3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 09:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
Size

1.8MB
MD5

1d154a438d5d07b14d845c59c370d69e
SHA1

8f3054b985effcf58c1118b475993afd23f226c1
SHA256

3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7
SHA512

9cf6444620d483ce858e1f156ae93b1cf6a9980d3ec587ca5f8978e05d70b6e74f6dbb2caff208e264082d990595dc0d89a4d2eec5749ec83a0b8abe2b3adf5f
SSDEEP

49152:Ax5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAUkQ/qoLEw:AvbjVkjjCAzJDqo4w

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 16 IoCs

pid	Process
3304	alg.exe
4048	DiagnosticsHub.StandardCollector.Service.exe
3896	fxssvc.exe
5020	elevation_service.exe
2100	elevation_service.exe
4012	maintenanceservice.exe
3804	msdtc.exe
2924	OSE.EXE
4448	PerceptionSimulationService.exe
2196	perfhost.exe
3732	locator.exe
116	SensorDataService.exe
3192	snmptrap.exe
4988	spectrum.exe
2472	ssh-agent.exe
1204	TieringEngineService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 29 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\msdtc.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\msiexec.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\dllhost.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\spectrum.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\74af846524da5fe8.bin	alg.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\locator.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM511D.tmp\goopdateres_ms.dll	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM511D.tmp\goopdateres_ar.dll	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM511D.tmp\goopdateres_fil.dll	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM511D.tmp\goopdateres_id.dll	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File created	C:\Program Files (x86)\Google\Temp\GUM511D.tmp\goopdateres_nl.dll	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{9DB89034-DCEF-48FF-ADD7-3238A926B18B}\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM511D.tmp\psuser_64.dll	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM511D.tmp\goopdateres_en.dll	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File created	C:\Program Files (x86)\Google\Temp\GUM511D.tmp\goopdateres_pl.dll	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM511D.tmp\GoogleUpdateSetup.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM511D.tmp\GoogleCrashHandler64.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File created	C:\Program Files (x86)\Google\Temp\GUM511D.tmp\goopdateres_bg.dll	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4048	DiagnosticsHub.StandardCollector.Service.exe
4048	DiagnosticsHub.StandardCollector.Service.exe
4048	DiagnosticsHub.StandardCollector.Service.exe
4048	DiagnosticsHub.StandardCollector.Service.exe
4048	DiagnosticsHub.StandardCollector.Service.exe
4048	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1420	3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
Token: SeAuditPrivilege	3896	fxssvc.exe
Token: SeRestorePrivilege	1204	TieringEngineService.exe
Token: SeManageVolumePrivilege	1204	TieringEngineService.exe
Token: SeDebugPrivilege	3304	alg.exe
Token: SeDebugPrivilege	3304	alg.exe
Token: SeDebugPrivilege	3304	alg.exe
Token: SeDebugPrivilege	4048	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe
"C:\Users\Admin\AppData\Local\Temp\3868480ab81844d743abe67b835775316f665992a147e24a48272c785361efd7.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1420

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3304

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4048

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3976

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3896

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2100

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4012

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3804

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2924

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4448

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:2196

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3732

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:116

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3192

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4988

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4652

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
21f6ac4b752089c72f8a6abb94f8c9a7

SHA1
f8dcafb6f79381e1431855c86390090c64eaa8b8

SHA256
b3f5437cb5ae65be85537f0d55e8b35b443e73cb5db3956348198ddae5db74f6

SHA512
7652106bc1df6c805c21fd4593813b5a6530651af6e5808f582c49e306ddb483a8c4bef7394769eb4a4f7d70eded4b611b795d8e1456c270d89de923340c5d7a

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
43a94936ee4b860640d38c847c90fbf7

SHA1
d043b31f6ab26ad942848f43e226b3809acfc6a6

SHA256
ce5cab42fb97103af69a1ccaf7d3bf48d60112340358c651c88255bbdba5a5c7

SHA512
9aec77122a3ea3d2b857f0425b6fd5be47e661df386c1382e6954cad799cce0be44614d9a8b5cc55ca2a3625b608596acbfe6b0d2905076c4eda21fb60a8acec

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
177KB

MD5
9a755fc311df8a9159822738a66c8ece

SHA1
cc092364c7e63719e2c94fcd1fca3747dcc18689

SHA256
fb3cb36313b788823df966d971f3d605ba76944d38ee048759ddc32ec2d1fdb4

SHA512
584e97c4f2cd5ae4d3a68ca98d8f0a160868b64a06d7c4fda032afe6625488eff922670ea89bf912563b224e451e7300adc495acdb1c94edd5e1b9cd4637e737

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
94KB

MD5
0c54686d715c75c18ec38184b44247c1

SHA1
2694c4db5a87628482589741798182265e29ffe0

SHA256
9cf53f41fa5e32701caae929cb6e197ef6d4f5383a21d51158efcf4187453e95

SHA512
db202d409c2c7aa7219479a7366a468dc3f9664c0bf8afcb648e7c6df1d219cf1b04b99904ecabc2afccc248ecdc38af20c3a094178fb85994003e7486a37225

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
599725101279f20d72f344f195acecd8

SHA1
3f44df124f1562d75a24e9d975b81497876d87cf

SHA256
5c38880ded0109ce9d30deb6e2e4e5908d0ee69a93af679693d4ef4de20904bd

SHA512
33996706d284344e71955eebb60a666913cdc3569dbd26e2c8f0d5539dae56cedb2f194c7db4214260c630bdf31d9b76e5a6713b0b37acbad1532733ed3ce399

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
2ac88a34bcb4ac01595e77c5c209a1f2

SHA1
c196c1c357201d3da435f4b50d94fdb89b35c9d8

SHA256
63206b547298d9aa9da5ce75fa13261a3d059928dc82f60a0da6e297233386c6

SHA512
e866db8139c005d26a435cd7b8a8bb40fdb879792322c17a28acbf2d3056ebd9417e839b8c164787d9361d96ddb2249fd6a3dacb411a72d91dd506e7402d1d2b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
343cbd6a717efefc7f951168de77f82f

SHA1
43f2006611c6dbe75e9389cc6bff982cc490e197

SHA256
b51f2949ae92fcef4832efc51bc232b06c228f2d2989a77b17856cce5605db29

SHA512
76f9d146fa3e361f85c9ebc75a4ca4fed08fb6e0765ed1d1e4a92d1f63abe5416109207b356c3e5bdab073d2b083e5a2f92075ad40392dff2d3c3590582caf89

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
2.4MB

MD5
71c5e54a84a2f8d7c4ae3a912baca8bb

SHA1
0eef5cc5f1f7312e5bd26d44402c808ba8c4a6f1

SHA256
6e6f9a3d13034630fd0c36a9e5e77b016ba04391f7313962626cc0b8960e1d47

SHA512
564bb4d4325ad1ad9e4c03a6203de9d3775eed5b3875305dd02da52a2613e36137150a39654c68f670e016f36495491eb466835fde2538f28eeac239e3cb4110

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
3163f9689a650249aa92e3d2d9559f2a

SHA1
12b4f4671d93b8fffd87e6d5cf5797548cf2493f

SHA256
594fc6b8f7b283ae527a9027f7dab9add7df3bb0e3305b9c690e875f3b560e7c

SHA512
4ee47daeada80c31985bde606597fc9006926e968309d8f51d6b2ca02e36748200af7f9b5216fa2c0f83af7ed99bc9cb86b106cfc85061250b30653e40d7a3c2

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
2.4MB

MD5
6b1134f2a0e33cb49fda74150246f65e

SHA1
92c0933a6cef3e0c23a4b67e24029cc821c2368b

SHA256
428b55ae14cd7f5f2d5fe0d1556ac3e75c6df12e1f29b806db215bbaf690cc28

SHA512
f244a7801279f2dc081370f0319b7641d9a93671fa156f1b39a20f742711c1acd3d037dba994de850b557bd6a7128938b737a6e07e12937bb621ff612eaf7585

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
a3add4604fdf55957af5211edd5d9453

SHA1
5b3236a573fa3d8e3c2b4aa311d84cec0ffe08c8

SHA256
14d832b257555ca68b5435d9a9e382b1065a5413252bc0b85c20d81de85607b6

SHA512
230bbb2a226987691cdda691ea0d95d6e401d732b481918a5fdda8c2e8eb87aaeccee1bd013e671080b79235e390dafa1354e3ab42abe782d17ca5f53c44abfb

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
b08029d3c90b21261e46cdaf72118339

SHA1
9d15e51d2debc7aaf9d2eda25728873554b17977

SHA256
7af06b9a1ba9319b46e0c9d36b2bb371106e0d8ab7aaf309232378f467a44f2a

SHA512
572ea3c33d5b06d48a1045484fb9ed9041f4a0563a22ab886eb52bb72dce2b026bec62bfff46f31ad749aa34a1f97b1eea175978413cbe6cc6fada3081654227

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
477d8f6ba3f2c67d5c3d0c96e10ffacc

SHA1
b81823cfaca2413c606cab2b81fe0c2f9a1229ba

SHA256
03278fa17c2e001aa7b6b947cbedda6ea4ac0b24ab34192abe456c91992bd117

SHA512
33fa2e4d8c93ea5a326428789cd4a2ea8541fdc388bface2b60cc5e0a96ea6cccd506ffe9ff51de29cdb02b551928a38a836daa51091a975f328c26d023f8c79

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.2MB

MD5
40b7ac28c9e2efbf13bc948c5ae84ec2

SHA1
118e43a5d77f6e22f33f811a19a8ff20daed519b

SHA256
263aa916e86021932c6becc1f38d2a7c7d15f6caff0316547bf87eea3c71d907

SHA512
1b9f283ced5f9aee236f73ac0f69966ab1d1827f6cf77a697c99f391862062c2c75b1e9d236f9208359af92b13ca1da4c6bf6ae18297a740040a67c426f6d4d4

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
1024KB

MD5
0c71c8ca44030f873dd21f8c5ab2e6d8

SHA1
359c962a60126f44d976bf2f40312ef5b25ee6be

SHA256
b1368ad42df80388a461d7c32e10e1904b387f60d1bd1af50e8e8d303ae111d8

SHA512
918d92f9fdd30e387662f2c9c75b92875efb3dd822b8cf39470a289aa16eaf0cd7daf4a1c0ee2468c869ad3de52ac2a14843bbada7b19ef774ed18beebafbda7

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
1.4MB

MD5
fb841efedad86ed8e873a93a28d03a93

SHA1
6a178e1ad1b9c898324ad8fd10ca9958d364e544

SHA256
8bc892351758ae9bffb877f76c3204698cbd0af10a1a619253b6e279d22dc124

SHA512
f2d8aa8e57268cb77ad54bb30677d9dc2c3fe9102944fb67a9285b0f66745ed4691cf9739fc43b634a9e9a1388167e13c18972a67f0bd48b85425ac1efd98ac9

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
1.6MB

MD5
9810d01b1877275accac1f5fee0f3545

SHA1
998588f82ebd6831708ae31693191767c0d35ee0

SHA256
5ad4c248359f66ba43b318971c42efa082f915e43f507bb1c4a1391ea17f3f06

SHA512
5bfade0b2d651efa3438e01fdf27022d098048010936dc7fc822b61b2f88b9f32954e4ed056db3a160d4cffedfadfd3f71747a7058ef03fe50dd073733b2160b

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
6d41afd554221f5384bc44bb97844169

SHA1
9811c728ede7157f9467a7f21353ae8bcd6c7733

SHA256
8aa08461b09226d92777b1659da48cb476eb1c37c32c9fd0268c9100baffb776

SHA512
c7f234f8268d2753ee4f06398996fc34b56e92082d8f978989c600dc988427c2dbda7c14b278a79f6b4524fc8eadff951881ce67b21a86ba6ac83ce1ae2093bc

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
975KB

MD5
7f1f743c68d8dc264df9992b2dce5ae2

SHA1
9a7415f7db22b638263e7e94a60f808554e5a6d4

SHA256
36eb6ee3750bd69e23c292df74f80d007365b6e36e6ea0bd45fa68d85f6a1eaf

SHA512
124ebe00a75eb42afdd6704cb8dbe73e7c47f801906eabf95aebddb575c145f135820b66711b46c83934d70a4311365a74eccdf2ec728077ec45eb3a2672699d

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
960KB

MD5
2a6303e32208a5f319a5b1e4b2e44654

SHA1
3818e5bdf8ce2e1c6e879da1332f42f48df4430a

SHA256
3e961008f62bf539032879393189ffe52a948a876119ec4170007ecfcfe03613

SHA512
6586107044bf89201edd577d32785504d8585047ac570309c1c5b6c65fcbc07bca89ad3ef702afdbee19c22cba015fa54a6cea843e633619778088aef0a3efa3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
992KB

MD5
6ec97e49bc2aa54005eb80e073d499e5

SHA1
7bfec8e4f1522a9b47013d3a86226847726f6ac3

SHA256
77a510b83efea9ed1e8f662cd6c9d485b6ade6f0c24a8bd6a43e78fbe1cd92f0

SHA512
6e87d4eaeec1e5c1e560b6fbd0578ca32aff2e1588580d6746ee6effdc9b8aa7cea7a938889ca4f643fbd54aaab65a5a974715ba4ae784868c87a8d254631519

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.0MB

MD5
75941f07911ca80e805cbe4fc52288ed

SHA1
c95099b3d78c64e3e495e09fa9048d7e2c6b517a

SHA256
a1956a188068c2ac309a519768684f37c802c6a33316cbbe23130221bc8a6930

SHA512
c5161c0cae130fc0bf6747d8ebd13bbc5ec14dd0fe5c4f25a90e884e8085a7e7068629d423ada375016b05fa80e2cb080edc85262c246cee3f945e9b47663981

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.0MB

MD5
b4ffe0a8a6d97bb59c6a10b45ce393ce

SHA1
6506583bb7be83af0c2932afd20a94a943a8577c

SHA256
59284d65cd8a0beeea1332dda7286532ddf010ae617ce1ffd0adf12c9711f41b

SHA512
10b6379529e86e7325e8061f27f88a07b58c37df47791291f1933a2e9835366046d6230880f390aaebbfc01dba473e84843a03e8248f16555cded3bb5f687105

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
925KB

MD5
0162fcb47e8896ad82d3aabf45a49ea3

SHA1
74b71b0b48eaeee3b0759a54b61c7164a69a193f

SHA256
6a190179b50c9a65654badbcb422728a34e48b7e173def4c82572b2b0697e013

SHA512
d072584dce823817ca5c59d46694a06814b9269893d0d10e479a00fb49bb5403c7ccfd8638d84631a3d2f2f2db2e46880fc6ca7000b475daecfaf7785a710e6e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1000KB

MD5
41870664034930efb7ccb578d55178fb

SHA1
bdc515b6d156fb05f47f91648d46a89881deee16

SHA256
eab63fbc99626292a0ccf021d7877104a7daccb814744ce1c57611e62e6cc324

SHA512
d8a82c1ba6ac38c7149f029c37ba2e201ce01acb3aaf180ea4ccce142809bdaa6ad055284b5969616e7eb3b9ee55a4badda1ed88950ccb08c4062ba688188d38

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
960KB

MD5
9830f25597b549a4edea12c81c824efc

SHA1
e5ec4d802f799ead91460a93df0c118ce1758888

SHA256
097b7e092c7953fcc4cd044bc7c37073cb7a87ecef7cbc430ffd00c0eb091f2c

SHA512
ca3a885529c3d20b342055fb57a5806160920bbebb054e001703f8e2e0ae6e8a2c985a67b8b049342d0ebd2b2dc96ec4d0945bfad80cd398cb996a4070e6d816

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
921KB

MD5
e766708be758cde27248bf8359af078a

SHA1
ef9ba461935df2990831c5977cb2f0277f07c13c

SHA256
30a6fd517eda0414939d1187bae544b233bf69d6a011722914e274c3043ea55a

SHA512
b9bec55dc72d819c8ea88fd651a3ac83b32f82ae6a67e893297c39aa47e7bfa6c7fd2b36c44aadb38c78e26f0e244f87dfa9674fbf2bdc5849dff7b9629cfa6f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
901KB

MD5
912569cefbf6422883d6c526fc9ebc83

SHA1
f5e144ebd27edfe8d27bd7db5c021a2bd63bb761

SHA256
af4d7d2799f5f4cc6746c361cd3b83079b59acab7553582ecb5fbc61314e1681

SHA512
e364996e5de94c998bcffa616b74e58959c1f79745809399c3b93d918b171bf2a5e6f8da32040fdd3113f21bcdd7d4c586bf04a0ba65480932ebc6e64f38c364

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
905KB

MD5
6f98daadd6c63a82d6270c062f141604

SHA1
3ee39af3e40e487617ce71b2dcc8e66fe02e1954

SHA256
d6a9362a4c0792a8f9bfbfae47acb0151d700a536723b2151b07427e9b711132

SHA512
4cb0f0c485e64e7740868919811e1b2b999e12ce7943e06cbf7f13b853be3c10efaba392d489fa19bfad4efc57a3c78425ea9d4532d295822da8896c19fade80

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
896KB

MD5
7994d8b8a6f674c7c07ac21dfff030e0

SHA1
56d750108037b74f92498513774ed445f25ca2b9

SHA256
695eef991cf494dfce1731c12fb3138a5f66e8cb166ee2c5dab018969c592687

SHA512
971eb48fcbb3ad1713a2c305e1656d50508b684a880e507b2e05a0a2f7fc3d7c3b90a6c0ff4ffa3ab15914e76b551a10eb027378b34eab70e63c250689132f02

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
896KB

MD5
f940dd2c0c717e58745973cc192f9343

SHA1
919fe87e7368f3a187a723c6db1f56da5129873f

SHA256
52bdb3d896b9faf9f200133c36127743300b830a5d8a29f3194fa36d84bb3b47

SHA512
3c9d344d06bb4b8c9d32061a40c35c961aa0db4d606326a0ea070baba7c9b4a241daee6097f7a3cadecb598635de9b8c09879b943e52013def55619a3bb6a387

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
800KB

MD5
b0b46ebab2a227ae0d1f2c39174bbec0

SHA1
9b866e7973bf6656e8c7cc4495d8b67a14a539c3

SHA256
c5f9661bb9da2309a04326f5c5fcd16d64cc4b331c1f124381afae338733e36a

SHA512
1d186b4fbfb7605c10e55ac37eb4d6b8422e28726c2aafdd72493c88ef9b9c58bf0bdca8c978a5df1a3455892001fa08ad675badbcd0c5714930cb81d2e7e1c1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
823KB

MD5
d60c630aa2dabb7f371bb9e44c68b36e

SHA1
6f083889c9f1dc374bd8ac354a6c1613e775ba45

SHA256
6f65e3fd923f5c87ce2be2067988b18749796b2128fd47d7d63c84dab9cc6b50

SHA512
69df3fa271a8443adee1f5b743fa434aa3d7dff96852545b383ec10bf5b50aa61ff51ca2fc2775b2e50e2ea85097e7394e407871e2de3c3042215315a5fa3948

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
708KB

MD5
d7d323de1b972c8dbecc0a4752a77738

SHA1
4db5b0e9c133ed5d053cd8b090236beaf0345ce7

SHA256
24d8eb2293555018d12069812f3b679b800330df8f58cbf7d46e1bfa33883b78

SHA512
d7ab3ec1122442c36fbcfa14738d6493e91ed84628f2903bfff4153ef17bb7ddd18d88804c93dc707a942d3b49895baa4109d7df2057076fd399c40283a5e478

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
2e197a793f22822799d2b54e36aa1154

SHA1
970c720cb9218a557192d040891da16f2e81d9e0

SHA256
cf11bf66f17c059858ba27d0ab0c12070d6ae1e4947c550fa6d1e02816fd9787

SHA512
defa44a4dc9e248b7eb7154e2a17d7fec1cf6b02dd45d1c083dc957e7581857e9a53beeafb4c573dbfc08e5c2787cb5f7d9d12554f6a1e06cf932f9a978ac276

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.3MB

MD5
8bfe72ce5a34ad986f6a77318c26c2f2

SHA1
d3bc9afcc8db65c951ec9f28a7a2e4f1ac13f4df

SHA256
f4d1dc9753fb9493b9e5e6d6af476a97d44bf7e1e394cc925efca3f1aaf0fa46

SHA512
5481ce668ace5dc8ed01892e56d67d0e20e916644ca066ef1215b25c133685131f00ea07381422015dd376e8c9c52e2e380a2ff7823274b151bc677156071d44

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
a0976b00b47d1f03345863a8edce7997

SHA1
525eb8db8ac43b78f1dad7407460cc05d4264ebd

SHA256
0a0a505e8deb78436aec27137b80162cf7c1a87ae31c23ec1e332bf5ae367582

SHA512
903091128a680bd573e297041287fe3ac5774fadf965c6d96857f0a83c3bbc788fd1b45843490d923d0452b0622f8b3052255d005c70a5085cf733845b3426b3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
7edd3139468cd1f8a11631a9cb063d12

SHA1
a1bbaf4d776d68861dccb0ffaaa02a8b19061500

SHA256
090acd72c73acc63dc58d0d70c962afe3762de580d4aff7f99ba14928b8b81b4

SHA512
017918e0907b6135419efc1eb41025b52ce28660d4968f97437473a16db14cfb31fe0e09b44bbd4470edcce17a3ae2ac044f65dc288828e2603cb5962e8db5a1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
128KB

MD5
f6fc59d90faecb27f77d606d64397736

SHA1
7e8ae9b3ddbd5368d73180b8ccc36b961b78b816

SHA256
3dd3e61d879ac0544d508ea985dae35c8b0bf763203710d8dece74f19a35ab63

SHA512
def34dde9107f9e4b6175f4bd9d2d8b8b8afbe42d9b72ffc99c573cbcfe77a59193ca7e25b1fad68a6e89999bde9dabdf20d979787b7eda1c46ce9659bea8d6b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
768KB

MD5
6c1ba42a12878ed15025cd00f4a73863

SHA1
90c2ea7c50535e173026ec4f37b4f463e41f89e5

SHA256
a86dc2c8d1960e049e76400ba5f62cc73b9101344017b3eb54d252bd2c05f037

SHA512
c92cccf7570c1a095e4acde1fe2241cd4d918aa49de5f8e237c5e65b94ed73b58e0d009687c62c11095e60646c62d96a80dac0033339554297ac46fb2d4b4d96

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
813KB

MD5
4649e39bad25930f49a78da62c088f1e

SHA1
590f756f1e69c4d933865cf9aa2d22585696ebcc

SHA256
abd4556507f23c041381f1dfa2c259bd083692f80bfdadc88ecd28704a2dd43a

SHA512
4ff0892d8d96b9577e0e20ae7edbff3ac7b9f651d4aa3e4dbc77b083f4d5b4bf2d712637cd317a6a51f7fb2eacd315cc0865fdeb161d9243b0389b202af17c52

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
768KB

MD5
667eb53f8ebe5ac4656bf5394900b7fc

SHA1
008dc116cbdacf7b9daa79269512847f44a7d474

SHA256
5d2af69000f7760601d3915abd1e3a27b6cc92d87948f91a34228f83436170ec

SHA512
ddf99aedff2d5848b325221a85637972023a2afdfdf6ec5f119a230a3a1d4133a49a8c13c9cf5f24d085ee89d30a3a1515c8ad8543c1684a80453bdb0ba4a507

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
768KB

MD5
1633f06a9bee0e40fbdd0ebf341b576c

SHA1
0a6f65950e6ce11da072cee8ac3ebd29e516f37c

SHA256
7bdb65a3ff1c06b70cad53f01048a58d8158b96f4d1948ee3129f110e785b4d1

SHA512
1b9c4c8cb130e337cbc2ef3ded2387faf5eae08b23d2df492aa58b0945fb86d8217e638d9486807dc1e21e6c92f3c7e6b01c8efeec238d509a93b1b3c98e4122

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
f5fda3ecba8f0a9ea444da1bf84b9ccc

SHA1
b37f313a5698c043570a7ab5e77b80bafcf4054a

SHA256
8206f55d5f3fc66344129d5b97af05783cd46854eeda417628915197628e6bc7

SHA512
802129f9931ca15e9803b9c943ddb0cea02fa8af4513d6eeabe10a7bbcba8116bdc9cdfc9ab797092212c5b4c90f5ecabd979ff1ef25833a576b7636386a2b5d

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
f0951edf83b586589a0496f8c5d95064

SHA1
a91cd5fc03f5c3c6c7f930f42b7e23b38cf32bbb

SHA256
c2d2b2bd50e37751cbd37dd3d5d524f23409bac109c166cd256351263b7a60ba

SHA512
87c4b7d488f3ac02868eb2d92b30a42c0cf947a3c3331d3ca0cb7d384092032db0a4f611f4970fdc48a49136c97ca1e0844d33ab16886bee3fd5a7be483fe6e6

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.2MB

MD5
ac597625cf43a05ca0637d0dffec8ab0

SHA1
35de6cacbdc1d2bab4a94546c8ca98e11ac258cd

SHA256
4313f602ab440100035e3ba8c05377753d33306e025b3fa819a275edf2c2f0c9

SHA512
7881a6a3322e938b014508e284e7bf29a1d3df01a86523a4b83995a9a7b9663c154ec7955851a4f3d8f5eff77eae6b5e3098c83dd874b281e4b4b006b7aafedb

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
07078e1642bb50cdb1ddc43fd767822b

SHA1
97969a4d2ad522293f7f1f66a618ed95a05fadb3

SHA256
6d959cc78f15491ef764b0cf90877bc81bdea2c0e232c570e39d405e5129d199

SHA512
af2cda2cba91d56dbd04b9c99f451bb60bfa28b8525d83b5ef43cd82b80e3b69f2f9964a3d4d765dc57e5702ef03f4e17cc072c669a8ce33d8ff214719398d6d

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
a56d4bec3bf3ac3902a81d0ed266d96d

SHA1
c92088b7290f21f92e4f34dda8f38bef019c3581

SHA256
93bb667fc6d93bb4104ea8a65c635c2b72970b20e1c0b1ab6828d9dbd9ae6790

SHA512
103bc2a85b65ebb7439b4f3523ad648bdcf554f530e363df8d1d11d79b721835386af95b91dfdfc1659d0586c5b471ad1f731cc87153396137a91349c78218c6

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
bba002b3eb2df5c36eea9b7a3f4a69f2

SHA1
f3445782b6e9062ba5701ad8d5a2d6cb2f02a70d

SHA256
a3cf3bd16d6614ccce1206d65ad998cedb885553538da7cd784cb26970b90e4a

SHA512
0b76cb26c747b6221526623fbfcbc627a28c130453947bedea67b19234d66da900c911986991f10deafb691db18a439162071fef784c29ed050e5ccc474a15c9

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.2MB

MD5
7d6956f76318810b4bdc0f5a58adc8b7

SHA1
3901e5f0ead2f94d7d85278cec6a9c4039645ac1

SHA256
68ebd023e8779a28afca45505ab331899eebb1a590b78ffa51ca8106ac0d6de1

SHA512
c39ef1c76372587708aa4375184bcc6f2a383df45d84e64f2d9d7cd51561baf50a39324f43d21ab839f04106bfc30030f188adb4c49463aa1c0f720e1d388abb

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
e1f79269eb2a498e7db4234bcec9eaef

SHA1
e0af87b5bbe6ffc071f8b988dcaca9b9f2cb49e0

SHA256
aebe3e6395e583b13f7477e78a3f0e3c8b45d6025672511c5e92b9f4e56f1413

SHA512
09da0e6df09c6d99a9f9f332b9a5866a14f898139edd1750113ee51706d81c1740c83295d1d9934ce818e2bd35b3f11f8bef1d19ded5378370941a79dae64580

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
c37c91cc732d240616916a5c046b5285

SHA1
5ea2e985e529a48cbb64ff845064c55064bff624

SHA256
e3fd14bed73107b977f85649543639979f4a4175ad17fbbe1219d4c476597006

SHA512
30b0ea7625d8d716b2d99751b1060982a0fdf2a45e521823534581106d52e1091a15736cff8b2a57c2a5808f30d6f04425a44c9d857ebd3cc4abc77554709023

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
bd0754aae1b71b9becba54f6bdcb1f99

SHA1
7180226af73051eb2d3185b694bdc51655b3377c

SHA256
8a20bbb8c72c49bc9bbe011cbb7991a4d79cfe2d5f85b66a21818a39b5edb81b

SHA512
4f51edd1ce49e443f8fd12ef322e2fec28bab4e498f0d9a9fb31df99b9100c1154a3a4619b319ecccb0c174c8f4bbdadf3457be221a5803fa5161373d42a9f87

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.2MB

MD5
d9cd3a92cf4b2535a3ac4abefb421ac0

SHA1
14962e7603ea801304b46eaff33704a54d11aea5

SHA256
59016850618fee76ba844ee58e0200b749a267902ecdcd2930b2fc25d415219b

SHA512
d5fb5a8cea992da166b0b653cb626bb1b73fdf5c317f1e16a0a914e3d4daf23178172d8c67015d26e1d93c7a1077340d44f2a11cd61822d9b4a2deb68dd5e2d5

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
b965d84c9d37325ac235479b863188bf

SHA1
af5f805a21aff799fa85aa2b6fa411f6ee3a4c17

SHA256
d864697ed6060f6cc43cc9d32f75c4abf10f2b1e1074cf520c15992020fa2a3f

SHA512
d8e465f0dbfb8e86585c9617d763b7d22aa165c66c1d17086e605d3723327f8f9a79ad4ab35778e72e0ef048edf8ca2ac7d340a87a089ff3022b55f816d93eb6

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
fd996d63033c9baf8c78cae09604fa46

SHA1
514aff565dcdea738fbc8f01a7233f0c3a3ea2f7

SHA256
2a1c0fd2a18099e9eaace96527645621b08b75a27e81f45c896ab569bb6e6426

SHA512
3ed7472c91047485fdf67bd9770f1130c5ce60b8180f31bebf7092fad5ed21f0012b875dc018f5017deeda9a6b0ebd8e0d2fb21be1b7d8e9b23283a2424f35fc

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
4793639a3ae6a00c0d3c94079a35bb2c

SHA1
a6ad08cd309d59ea11c5e303ec65ffb35e7a7bb1

SHA256
cd171f2e2e671c2be7a8171bba12a574c5819ffc683d1a13b397a620b31eeea0

SHA512
76e18268991b77b602feeaa194708434aa838b47d4338d3b998562599ce5282d4a7c46e6660732b6cefa1c94b223f62e60ffaebd2938c3170cd55fc9a9d602f6

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.4MB

MD5
8c3384c1bb3c7bfa3a03df027b0591e4

SHA1
e33bcdf0e296786b5e30e55e7af6ccc50a794996

SHA256
43fe5716d4c3d71425943744c6256630e5dab5bd32812a7c5c289c16f1da0547

SHA512
6a9adf27e8074fb1d2b28c05e512a5061826a65fd47f583bc9cb2bb12caf5c62373a768e550690952d659a4f9ddd4d78878368ac5bfe57ca1ced1e0390a4571d

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
08033a1f3106601900a1d9bdda5b0471

SHA1
5727c69b9068a71070b593e16113e64035c41bf8

SHA256
81a43057ec610e1a20ab58c36d4748b17c4778210424c3f70cf830fc5fe3d4fb

SHA512
ec217bd14a431994b53677df58520edc12632dc0824bf82a40c115bc3976dd70113b32d6b3d1da235a05456daccf789cc67b692e91a806a673906d1dc0632dc4

Download Submit
C:\odt\office2016setup.exe

Filesize
844KB

MD5
22f308c33e04815d6b88713929952a77

SHA1
ae68e161519051af49f385304b9650aa798e72ba

SHA256
52186478fec14277cba72c475cef62bf2bb33710070cafa718be4ddb61fc59df

SHA512
d9ce21f4034d7d78532809a3e3ccf13e7025c1c7ae04acde4660ca8ffd626db885d0d78d28d44f9c9a4e67c0958316f092a85058172c6aa5cb4a4383aa93729f

Download Submit
memory/116-236-0x0000000000790000-0x00000000007F0000-memory.dmp

Filesize
384KB

Download
memory/116-230-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/116-490-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/116-531-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/116-532-0x0000000000790000-0x00000000007F0000-memory.dmp

Filesize
384KB

Download
memory/1204-537-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1204-359-0x0000000000880000-0x00000000008E0000-memory.dmp

Filesize
384KB

Download
memory/1204-282-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1420-132-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1420-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1420-366-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1420-7-0x0000000000B30000-0x0000000000B96000-memory.dmp

Filesize
408KB

Download
memory/1420-6-0x0000000000B30000-0x0000000000B96000-memory.dmp

Filesize
408KB

Download
memory/1420-1-0x0000000000B30000-0x0000000000B96000-memory.dmp

Filesize
408KB

Download
memory/2100-202-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2100-131-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2100-134-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2100-140-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2196-204-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2196-210-0x0000000000800000-0x0000000000866000-memory.dmp

Filesize
408KB

Download
memory/2196-267-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2472-269-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2472-534-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2472-277-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2924-186-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/2924-175-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/2924-240-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/3192-249-0x0000000000560000-0x00000000005C0000-memory.dmp

Filesize
384KB

Download
memory/3192-528-0x0000000140000000-0x000000014012D000-memory.dmp

Filesize
1.2MB

Download
memory/3192-241-0x0000000140000000-0x000000014012D000-memory.dmp

Filesize
1.2MB

Download
memory/3304-88-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/3304-144-0x0000000140000000-0x0000000140141000-memory.dmp

Filesize
1.3MB

Download
memory/3304-13-0x0000000140000000-0x0000000140141000-memory.dmp

Filesize
1.3MB

Download
memory/3304-12-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/3732-222-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/3732-214-0x0000000140000000-0x000000014012C000-memory.dmp

Filesize
1.2MB

Download
memory/3732-280-0x0000000140000000-0x000000014012C000-memory.dmp

Filesize
1.2MB

Download
memory/3804-170-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/3804-161-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/3804-162-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/3804-227-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/3896-112-0x0000000000C60000-0x0000000000CC0000-memory.dmp

Filesize
384KB

Download
memory/3896-106-0x0000000000C60000-0x0000000000CC0000-memory.dmp

Filesize
384KB

Download
memory/3896-105-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3896-113-0x0000000000C60000-0x0000000000CC0000-memory.dmp

Filesize
384KB

Download
memory/3896-120-0x0000000000C60000-0x0000000000CC0000-memory.dmp

Filesize
384KB

Download
memory/3896-124-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4012-152-0x0000000000C10000-0x0000000000C70000-memory.dmp

Filesize
384KB

Download
memory/4012-145-0x0000000000C10000-0x0000000000C70000-memory.dmp

Filesize
384KB

Download
memory/4012-147-0x0000000140000000-0x0000000140161000-memory.dmp

Filesize
1.4MB

Download
memory/4012-155-0x0000000000C10000-0x0000000000C70000-memory.dmp

Filesize
384KB

Download
memory/4012-158-0x0000000140000000-0x0000000140161000-memory.dmp

Filesize
1.4MB

Download
memory/4048-160-0x0000000140000000-0x0000000140140000-memory.dmp

Filesize
1.2MB

Download
memory/4048-95-0x0000000140000000-0x0000000140140000-memory.dmp

Filesize
1.2MB

Download
memory/4048-101-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/4448-199-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/4448-190-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download
memory/4448-253-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download
memory/4988-533-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4988-256-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4988-262-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/5020-189-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/5020-127-0x0000000000930000-0x0000000000990000-memory.dmp

Filesize
384KB

Download
memory/5020-118-0x0000000000930000-0x0000000000990000-memory.dmp

Filesize
384KB

Download
memory/5020-117-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download