.dmp

Filesize
384KB

Download
memory/3656-146-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/3656-152-0x0000000001850000-0x00000000018B0000-memory.dmp

Filesize
384KB

Download
memory/4084-12-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/4084-14-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/4084-88-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/4084-143-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/4348-203-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4420-411-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/4420-280-0x0000000000840000-0x00000000008A0000-memory.dmp

Filesize
384KB

Download
memory/4420-274-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/4884-161-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/4884-162-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/4884-169-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/4884-227-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/5016-94-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/5016-95-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/5016-101-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/5016-160-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/5112-592-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/5112-310-0x0000000000A90000-0x0000000000AF0000-memory.dmp

Filesize
384KB

Download
memory/5112-302-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/5180-596-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/5180-330-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/5180-335-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/5184-412-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download
memory/5184-437-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/5288-127-0x0000000000CB0000-0x0000000000D10000-memory.dmp

Filesize
384KB

Download
memory/5288-126-0x0000000000CB0000-0x0000000000D10000-memory.dmp

Filesize
384KB

Download
memory/5288-117-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/5288-116-0x0000000000CB0000-0x0000000000D10000-memory.dmp

Filesize
384KB

Download
memory/5288-189-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/5344-327-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/5344-259-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/5344-268-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/5404-207-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/5404-215-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/5404-271-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download