643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
Size

1.2MB
MD5

e1fbdc1b2a6485d545e65a34dc19b8b8
SHA1

4ba8dd06322c7f2a48f63fc3b86099e757090ccc
SHA256

643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8
SHA512

af3fb839a4c6d7de85af1e6c7956d7f5a8b22f6b4659bd844dd0a620bf3d307e88b51e855c3d947ce42c02086cd9911373978636960c2a20fe52d9e4175e7454
SSDEEP

12288:MdL4+/x8J7ct3z5htUcQ1MlhrmQgwwJzt5+7fyZkCtXFiWZF/3o:yL4+mIJz5IcuMlQHJxrDiSi

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 17 IoCs

pid	Process
1536	alg.exe
952	DiagnosticsHub.StandardCollector.Service.exe
2592	fxssvc.exe
1860	elevation_service.exe
732	elevation_service.exe
4832	maintenanceservice.exe
4452	msdtc.exe
1244	OSE.EXE
2668	PerceptionSimulationService.exe
3232	perfhost.exe
4352	locator.exe
4052	SensorDataService.exe
1008	snmptrap.exe
1716	spectrum.exe
1560	ssh-agent.exe
5016	TieringEngineService.exe
2972	AgentService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 32 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\locator.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\AgentService.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\5c7fffa712d07ad8.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\System32\msdtc.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\spectrum.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{90C18CAD-5F48-47B1-8376-0F604ACAA84C}\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_91140\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
952	DiagnosticsHub.StandardCollector.Service.exe
952	DiagnosticsHub.StandardCollector.Service.exe
952	DiagnosticsHub.StandardCollector.Service.exe
952	DiagnosticsHub.StandardCollector.Service.exe
952	DiagnosticsHub.StandardCollector.Service.exe
952	DiagnosticsHub.StandardCollector.Service.exe
952	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	228	643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
Token: SeAuditPrivilege	2592	fxssvc.exe
Token: SeRestorePrivilege	5016	TieringEngineService.exe
Token: SeManageVolumePrivilege	5016	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	2972	AgentService.exe
Token: SeDebugPrivilege	1536	alg.exe
Token: SeDebugPrivilege	1536	alg.exe
Token: SeDebugPrivilege	1536	alg.exe
Token: SeDebugPrivilege	952	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe
"C:\Users\Admin\AppData\Local\Temp\643e21c20bc78ecb8023fcf65903b664bb733fa1eab83917d487b71007e8d6e8.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:228

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1536

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:952

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1384

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:732

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4832

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4452

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1244

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2668

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3232

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4352

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4052

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1008

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1716

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:1560

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:5060

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:5016

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
7f2fa5ac539e8c6957eb06746f1ab931

SHA1
f0cb70da7c20404d02ec292f3cfe8cdfd5aff422

SHA256
22d0d446aeeb7afd4d0abe4e8f54c9147d2c9d4808e1ab47b9c5f13764b1e60a

SHA512
b21613243e75189dff10363f7444ab399b35349352df0787d0e604b0e85bd0526fe2fb4fd8508fa6e0b156071c3636bc5e0ae51ec0a5216ab2366946a1b9b336

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
74d62c4a5b6842d8ab7b27fc3e631f3c

SHA1
64af234da256ee13cc78df4c7eaeccc97550250c

SHA256
4d2f6980bbf7b8d2c3036f052ec2bde23df5eeaee6d82a4b94bd7edd42c4de2e

SHA512
b06c2ad8688b06501d60c96e3064a8e4d8a3d5d8f936d67dede0ea4f4c70493fb0f41f013b022edf8fcf65202894bbe3ff0b006cca4128769c0ea050670c52c4

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
ff3929857900710aedb53456fe46a654

SHA1
0313b2d4ff44d6c50a7108fb2755a2313d89b953

SHA256
e211ab519ceb22be5cdb1b3c1dd0c5b3468ba50cf6db37bff6b66deccdd7c37e

SHA512
8995e38fb99ec50ff5ae3af9855e1d9f56d130c2c2c1164a2e1d625bc129f3a4352a94d02416e36cd6d7fd327b7ec0f223eebc284ec23b1b5a8b2791fee97400

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
e3f7d7953b86abd8e807554cd5bcfd25

SHA1
34d3e80ab316bc64bba6a3e4666bb41af2be0500

SHA256
9f01e383aaa2f26271cda6bbfe317d2e6cf70ad409c10a2ff1eefb270fa5d1f1

SHA512
b3c29666859be6f46d1a0a946e090020c4186def22278b5a802f80becd02735925c405fce6e0f80e3cb305ee161edc1e1846bd37cd6fd9d12c6bba9cd870b152

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
42cb9e2fda8c1ff16e20649dda6e59df

SHA1
d2ddcc6cce5207e7e3f0c5c7ba751acbc914c3c7

SHA256
2d458a55e0637bf9086862053907182affc28fb5f4dd7c98c8253458cd323263

SHA512
aaab2dd0f2e0103050cfb370ed16134727a632685315860937ca24adaf4199f6a0f6df390309596919735b0a9564531446d59e3ea8394f5e3716a11b1ed59f95

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
914adca137d3afd5ae9975e30880309b

SHA1
0779af4901159fcc79449f88fb3aed1611538162

SHA256
078fffa5f4b0d673b3f34964f9c745b125a8cc00ed61a740a39c85455c301d73

SHA512
3c968c63ddb81e4f1f1ee86a7cdb178453bf5d38474bf7f8f681916910e3a5b2f63ce91dd5a0bb94744dd04c92695c00e4dbe18e53c9a8b2f765ce44e512ca1f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
67ef53f90424813d914aac4eb3d1f7f1

SHA1
c6c095dd44681b5c47ef0d90f4f456039e89aa9e

SHA256
8762bb6b450839c5f9c7b1f9b617eaa6c54ecd5725a005517693bda50ce4d4a0

SHA512
62a747ca743f6df4efbcb0e9b3744a0714107003e8ed5c85588a81b3bd8fcd85a1cb878d77087411394be22d3ed0f62a7d1715bcb4747032c18e869b35011654

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
d8f07edac7ea5e5442fcabda08e8d161

SHA1
19e1f050e2fff76707dfc5df25cf93d6c1b04687

SHA256
3d24ff346e43cccc803850c9d2622750dd3bbcbe4ed9a4fbe84cf2b2c8435d54

SHA512
df4b89eae9f9f3c475156d1cd6e6749e04c67311e8e3d799875b9f9da4eb55a2b602a1e1cdd7063f37b147b8f13c441467679ed3b21fb0e0247af3c109fb3f3d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
9098b1638d013e8a57018255e654dd4a

SHA1
31d30e752847916d1032454689a28eefd6675a30

SHA256
0a4ed986ec6d0b98cd5a98657ad63753423af3bdfbdb180102b74f6d211c2213

SHA512
b6fffce41c58f171cfb788ce0765a9815babbf6ec2ae0cd943802b0e6d7e658d9b85fc737f0b6a5b9ca14428c6fdc250f2d1ff2e94cd472fe85e8ae018124a9f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
3.8MB

MD5
6bb6052ecc8380dd7f18d1ada705dcc4

SHA1
74a69174314e980521265f703f5eb20a5426b0e9

SHA256
2cc566037d863b174a747ce875da883eabd29785e810c2b419924f8a1abdbc61

SHA512
7a094ac841c687eabfdae9c6497c6a56c7d2544680496e47bfcf9320d6b5f31161bef8296fc8e62b336e42fc30c815013a12c96003a5d5bed0d1c1cdf22a6d4d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
25cfbc54efde5dafc655253ac46615b5

SHA1
bb825f36c1f3420af0ed672df1d637cd64aeed22

SHA256
18c4cb1240d8c9b1aea836cbdbdc45eda1810f71d7ed821b010025e36262790b

SHA512
cf7eca25646a1dd1a6c1f54598484957797ebbdfa8d6234f6221531fdc87006a6406477457ed55a361a2a230d0e31b84faee5d27a3c57a32603fabfa8d3a5e54

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
3e22cbc056bfc50559e9006f01dc8feb

SHA1
997afd010038ccb460966f9f154c14f816943226

SHA256
ce23c679a7a19d248e9ada1f967d937bc9c1aa33ff9c13ffc436044b166d652a

SHA512
5fcdc66e2c4cf921c2456f616cfdf6aeffa882a156c9feda27a8a4cb5ef2e90136ef522de0fa0e4634afe3aa47d3c80b10455f15a5dedc16f0610bd2fb5117e5

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
53eebe074761eef23e4d419b16c05dbd

SHA1
518aa78b2787ee094ed82097fd6f7bd2e4b42aed

SHA256
6344bb978828f8f753bac8ab5d82f359141f3ec1097d8dd9d530615b8503f9ed

SHA512
705ccd8209f1e975bcdb931ed282ded3f070eebd324088305b1ebc3a00ad8cc1415803f7cc2dc2e434e89cf7558bf6d93ea05948d926c17b957fa084d4839f6b

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.2MB

MD5
00d472ca5a1a22f159cbf6b054589d51

SHA1
08c6788e9a7639a931fc67b565f39ae26343b550

SHA256
6b772948ebf0acc80077b08a232be2071a9a9a1e533b33ec12f7c5f3b58a5ca9

SHA512
ebb900a54a53d4dfe96a2ba1c85bb0b0733f48d780625595775dc1e51b4ca4dd90a984b39b7f4b8e760d82ab229d00932b5534343daff60a900b4c580c669263

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
128KB

MD5
2bb39febf0dec3d1df9a1206915a7278

SHA1
df4e0464b698c4c48a33d78dfabb0da301bccffc

SHA256
bfb2e1131aae977366064ab38e5dd67cc8bc63814d2556b6e646800065dc0571

SHA512
a2c5f622a2e0178875e10fa253a8124e0f7e4d77d7ee90780607e3f37e38bd59fb9bbf6e0fd0a45c1e686c7ed2b5ea2d4ac0fdf982ac8f174085968ba562d11e

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
256KB

MD5
81f2e5623980f892b8a81c3affa23114

SHA1
00a06f45a115c8af96707db285f6d5e81251f998

SHA256
49fe45ff4adc058d995f4d2034ac5fc9e80d1f498474c7337cf94a2aa5fc96fb

SHA512
921f231cc5e6e177fc9f9b76fb7e18583e9d12a6dade1b45adef560f08b2e91d41907df8e60b2e10f367eb1106639cd075ce3d7a10a4d6ea0b6e7db93f45f288

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
2bbce5fd563c1f11a4f77c254df468bb

SHA1
ec1abe55a79e77301ab50aedc5529bab4b0282c5

SHA256
272f18b3e10804a6ce1b5e7b134ea1736f0cbb544143e717b0785d66557c0cdd

SHA512
55f26ea6995841219239e582cb5b3efcec9f6f89c961fd9441a6fb86deb3555805ab324942d362d474cb8773b05331c8134b23879f7466de8f9e743fe3668931

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
58c03ca1d0d93e8dad661563680bc641

SHA1
91b7286ea00c42547651b248684740b487b296bf

SHA256
022a0436d990347a42af73fc3c5fbd8e5baa30b2eaa9f19b7d635cb09476b11a

SHA512
7deb759563c49fd684132d3b506385c2c27b64578b735d65061d5c8622db03fa0122b33dea5bb7e730342f4b512f955fc5f5cfd59d00204873985c413c6c8387

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
128KB

MD5
b28242ce1bbda04defc18254ba201724

SHA1
50cc67ce93914898b9219d419e2f295314bf3551

SHA256
442ffeedcd71d6f2bc6db0d337abe282fe65d34006fcd67c63be9627be8620ff

SHA512
19a2d1250a1208d0b83360b7713bf336a53c33eaaf564b186ebc937c09a6dac539f6877b2eaa39c666a539b694f69d30fbbb0d0d7d0887a8e27557cce16a8998

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
128KB

MD5
e850f397f94268d421fb18f770051d57

SHA1
332d4025bf96ea3706f404e3d0652be3a63777d2

SHA256
9f0a54ecb0008cf113f9d4c9940281fbf4929ac4a359225ff91eaed950269f69

SHA512
cb810db0b6502dcc2cc37da853f491f5bbd9954d1938bc731ea333891c53dd59af0131dc7dad51db05083f21f879151f53646dc129ec374899fb4d465ccabd0a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
115KB

MD5
5e02e3cfb57b6d47a807ea32105b0ec3

SHA1
7d06951709358901d86f9e691b3da228c6d4a0d2

SHA256
b82787de1fd6424879e9e16d17d0e7802ec491a89da5600f7313528e892f627a

SHA512
4601de01b334d034fa1a77ae48e88bead4eb4f4228c55fd0e0d3bff4ce4d4a8e9b952cc29ded955d18a0bcd52acde5d811bc77c0a13ebdfa03fee1e46fc66f49

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
115KB

MD5
7d21df8235bf878c12477306bc3be723

SHA1
b0135e416ae24509c53eef92e3378d10462065f5

SHA256
35e1f22f06cc69fa828fa33782bb6c660c353975c8475b1f3c05b706384ff1f6

SHA512
6321b33bdf8d82e11245270042aa7cd19240700e767bd2cf731d257080e17678e33294cb25e10787ac0c378ddfb0e4427e482b67541fbdfe46d04603cf8ada08

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
115KB

MD5
b657fda5bb405bf1fa073e1a999c1896

SHA1
8528a2ec99cf0f2199a63558ca87c648b1f5faf0

SHA256
7436d5762bec7d497388e9716d52056aa59ff65c663d0ea4345e614fbf92300d

SHA512
07165ec99682fa7d1a70e25ea27ab426083c8daea3163116391af163fa03ac11aa94fff5daf17f6863bd850f26d244a3a444879d316e7f0ca4c3c2a342f01b21

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
82KB

MD5
8881b076c43559b0e179c15e738cc3a9

SHA1
9af09028b4a0a8b00263d40cc565f97a38f89f89

SHA256
2ea0f9a5caee9b852d365ba5a22cc5ed95aabc189e788671db8ca41a41c9c09c

SHA512
76971d89a31f24c042e118b50deea7f128d786a3bb2a2fc58003a16892785d8ccb76695445293c7ce26e5f9694c640ee72700b27ffc2f23497b0e25a5c479b73

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
64KB

MD5
b32e1662d6a633e518ed0890663d7b4f

SHA1
4dfb8b9e08dc999817e02eaea6eb95f6fc49dccd

SHA256
ef5b039be48b04e8e2cc4aec3dbc74302021a74ce4d552a4ecb5d8ce6b09d8c2

SHA512
89e0c947f2e84b38eb6b5648301f42f2b059dcd65206aa99114b02b5e719bf8a8014f944533c62cf7cf5d2f7ee76061a4d70c650f4278fb60468049086ef5521

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
64KB

MD5
ec293dd16bee1b16aa894bf8af664872

SHA1
66854c52fb757627145f355fa0edc4b836a27726

SHA256
6a4fbcb97e3c62b6947baa5a55de1c56bede7fd4008698216fe6ba2ca0b0cdc2

SHA512
b66afede98c6cb920fb9604cefa868314ee070716e0d8376de09ac2c501001b34e55572d9c193a7bb866113d31cb190ce120dbd820992acdb9f07ce684e8b2ec

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
64KB

MD5
d210eb6634e0975fc1c9076b57de97d5

SHA1
1168b871fbd22d383dfb096ee2fc8ec8fe4efbb4

SHA256
47bb67509690241ce5d4e36f4f1440f350a8d1028b2f9d31fdacca94d95ec2cd

SHA512
ffd59b1146de50a776bd57f59c9d06c24e9c198c61f4d8809e84ffe49bf92114f0a587fa4904a924efc40493ed71d22f121d2ace8ddc83490fb85d962eff1fd2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
64KB

MD5
17a89d17ded445605ad42659af3b809c

SHA1
2ee4fdae83cc8bd4b11353658437ebcbc9812540

SHA256
5c37bcd6cb752023c32076711b4e36c141033942eac4a9a9285fef882447f73e

SHA512
3e55afec8019f502da322627b34a5c4bf74da2dd780fc36f06875dbe8b1f588b2deff617c6926dceb6d1104a10d665fba3e8edddcc2370efe70f3e60232c64f2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
64KB

MD5
f44044f9d9876d763aff9e7910ea701b

SHA1
0b1e2d70d6be90955408dc21f25d60f79335e6fd

SHA256
8c21c73d47ddceea1d36ab49f31d4c567e0716e0134d0dc281401d90c2298e0e

SHA512
03ff3517687fbccd25d4a6ecd49e7c8092c770ef6b77c02559e5f8bb819006d5c92a0367ef2b9c43bd186cb20572617d0ab85730e4206e6390936c12dbc1c273

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
64KB

MD5
d638caf9fbd00d93a99f5f214ac8c6b7

SHA1
8a6ec82545d7c54835c6cb60f19075c6e0bbcad8

SHA256
1c3ad3121fe6597a29c3e766178255b79b2645381e39d8752d1a1bb7ea4c687e

SHA512
e2a7e7f454b412d34ef1133ae837ee533db88ac40c3f1547e431b91ed362a48394a00dc7514a8fff762f4256fea405815fad77024d6d121a85656920e20f5e24

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
64KB

MD5
cf7770c3562305bf323125e8af17e80a

SHA1
8314f4e2ffb284961a7ec95c16c92e637c5c821b

SHA256
14ae02cdb095c63709228b81ab499a8be13c5d11d01aa7f7032e16c8448e8ae5

SHA512
ac6eb383ca10a995153d2d5b30d58c840a15fd4a0e5fa05aea2539089379d00a6a98843f871dc0576bd5f50de9c9a7da7cc924a1ecae49455d12f36b93fd60da

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
64KB

MD5
b2ffdc046fbe95e3bd86c2611be4fa4a

SHA1
e8edc009adf4b86439c55e3120e067facdf181b6

SHA256
319cb149b6bd3ec71e22f944d2eccb4bfa61b880ac8855d91d2edec9f86006e2

SHA512
3bcbf3145fa29440d557b3ccd46135cfcf04fb16282f15df492d1782c247e7d6df47f04ad8f7d4bcbd85bc9996c78ae8360d2184ca735664e35cce865a2e336a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
64KB

MD5
fe5d41cb34242b27629d5c48b8347475

SHA1
2d655e67294375f704105e7a215955956fbe18d1

SHA256
dc2b8a48859b30a8cecc7cbfe56358cfba1244c7fcb4ee77957d5b96d7f3864f

SHA512
9a3120f43bd56388241e806fc2bbebaeaa0b808e4ee8424154bc3c27c17c64528641246a49512f44cea428fbcf46f4b5752b9c1b91840b6ec1d2f3e9862d1c15

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
64KB

MD5
edb9056b4762fc7e3de691de9060b9ec

SHA1
8dddab3099ddf63f4e85585edaa5bd6c213709df

SHA256
f7b280b7cc2ccf790bab0c7442558200a35bcd55f1a12c047f7fcdefd12d6f0a

SHA512
24dd9e9ef272f91aa6be8b6e5819f3535684fcb441d90ec65fc7b8183b55b54d4dda44b51c61a6dc50b13442be9d92851384424d36bfe9d112c228f98caf3722

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
64KB

MD5
cd43ed23d19b3e94e2106e7027f6c34e

SHA1
bcb32b01a40469cca0e2251f04413265a5aafbc7

SHA256
80b31fe0c10485356009616d4a22632f20de3cedd0c6bb657f0c5657c8a68542

SHA512
80b116fc8b4b2697fcf251457bd38322064ef03def667ed9b82edd9cd1ac2b9bc1c1d5b4e49c24d0f8f6e9625f1cd9b486fbcc39a3bfebc6b4b0754dbaa9783d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
64KB

MD5
91ccb07ebe0c2279ee93275378b06de9

SHA1
e164ef6bc368a454213b517b532fdf87c46edcbe

SHA256
4e6a5e814928ca30acf590e43b5291dcfd6ad9ec7b745c7dc8945bdb489fc4a5

SHA512
ef9c7731f59281bdb6a6f118e18f2a773ee22938f75a49eda9e1e284f4ab043d1d6c5f139b8e5a102fc277c60b7dcb7e320ab76d6a600b1ab8e212c9659ff6af

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
64KB

MD5
ae6060afa20da53a66a4ec57fe152833

SHA1
553958988f102c24a935e62556b093539992b118

SHA256
de36c57870640e2dbc54db428d1f95881cb652cf67bd82dca36b3831d40889e0

SHA512
4cc23244aaef7d6d25fbc4af24ac219962804d92f17aa1fe581c96d42fd973245eada53544a4da86618e5b3fc81aaca26c613cd15fd02dae0b5ba66abad883ba

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
64KB

MD5
4729d449c283c76058eaee66f3458738

SHA1
57a3e960c955ddcc268c43b6d1c4a64d0e32e379

SHA256
305c6d6220e7d4405e1a576da1474dc560ce36baba5eab0cd9b5953b54137472

SHA512
899f5b7d6638b3e930498aae7603f398ef69392f2bf74b42061caa94fdc569a487f8c5adcf4d5973391937770a1729b963075364a0640a5cdca52e2b773e9fec

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
64KB

MD5
1ee03b8fd2d737a17b1c3fa95a295715

SHA1
b71549ab582bd6ca54faeb049f28b485037c3881

SHA256
61fb96af2d6b28e1268c61037607616d4c5c3955addceec2d267b5ab330ecca0

SHA512
a7524ba7ad74040e58e344f91616094dcfe5771abfd0cd5c7dced14afeea58d8b89e6a7e8fb310a6a16d635e626d97cf817feaebecbfaa688a343039689387e6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
64KB

MD5
b91b1fc1f6dcbdafa63cd7ece85b9c99

SHA1
55715b194f5a772ff60bc90d716206f46dd5096f

SHA256
79b0852823f84e5a0610e697f01699cfbd7e0e6a82ba3ce08d4d1586dd469a60

SHA512
6590a6b1070bad30c83f5e4e5115acbd0328384e484ef3427cbea53c8f9e7068e2cc6642e11119020d4372224c4efc2368bbab74025edc520566c225fed0b9e4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
64KB

MD5
59d9e736cbcc4e314edcc5b3ee358f5f

SHA1
96d01fd2acb11ece5f8defd71d30870dec56371a

SHA256
546772d8449b241ae80a65a7aa4803728f6c8db025e7e899b7abd21451954e53

SHA512
780ece4213ff57bfb343bb9a83bfc2b9cfb65a3d9cb179931537386cb16a08af28382677f03d74eb37e79d544e007fe718a7595f51f51d55531d88d858805385

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
fed5108d5abfe89a6f7d08ab422dd2af

SHA1
69ae3506038bac33691f9e707fe67c89b7db5f13

SHA256
e75b5eb9f00fb39d3051dc5cbf4bb73852ebcb42b8d79d7847a4e03b1138b3df

SHA512
c4fd7ec4f808b95d05406981e7ed94498c67a8a66044cf77ddde903fe292a6b6d18899bb5f0e6faea10cfa1d20cf8b45104543159aed5fd019f61bb47d06d4f2

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
c0a01f5ee28e8c87f3adba3065d93dc7

SHA1
8792dfc98ec407f8074e6c98c3a7c48b62bbe8e9

SHA256
e95f004568eef91d5ce09c53b6df272e50b75664700c4a8421947850ace3998f

SHA512
5160ddbb2285284514d64bc39a8f6449a5b11655004cd25a81b5713a75af593defe0ee5aa1b8efd3e9052e50b83111949298e8421d743aaed5f77e88cfad373c

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
ca5167b96f0fde862ceb9759238d31ec

SHA1
b0a0a07e86930ba21c2a8901e9b7d016a5a5110a

SHA256
4d52b371b45ca39235acb0e58d65b9f353fd1fc73cce125e83db7620ad9d4e6c

SHA512
f8e4b4a73f4d52ee36eff57b78a9a88148450a7ba1d6faed9985aefbb869ae5d7911c222636ba7b4777454937d91cca9819b23dcb5cb922c36c9c63f110d06eb

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
384KB

MD5
16e6fa1f26b1065bd9e364f8a11a3083

SHA1
87a82dbdeac1dc01ec08c005e8663565764cf557

SHA256
f88073f878dbae52a8d38d1f6aaed05659c1894b54f4308eadeeed7adc7ead36

SHA512
1dd3bbe06b188a05c452d23065fff1d96b62bb89bb60070effe3b435bdea8e37eae5a98782206f7a0a8385d9115f166f8275782cbec03603455dfd397a3da160

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
06608a7bdd0ab303e29b1d0ae928f3f1

SHA1
5d482e44534142210b6e6fad55082fc4b7a24ce6

SHA256
26d76f75ec0da4daea9687980d0f0d30e4aa5e2079f58c2361b83779b24c8200

SHA512
52d43ad26a6c86cba31fcd4191fe3f8c1f259e206dc78260f8f898dc85a2d762d700922309f81a9cfde5afba3364cddc87733f428b5cc8bbae959caac83ea03e

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
3cf264f40bd16161296575a40584ea48

SHA1
a5179399412bed8ac44bb540080a311ab8e99c39

SHA256
9850e94c799ce2f735424c9493628d235eae52949dd211cd8dadf8ac2fd4b99a

SHA512
59c641a3bb55783fddc38498ffc0751178ae9fd929cc1d5b486eebca71aa70b287842a98477bd578d26ba5e8b12f6500b15f2684196e96ac691ea22d2a22e5ba

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
a52847c74c8f29a4521e7019efb04345

SHA1
6ff260b423633f34e540a91059f415c23330b0b5

SHA256
c51eb6ad45588e8bb6ba8e1a873eaa81202ed0ab2a8cb0735006937ca15536b3

SHA512
b829d53dc7f9ce36a834a687fea5c7ce4f5c387674fc2dc0c2783a161ff271db7d3850a305bbd77e33aa064daebcbb9b5ce26eda17bc9b2dc7ba13c5625bb192

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.2MB

MD5
e23e986be2fd45b283e7aa4ce18fc278

SHA1
5725e27fdd7efa752274265b32beec5c1101dbdc

SHA256
a52c6be39ddf230703ca431ca0392c3cfc0cc7263c3114a99df60e71e32fee0f

SHA512
487bdc148dde6777a990e4a38dccae418255d5294895722dd9bcac8925ad693e47c846daa9660ff4c12b8b1620d7b11044c98b722e9218370611a04f42d13bb0

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
00e40294a46a8327225888f95d0e6376

SHA1
ed80d0511b98a3b92b40182afce08d345e4bb30c

SHA256
34a44fffaee2ba2500d2e75af1a842421b64f2f76f5b16b41ccb32b712495d03

SHA512
3b96d61b5f0cff52fc1f8d85fa5b48bc4af7898cf85ade8b7dbe42e1def05d5ecacae91ac8ba604b940a3876f2f8543cc0fc4a25274e5d28d89f73c564ba25fb

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
af9f1f2960523562d066d77cef3d0ca7

SHA1
1aeeb5fabd4dbc11328e9574cfc0b825d4d3657d

SHA256
ac8e27f280afe1a56bd8a286c50f61d2330d30e993d782773aeaf1a9cf5900ba

SHA512
7395d38c3b368b90593d83a08ad14d14b3bab7f93ed30519c5fafc03056acea6148c97addfe54ed7f353491c3c338ae3abbeeb3a7bcfb6ed1d062db97ededa29

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
80c8b43565d1b55f9dee6e52ba422d4c

SHA1
73aa19b39bac30b7603a4beecbfdbf521144fa66

SHA256
3cae8801877d9918cf52b07666fe150bd3dadd7aa0fddc4c24406bb663d59879

SHA512
49cd7be19bf9b498f3555889088e0287d48f9a36ec143e3cae108cd01f38c6cf2d5d11a09f6e6c398e1c7dc837ef9e8183a89bf3af13ced6bb5af022af82e6dd

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.2MB

MD5
32778c6de2cfae9f8a08a572ea928d20

SHA1
5f180b74a2e74efb1d502771949bd967e309328a

SHA256
0075e44368d096a4bb81f8b43cf3cfab8773fbd0c22bd647ff85b64a80443530

SHA512
a55f9a3e49f1d23f50d58b5b9d451c0e60e243714ea0206aa838eefb4b4d3593b37f8ae30c5ad2cf0055bbc0f865cac381aca3273dc6c588559b54dccbdc736b

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
739KB

MD5
9a6b9c75631c4647706d450a88215bd1

SHA1
0f4e03cb4c4a90a28e0072395bbf2a9add2a194f

SHA256
fa3a180b02faafd9f7ccd03048fa4716aa48dd98f33d53cf4da52b0e87fc8cdc

SHA512
ef2186c9bece42a3a0d659f83d7ea04a426979ba59fe19cf4212e65b48b26103df0cb847971c44ee85a4b8f8ff5da2c299ebd50e125650978ee6ce782becc340

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
dfca7bc1f0cd8f81454cf04b17c7c5a3

SHA1
d20aca19937eaf209de0ccb4f5010b82f0725b24

SHA256
c97a7fa878808eded9c69672db5d328203707a3b4e7fb3dce106b74b706342fd

SHA512
2ff2602b1e048d1c95aa354f9c24999372b8d19839da79c769cb025a92eb54fc91637dcd6fc560b206f4357870672032122aba48fb29ccd5b174b7d82f0fb04e

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
fb017f7adf27b36daa374982d266090a

SHA1
b1505a0735183f58b701234a1f032432f814bfc3

SHA256
3726f0aa3c92186e772ed557fc2d04c8333af020e0aec25af1c1e1e76823695a

SHA512
44bc4645b6bc5af9fb9e691e218f2fabb1bbe7cd5014c46e5703aeff75f58d36c2fc2bfd73ba7e843c6e129b75280970604434e8255a25e00f5dbbf37ac128f8

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.4MB

MD5
b3968f9f878ad09367c99757d76ce895

SHA1
223b6597bfa9999d7a2d61b6d0fc728db99c8ca9

SHA256
67b9a3fd38215ef228b59ff7769e8b1886feeee3b3d661437319d7435eb63b75

SHA512
bec5bee9cc5692596628b7f75f4342fa631fa50020b1fb310dc8f91e01803503c82832d5c4d248fcd507e85479331cabbb6fe6257e93a851e50ea2808e36746a

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
14017185749ba9adc44e1c5da7b5eadc

SHA1
5caa891643b10c5952d3d74c2fd620c85f861c40

SHA256
0bc3fb2464d228a6683ae26d1e2a2fe47590b9379dbb1947f113b759dda1fb43

SHA512
665d5e8927fc79b5b276d199df56cfc5b78813aad41417c06c1a666ce6f360b22c67f411794433084aea98e2b0ececb2cd2992e2beb0093560a3b4d4d701d0ec

Download Submit
C:\odt\office2016setup.exe

Filesize
3.4MB

MD5
c4c38fcf6944aa160f1ad60d01f37b24

SHA1
39e38ad7ad8a874d01d0cb4f31a6bf0605059a43

SHA256
a6665c542f40bdc6fe4008203351855b667f8036fd5a477a929613c4275f73c9

SHA512
9128d89297290a2c90e7db14e2fc6a69524e4844f9746e7bc8976b75530c38c856d797d80f7953c1d5716ba30977ef1bff6027306295ef2e9165c077a9c802ea

Download Submit
memory/228-1-0x00000000009B0000-0x0000000000A16000-memory.dmp

Filesize
408KB

Download
memory/228-64-0x0000000010000000-0x0000000010136000-memory.dmp

Filesize
1.2MB

Download
memory/228-7-0x00000000009B0000-0x0000000000A16000-memory.dmp

Filesize
408KB

Download
memory/228-0-0x0000000010000000-0x0000000010136000-memory.dmp

Filesize
1.2MB

Download
memory/228-241-0x0000000010000000-0x0000000010136000-memory.dmp

Filesize
1.2MB

Download
memory/732-135-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/732-72-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/732-67-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/732-63-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/952-92-0x0000000140000000-0x0000000140140000-memory.dmp

Filesize
1.2MB

Download
memory/952-33-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/952-25-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/952-27-0x0000000140000000-0x0000000140140000-memory.dmp

Filesize
1.2MB

Download
memory/1008-384-0x0000000140000000-0x000000014012D000-memory.dmp

Filesize
1.2MB

Download
memory/1008-182-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/1008-176-0x0000000140000000-0x000000014012D000-memory.dmp

Filesize
1.2MB

Download
memory/1244-173-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/1244-107-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/1244-114-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/1536-12-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/1536-14-0x0000000140000000-0x0000000140141000-memory.dmp

Filesize
1.3MB

Download
memory/1536-19-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/1536-76-0x0000000140000000-0x0000000140141000-memory.dmp

Filesize
1.3MB

Download
memory/1560-210-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/1560-202-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/1560-414-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/1716-195-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/1716-187-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1716-413-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1860-121-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/1860-51-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/1860-52-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/1860-59-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/1860-58-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/2592-37-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2592-38-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2592-49-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2592-44-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2592-47-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2668-186-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download
memory/2668-123-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download
memory/2668-130-0x0000000000B60000-0x0000000000BC0000-memory.dmp

Filesize
384KB

Download
memory/2972-227-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/2972-235-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/2972-258-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/2972-248-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3232-143-0x00000000006B0000-0x0000000000716000-memory.dmp

Filesize
408KB

Download
memory/3232-137-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/3232-200-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4052-411-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4052-159-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4052-412-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/4052-169-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/4052-226-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4352-155-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/4352-215-0x0000000140000000-0x000000014012C000-memory.dmp

Filesize
1.2MB

Download
memory/4352-147-0x0000000140000000-0x000000014012C000-memory.dmp

Filesize
1.2MB

Download
memory/4452-93-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/4452-94-0x0000000000CE0000-0x0000000000D40000-memory.dmp

Filesize
384KB

Download
memory/4452-100-0x0000000000CE0000-0x0000000000D40000-memory.dmp

Filesize
384KB

Download
memory/4452-158-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/4452-167-0x0000000000CE0000-0x0000000000D40000-memory.dmp

Filesize
384KB

Download
memory/4832-78-0x0000000002240000-0x00000000022A0000-memory.dmp

Filesize
384KB

Download
memory/4832-77-0x0000000140000000-0x0000000140161000-memory.dmp

Filesize
1.4MB

Download
memory/4832-84-0x0000000002240000-0x00000000022A0000-memory.dmp

Filesize
384KB

Download
memory/4832-91-0x0000000140000000-0x0000000140161000-memory.dmp

Filesize
1.4MB

Download
memory/4832-87-0x0000000002240000-0x00000000022A0000-memory.dmp

Filesize
384KB

Download
memory/5016-218-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/5016-221-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/5016-418-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/5016-415-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download