b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305

Analysis

max time kernel
141s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
Size

1.2MB
MD5

e8506577dff2c20adc232d1da815e998
SHA1

2b84e33a16662060d5aecc558953f0aecc1152d4
SHA256

b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305
SHA512

30ac40376b51740b407822152ec46226cbc995f7ce861280505d0a6e8fa68faa27dab5be1687c54b357ba8c1396d76ca74f05064aa3347776f284282f0eee5ca
SSDEEP

12288:Z2fqZiMwQJXx6a/YvRcFKBsX9Da2XbJda3Q93i8OPowY79pk/DCWN:wiZiUJXca/VQBIe2dhi8OP3YGv

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
3812	alg.exe
1560	DiagnosticsHub.StandardCollector.Service.exe
1704	fxssvc.exe
5024	elevation_service.exe
3052	elevation_service.exe
1964	maintenanceservice.exe
2112	msdtc.exe
4180	OSE.EXE
4752	PerceptionSimulationService.exe
2020	perfhost.exe
3356	locator.exe
2968	SensorDataService.exe
2440	snmptrap.exe
456	spectrum.exe
2720	ssh-agent.exe
4348	TieringEngineService.exe
452	AgentService.exe
3916	vds.exe
4488	vssvc.exe
508	wbengine.exe
2052	WmiApSrv.exe
3708	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 32 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\msdtc.exe	b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\74fdc7b0b3e2edcd.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	elevation_service.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{1342F81A-D5C5-42B4-A5E8-933F7759DA30}\chrome_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1560	DiagnosticsHub.StandardCollector.Service.exe
1560	DiagnosticsHub.StandardCollector.Service.exe
1560	DiagnosticsHub.StandardCollector.Service.exe
1560	DiagnosticsHub.StandardCollector.Service.exe
1560	DiagnosticsHub.StandardCollector.Service.exe
1560	DiagnosticsHub.StandardCollector.Service.exe
1560	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 39 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	376	b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
Token: SeAuditPrivilege	1704	fxssvc.exe
Token: SeDebugPrivilege	1560	DiagnosticsHub.StandardCollector.Service.exe
Token: SeTakeOwnershipPrivilege	5024	elevation_service.exe
Token: SeRestorePrivilege	4348	TieringEngineService.exe
Token: SeManageVolumePrivilege	4348	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	452	AgentService.exe
Token: SeBackupPrivilege	4488	vssvc.exe
Token: SeRestorePrivilege	4488	vssvc.exe
Token: SeAuditPrivilege	4488	vssvc.exe
Token: SeBackupPrivilege	508	wbengine.exe
Token: SeRestorePrivilege	508	wbengine.exe
Token: SeSecurityPrivilege	508	wbengine.exe
Token: 33	3708	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3708	SearchIndexer.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 5744	3708	SearchIndexer.exe	143
PID 3708 wrote to memory of 5744	3708	SearchIndexer.exe	143
PID 3708 wrote to memory of 5780	3708	SearchIndexer.exe	144
PID 3708 wrote to memory of 5780	3708	SearchIndexer.exe	144

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe
"C:\Users\Admin\AppData\Local\Temp\b5cd9d79a958824d45a45a7c8b9f08b317fb47756e57d13ac822e5e8f1d56305.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:376

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:3812

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1560

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4212

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1704

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3052

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1964

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2112

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:4348

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4752

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:2020

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3356

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2968

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2440

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:456

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4444

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4348

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:452

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3916

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4488

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:508

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:2052

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:5744
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 804 808 816 8192 812 788
  2⤵
  PID:5780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
797KB

MD5
f34ba34ea78c2a1e6d32cdcd2c6a61fa

SHA1
4cd243ccc80fc1a6e1df82fc5bed08c112426bc4

SHA256
39cb4460692dcd15dd0d78815fa69cd649df793def246daa5ef21dd1d229683f

SHA512
464a60355bae60e8e29b88819e80b27a4e96ec8c3873d29fa4a7888ce90540e6aac374911720d03354ef9f54fc5a1810720fed50e8d8bc8a193041f6aef6e00b

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
682KB

MD5
caaf9fe3e991ae06aa478c0c8cd96c2c

SHA1
5d8f28d181db606271234fe01dcbde5cd92f142e

SHA256
b8d93e8cd3044fe91ab36c158ebf72c61ab898af75d25afae2ae2c1ac2cb34da

SHA512
e490c0732a410480849e266376d368626687989275755a124c50e064a9e0b731f9999082aaea3b68daa8996808e01ee1c3de508c0de6f7a460f6e3214e7c5655

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
298KB

MD5
6785fca1802c4400db9a422b3f79f925

SHA1
bc54a790539ae3bbc8d31c7fadeada8b10bd7f42

SHA256
228512457cf3f6cb1cf6b00e8ce105224ce574d424feb67c847d86d8eed0ae55

SHA512
e145379c2b64e834918e1796cea876ec39476c47242f4992fb959234232317da23dc730dd7470b5564400bdfba93118f28ec3c439f7eca15dacd3a44a5546a35

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1024KB

MD5
2dcab741abeefeedf052c08a3898ba54

SHA1
42694c7166ae22dc53f950fd551f7cd77d04a623

SHA256
52f2d549da7d7d6226e5c8f4f53fb0ef6de7922c7a86edd2884025035724ec9c

SHA512
36e8385548bfc1a032b6038fe29f58d472798ae0274d77a605d92a99c3efdc9d03b3f6193f688a8430ffbfe1082a89832cc504a34802c1c307aff4e76ba96a20

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
34cb3dd435efb961a9e66cc4dd1b4fdd

SHA1
148c2de8a9b49c903c4d96531f82edb85f19d065

SHA256
e9b80b8660921d3ab97d6f7c20ab68cf4c900b533e68b874648b98884a7193fe

SHA512
a40aa6e89a8da74599dac221170e20ba466771bd32dc40f61247aafa97fd266644d88b09454b1ddc9f0ae0dade56d628d5a640a23816f3b8726d6c895369b01b

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
a986da0422fdf88888bd5155a415b5b8

SHA1
86c11586f0007cb7cc7c13b45009cae3b7510148

SHA256
3e57e9db4c3e38b91a5711534af5fa9f5fb67680152de8d36a45bc57e1cb6a23

SHA512
beca9e2a4e71d284fb24724734a396e14d81f743d191e7de19ca010505245ab623fd05a664e169c9aa7f28a0fe10c66b9417d2e3ab76c1a19cdea63b7d38b92e

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
55d2fb5901e0781d65cbe93353c51e4e

SHA1
625b5a9004ec72cac3664984647812a849e2f71d

SHA256
5f3666acf34597161a08d2a41afedbe3e7b8bb5273575f5caeb18e60e0cd2587

SHA512
308902655cb8b7d8e200f68f9a38b3113ed543cc7fd8ac0634464af2438943d71fba1006b442332f95545c2e63d77593239a1c2ca77f1076108d6bac6ff2e5f5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
448KB

MD5
406ebc92f16fe941e15ea0345cd839bf

SHA1
ea2a9254851fb96542dd45bfb9f3de44f1421e27

SHA256
024d2f92198017ba8979d58f07396822cc990ecde3cc948eb4c46ced501cd26c

SHA512
8c29fa33fb5d498ba4364c9ced2cf0b00d082e3d101b725b4c62a5e513ed5668ece9846295da1241eb799ab40005cd907ae91afd9264c78abe4e78a6f44459e1

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
1.6MB

MD5
42230d52b4bdfff3fce0c4eace5aa067

SHA1
320d6a2bca6ad06abac5694687a8d799b4853551

SHA256
e6a16a214775ab079c2eb9b6a921eca0b85bb22154d18f91283f2ebfb9527310

SHA512
be4a37a68c618834dac8c9296b7a0e8800b2f6aa1c0cfdb4fffb1fff515211b5f17635a63d613809cfc0029a920ebd830d9d986bfc4c8bb49ce543285a439edc

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
01d2ba604f17f023345a40cabda36c38

SHA1
d20a13e68cdef2726dd651782ca5e68cca0d55b5

SHA256
75567a08590a3a1dbff45a34b22dc36454eb1cafdb3b378383e5d06b6777f987

SHA512
0146d72b4d0bc0b670cd500dab7906166fdddd5f51ec355bc411cd20ef1ea4db43c2320a35b568c4fb27d1b65be56a74486ad7de4a6ed649b81a7fb5d04f3ee2

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
448KB

MD5
8d0aa60291b82f200cf2c1f8a0c8b672

SHA1
b8e73493d17edd818b34013c0f11850602428e43

SHA256
0dbe714517d03b438196835cff1d5d4c3d253ecf75f37a10b6c56ab7af03385d

SHA512
8360e31495a8ff8941edd143e7e8727846dab1cca90525d2c3735de732c7669abc086e14fe137c01db0ee646460c165ebb56d4549f7e0a695c265633347558ab

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
1.8MB

MD5
d5081772e74fa06f2dada26349ca8546

SHA1
02afa0d1cdc1200c5f72a3dfd1f90a6ed5c7493d

SHA256
0a6d6a046822639e257ec5774ce900a4b71c1f782b04b80cfe391031fe5d630e

SHA512
d52d9fb5660c839b00c135d22e550f1d071d4a3f2e5c0cd7d724337028ef106704e977ff39096aacedca535090d03817a82930ea22da45d6e43b6677e8d9c9c9

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
614696facc4904b2dcaf9f5d6a685de2

SHA1
47aa5e693c76387f16e7ea300259ea763178a2f4

SHA256
994fde0698b0e2237fa53ecf454714bb23d4033272011832e20bae8958d6d372

SHA512
75d0e78fb1202479ce39d591978f9c20e5a4ea98be67df6c473e3d3672085c4aeca2f307a7f020164bc0b8edae7588d1ffe054a8a0646aae0e3dcd9e475d9bc2

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
463KB

MD5
c6a363e8f55f980c79aeca0e4ecbbdb1

SHA1
1f45e6cc1bea9b29021ca879637c53699cfd0260

SHA256
adeb8c7e6d2967998ad48c4aed0aa476171232c2836854aee5749af6c7e6c427

SHA512
2c9e505f934404a67e896b3482d55837a355cd382a4b3b6d4703dcf672048dd856e84ae431f0de6bab146344b12572a7425601444e978bef6c1c2d69e423f49c

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
ccae190816fa15d2494ebe316c425e2a

SHA1
cc04c17a5a09730312249d5855059874a4c4aa7e

SHA256
d34773b38344929f0a5e5b87d8b430c922785cbba41d243968d39404292b4870

SHA512
f04f165a576e30d5b73388bf1975885984f5f7a16ab087b512ce3d6cfc258cfa35c6624de16ef498b595500b502e8a7f1d1933373c6c8cc5c549bb7657dd760d

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
1.5MB

MD5
c1b91154a5facf377277a543b890a0c1

SHA1
cef598839608c4110938bcb528a20478b63ff8aa

SHA256
1e15f126da58bc35a06566529310216acfb49a4883b92f611de230b7fe8f2d5d

SHA512
6fb58950897f61457f4e71876ba4691afc0fca17bdc2c6f962478de5381a6b66e9803c2cdf324bdce0c4c0dbb804b4413c8254bbe7ad00663875566fe93dd4ee

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
1.5MB

MD5
3de0a4b7b09c5d9989b172541a28f0b3

SHA1
6dfbaadc3f2617bea9e2ac228a624d9e21b14832

SHA256
de3ed6299187bce02cb1e158104fd6b944bade59a7b5ac13c35c3ccc0f28ead1

SHA512
0133cf008733ed0743ecbf36f46db135aa48a04e9760b2b231be97d4c2a1f2b3218288e2e950e8fc6272350eab425cdac351c85504456a5a0906e30e716f46c2

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
1.5MB

MD5
18ee8b58f51d335e68921d6dbda15d59

SHA1
e37d4006d3702997c223270219daa935ddd8fe7b

SHA256
fe32164f2dd05f5f15aaedd4824faeeaddcbe1dacad4862df5c92f26de05150d

SHA512
18a6734a109f5720ea7b11ab201538558c99ee684c4fda364bca55dd2712a06151f594e8c9c283738cb650a29cd2fe218b4a496659c3ecbda977fafbad7c0758

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
94KB

MD5
7b863cdc1c17ba33d566e93990de2fea

SHA1
a3cb882f2e0e3c7d355045de19f7b711a0835907

SHA256
272171aee54ab23e02b6edace58246cbd7d3b4051b390f01aa325297a4bf0c06

SHA512
f67eff7fc8e86b2ed0a9af84635b7eb252ce2c2866ec7c4b5cba3c40ba1b4fa951dba0a8be6d6a659d142d2f1762fefaa213fe8b5984426caa3be4eb39188e5f

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.4MB

MD5
68d6f47a01810c91966732aa1f21f55e

SHA1
fac87aa0c05df30b06b99dc31c70cd1874843d64

SHA256
a1a4c681aa92e89976afd72314b691ea480e730c2966c6ac06a90cbae145555b

SHA512
04b093f84fc282cae6b1ce0a1298950afced62733476ecf49206ca560f053d65e911c89646a207dd280422ac078de5f270c66f4a8ad2e95b4f2a67072f0c332a

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.4MB

MD5
a8ea1b4813b92da9cc366230c4ebafea

SHA1
ffd072ad74eed3b8571d6dfc005148b8c5189c37

SHA256
0b312f68ae13bc06a941712695f71b97fa1914d9f2fd4da01bf8e109a94b8948

SHA512
542df04bc7c13d51282c8c2300124dfc91fd984342d75b7a3a9430c3f7c5abdc529317c51d88ee51bbeed312e69a4f18db81f38f52b65326c28c0c019085acbd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
b66a198de201ce6525459b5a9c782910

SHA1
21dce5f11daefd44483d2ab652ac1f2710906463

SHA256
1ba729d9a812cf75b5b061c387d1777aa4dd5d4249e6c0fa5d4e0903d4cd8064

SHA512
dda4eff9af9ac85d86923537610c5ee66f267415c811c75ebdde4e632c0b240fbc7df325a54c4f999dd75e34d7a40bd5084531c3f571483d8676a9e8075ca7b5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
448KB

MD5
cae2cd4ab0f4faa4e8fce4fd18e6079c

SHA1
5c0df6ba4ac8b4c2995600917db47caaef9bec59

SHA256
87dd3398e4e5c16d6052c6b4cc408a2c590f72f83cb2919863b465875aeb8be9

SHA512
e0697193dd6c457136b0184c7e3eff0637ddb09a81482a8c47a4a4c03e873e148dd84f8f1aa31abd5d8977178f3050f87c2b96b02f9798553bf4817a554615ff

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
6b85ae5d44972b994f2dac682fd1acb0

SHA1
abd02c1732ef1775e3f5fb140a911745fede1c68

SHA256
5990af0f8895f257b7c0302052486b360f6443fc31bf7d3ce7f2cbfcfc5062b1

SHA512
4033ec947c8391850b3b3ab544420ef8ac3bbddccf5def37775468907f5d8ac9dde3eefdbbbda6ca99e7d4412eeb3774f9eae7d53dd79e926ee7f2004950bd9d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
33d3b4ab0803c00e562a5ed09c1a75b6

SHA1
f3cff6e5e1b354b823c8996cc846d35d09372d28

SHA256
7b3d529f1fd7911f3286bcbe1ec8d131d543ca73b48cf588078126b08bdbe17d

SHA512
1bd683b6a45cb6a3042e4ce79f835b79b80579e487fe862b8c45e14f4c3d27cb9fcb5de1912be67e5bde8ee409b1c7a28cd877a6d31723a34d8c515c1faeb495

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
1107c5ce5f31adc39303de90e0d31044

SHA1
f83a8f4a078bde1cec588eee4e1212d70893e1c3

SHA256
05149db826175c038182d9717f734a2b6e9169a935f195791408d74f507a5e7d

SHA512
1e13657a49fb432f6861c2221a5d33b3a19673b2428fa21571e69e0975d18f6929b097d02de8b2030ca7dd855ba15f3b9ffba523e3bd2894827cadde9397365b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
4d2ea007d81cd2ba66473a3f56eee52a

SHA1
8eee492b840ed6f3f2e0731808464e6096790b04

SHA256
9775655a0f4da45aabf92b64a63b90ec5a95cfe4408a7bdcd11fd38913f87aa1

SHA512
ac6d519c8438aeaec3de5e6f0e0ec19f90a6e092d4c592ab5024f99b718c57f9c564ab045f9dc4a9de045649a19dba52161a94642d75809f1bfd83c4cb1fc8c7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
4a639578ec2f8f27d7f4e1cf5aa6cd15

SHA1
147e24e7ccd03f369b608de00eda714ed7aad219

SHA256
52887a566f80c33ce48185e6e200718eab64364feaf33ef9e501240c54219149

SHA512
a5ecfd9433d5e0bd3af41ce5a852e111818ad6f4a49030bdebcde7958d270148eaeb8b10575c8d52f62b4f96f16eb8082a5a5bdd96ff5371f727407c23c9d9a9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.2MB

MD5
c8204c838b2dea2649e097183e8b4d75

SHA1
14472753bc499ea0cdec0def754b7b99600b2c79

SHA256
db28f8ad40c9f143a21bcde5e51564e027621ad42e5614b9e1ab686ff449316c

SHA512
824350490169b540447b07a9f3f9436a8e8d545b68d633de4cd998ef58fabf3312a671f128262ad37ceb379b14b54478e868a92b70ed80fdd543b54796a0a4b5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
31bf088f14b5eacc76fd909a2d53aea3

SHA1
93bc3a6a1c7518b5a14e5a62d7397715dc8da9b3

SHA256
ae276c6730fd278958f349f9995adec6d095bf5a5c83a15347cf08f558d6b43c

SHA512
893c14f62220d969d26663dcba7905e3be75526b48bd8a8f1ebfe44f2f8ebf1d3b3459b0565d68fa8c4daa8450771d5b3fb5630db8e686a08c2d9a37103b1e99

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.1MB

MD5
87206e84f7d462c576ae7b11d8c4a324

SHA1
e1a5c5b35343ade296d2a6a47ac8b5e9408f5adb

SHA256
2f181f7f66e58fa4d99917058d681ae75e65d0582dc57fcbb9c9888da15215f4

SHA512
821124256a82d67c48da9ea6b55731b409e3db7505a99af0fa41e1fdeb4bc14c51e1af65a48da04746ae84c2e4e6241111ef20ebd766793006e38753a37ac220

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.1MB

MD5
65e0f286af1ad143a20673b9605c06eb

SHA1
77db8b3f2fb4c8ac42132b3b8d0524507a116ea8

SHA256
415b91287aa1e354daa0b721760df2bccf5417926c7e3cab754ff5446be2e7fa

SHA512
9f4048893c5a9289ed345b5cc7492d78d0699964f4640457f534f47228333da29b7d5bc4965fec013f4e314b773b18bf80b6087a6df0fcad54955c0ed1fa435a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.1MB

MD5
d9663daeec0b23aa78ea2acc4f384bbf

SHA1
452b049fea200afd4497d2d5cc2b2cde39362217

SHA256
653ae481d6eef974bd52ca724ff3486f274b267c4238371d6570ea3c56b39571

SHA512
a0bef556f2b97b43ecffa80b12e92037432e8b352a4897a9d16f311ceb1342099cce67ae0256ae501d67aefcfd779248ddff429a9b0d954a016373348ab7b7fb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
320KB

MD5
d6a1d4af8aed2fa4d9fd126147c4256c

SHA1
3b89f006d51b7d96abe385c7f7e95badbb7f259e

SHA256
c191170636a481f1a9cb63f0c063f12c99676dcf959beaa5efefeede64a63deb

SHA512
07da34262eb35ab8d6320ff7d50d9ebc4f221143b253a227e54026772aac648607ca163a581f1e7d62ecb45ef621adb38a5f67216871bcacc7a1c64fe6ac96ea

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
320KB

MD5
3a55e48a6f9c8695323d8ac764d58234

SHA1
f9d10fa0b6c93fc27ddcb1da688a8694989bd814

SHA256
51fdc9be27e7a14f987c81907003bef34b8773c592d68d884985820aa5659677

SHA512
f48a6ce2430bd94612270e69b6711f1b69ad4a1527243ffcacb60a8e86ea88131faace2cae6151b8aa679c3ca8e891a60ad87b5a5fe35b1650c423c8710bddb9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
320KB

MD5
d0940efd67d69aecdc978a4d6ab081c1

SHA1
d5252ebc33b1793486e57dda8839f0145b78893c

SHA256
5473dc5f3c4ef678e145d36c8a5989060f6229deebf4ea559f8654c929f22b29

SHA512
7b2a326c334ece7cdc644e45362c664c69a460a7ddc8185c97d65ef04cc42de6e42b82841a48a009ed0682a8533fa344342ba6198fe69b64cd780d326f545b57

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
256KB

MD5
a7fe6f890f2dbefae195fb06f94d34ea

SHA1
f4b245e3a1ea6ad891f26d18fa0a0ced99a8c004

SHA256
c6dc167cc8e7d717785e9912298908e98811d0b94f95b62b4eae4bd8187f74fd

SHA512
e2298bc15dd09abf29cb5a8b62585170001798800d7db3d09d9f65bed42c170c71640ede23c3f88e88e148ecc7369de5f063ad71418ddda9c3378b9d8f355ade

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
256KB

MD5
9a0bbc317125ad8f7611aecaaf273f7b

SHA1
450c8973d3073477380729556593a62f02994d50

SHA256
91158591045caf759250171c190f987dd2754fb7cdc76456e7db41a6f36d8145

SHA512
f68ebe07093126fb708c6d03b0392c59d1a53c673ae7022d8812b83f5e34f15eba6759e3f62d4a6991b7bda5d6f58d24c68c4a0a64bb27ceef3aa1537baec17e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
320KB

MD5
c913e6cbaa874a9dd2822dee91dc2c8c

SHA1
a90edd795511ff5e445195ee1a6c2fbc4310bf51

SHA256
739349e9516d0f1b1b1b8d597774625bf83cc7ae2142829bb6cb244ec34a5dc4

SHA512
d30fb9eb7dbb315fc82591f67aa456b1c9251629d4845aa79bd0575cd06e43785360a997db5c4f6f1a54f6f33e316d6492d2ad0ae5cce87ac810b9020722184e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
320KB

MD5
1c223e435c42a5466ee59a89f903d45c

SHA1
5beeecf5bc5e2fbf681d72f6bb33018eab74b225

SHA256
57647bf750400057afd9c6194300f814f2e80321f39634b96137c309a173d945

SHA512
85c4aeb39bf0657312fa4b3ea57b1068fa05fdc340eb7c431f4ca2a56123c819512994948f84223e17021f695fd58558826377411e14983e9b35ab595816bdc6

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
31f45d50244fa5e7762f15e092e96993

SHA1
0f8663798d6715392df0db7cdfe5a7d17d21c048

SHA256
6bb9dc74744a0a2aa0ebf157fcefb3615b3e47f9be66aab13e7136c22f35a08c

SHA512
c01a97e2ea80ffebe8a1329094618e43bb633bcf561cc95e425a4004e20ae4fa6a0e1f0d4a78d4e7ab482eafffb3ed38284ccc67ea4735fadf57256773043fdc

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
ee023452ad8984b856e3a09f443d75e1

SHA1
fa5b00ac62c76c98b02e25e25a6377c73318d2a5

SHA256
8ff4812112164800bf6d9b2cc7d3cac05effc157cc1abe78783bd4f54a97f4d6

SHA512
1bfc39ae8232a8af071bfc4f7329107b9dd6929e0183137a1d5bce55e32807c35f98fdc0ce7b9bcd1090abca377174509921d2de87106f5481933ffd7f4ea4ff

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
4a34f4b4ef6e8b659d4ff147abafad4b

SHA1
8fd6e776ee30f9e34f00212194a42ac9a103e90d

SHA256
5e87e1d413c481a41ac6205c0e758f882d67665b4e4da74ef32d9df965facad7

SHA512
56def2d0266258c4662b4ce22aa6e4f612e89c6bc8db0dd3d84eee1651d1a9171fc0233f7aaeb6a06cabf6656399a1415780fce1b68b3eaeef6b53ce97a7fd23

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
416KB

MD5
9115887c5e29a050351358474a668840

SHA1
d3f72d1cce7366f88ffd2e6c5c3ee4da9b290b7a

SHA256
b6d2ecdd406fd9c539846c229966ccd29c9c643d7a41aab4272d21d0861033d5

SHA512
7368480321944dfc704ec275920c8f707149d59f1dd4b6b437c84c7da0db12c9f3015bc9c9109659cef9413e7c028a370b5a064463ee01d9ff41a2e869bbfa78

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
243KB

MD5
73dc00b6271a1337e53d252cf4d34c84

SHA1
6f9f221eb555e1e108459b46120be0adcbf2525c

SHA256
6dbeae53432061dcdff61e2c13e8fa51162de0cceedefad81f8b28aea3d26977

SHA512
2576c370d760a78c22e42ad18268190dfef2b1c44ba093458fb19cd4715fe8d4207dfdab5204d162eb138206e17b15ba5edca2b861572a66c8bc3a3aaded1a62

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
7846cd1ced728f55fe518b2dce88b0d3

SHA1
ec03fe3ae3372a29bbfe0fb578a82763315daf17

SHA256
9f3a0b97c365df291a04625782332583f70fec4ca2bd6d25a29864bdaab34850

SHA512
7c438c8f1aafd315d91bc37733c0b4d4ba7749e9432e73ccddbda0de3d182fa4508df8e26610c8a36586bf55eccd3acce6c4236eae975611b81657b958bb2bbc

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
4a4f6f7b5efd3077b9feb1b7459d2373

SHA1
8d9ea88d78a7c6fcb346440fc2cc11fb6a69a6f4

SHA256
ddf15e8db443054330d5e036d82f95f3facd3a1a0f0993cbac1e5e922bfe8423

SHA512
3133f01e19aaf7341f442dcd7205c47e1d70dd231b656b16f9b0568473c1ef3c3ebb466585da2c06941381e245c91eafa67881d552d736dd0fca318c68ee3089

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
e2ff143f72a24363214cfa4900905695

SHA1
59dc0e427d9f9d530f875efd451891af7b4eb8a1

SHA256
91a58f3eb227eeb5a35da96c844b817681e6626dff59efde087cc02805800fdf

SHA512
29afce54578876c0fe8a2017fdd704ebf57a688e6bea75adaa68d1b5a4c5a7c2f6febd68f00b0f4a47f296d3ea94ad90167c8adc5f0bd107cdd4a1897f2b078d

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
cd87f39b1606d7dc34ddc69dc45ae38d

SHA1
ff8bd4c643701199346eb5e0d2698605f19128ad

SHA256
2783ff3fe47cd0ee13c34ab6f9806a4ef478e56f2881359350070915a74af937

SHA512
037db261b6ae442d81730621c446439364ee197ea02894bb7f9fd2faf01022f437ef85907e2e7260c16154a599b4aa3e6955d047582da42d35220f46ecf88e57

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
e30f74472e1a2ccabb17df51599402d3

SHA1
30538e27b4784442279e9109d879c4dd10713b9f

SHA256
10bada049ba7ad27450f61525b4f439f80268d446312edf50349af9388e9e278

SHA512
24555622d6757a5c2c2d22f756fc35af1887dc5009ce0d058c5a3b085764df786ec7a4d46a768d5eb247ae7afada6a66f77b9fdfe850bc4fdfbf8be44d18f35b

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
1606b2fc1b66dd142402c3ffc0e3809c

SHA1
bc4c7ca64e4b0e97816bbbaa5c7b1af28d772fa0

SHA256
9f9e967f06f293594d5cb91c5163c21d05e02e8d0f934783a67566d70397f3b6

SHA512
0cd72464cad2b68cca0c2d722b0e925752c2b0a1402f3be1bc2f1730036e5c17051a2f257011dae8bfade350982e812b46a670598bfbd7aefb0f4a400c5b2c04

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
4a8d3be37be3ee1172a6c3a2c13c3693

SHA1
5396fefb1a838f781f8e2b5e678dc6058a144868

SHA256
abe80500b3bc0e7a1e02dc3c5f72a16558c16636519a284d042a47741ddb49c0

SHA512
8024efca729b1d9fc4936959d64c79a236d94428e406664e8d6dc6352b5a903b9761dd61e867adbe746c9bbcb4b0eac717e944b912e154e30d5d812477769007

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
fe2b0e209ca7929b9aaa8256a46d9c3c

SHA1
06b12d7dbc3ae8f22b7720d0530607b730ad4490

SHA256
d2eda52518a8befa8784ac1f2d34776bdd911ab65cea852c068617001ee0f16f

SHA512
921b153283649588f7115e1d2c2dc326c0ea1bc06c398c495f67187c3c24cd8cab49c56d2714507d4f1fdedb877fe1cbf677f76cc5b1dcd2b7bf6c220d5db382

Download Submit
C:\Windows\System32\alg.exe

Filesize
580KB

MD5
579748a98e6a4a135bbb6f3e9801e53a

SHA1
fab6ac254c322cc36152822b2208dcc3ca1ae67e

SHA256
cfb28e404f8016c1dcd171c96145396d9b26232fb314e87992f047e2807491ee

SHA512
e89c062721c9e0e319c4ac047af3f8a53be03e13d3287bf6b0a473cf028ca9273ef1d84793d1d4955b1a6b54a58104aca907e5e47946726ff9aa7d3ca4863ce1

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
285KB

MD5
e693490ff70458ee240fa843910b82a1

SHA1
6419819d25055234597718ce79b2fc541b26ca27

SHA256
f5c74a5745594541f52066ccabc6995dec5d3dd01b758e17e87b3e46690b39e4

SHA512
6e79031183d4a1cf5d02360b5ec5954561aa79ade7cbd97f9a5ffb27a37e44bb1564287eb185652da9e7373a58ac777783c931b4ec82293cd2429bc9634cd76a

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
edad495125161b06c7d8ed2f40d31d7f

SHA1
ff5a26a1d804c2af7f2cf2f77900240b0d6a5ae0

SHA256
45df129eabdd557c703150b39ad6dc170a3854c7d2a9eb7782eaf58b3c9fb58c

SHA512
9278615dae447ac4b6a27ea0e35385ad639a82fd5f4e6db147fdd239e8576f1caad4f284ba686e15c873a21509d151763695430ff1c9312c00691fc88f32cf0c

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
24ea067d96ec663f6ea42cdbba925c6b

SHA1
e2a535a9d492dc8ac19e8b4b8c02f998a5292aa4

SHA256
ce40450f79bc66a8e59bd58b8379c5fbb8e0712eadcb032dd2ec4fd44487e2f1

SHA512
942e787e011fa3da825475213bc0b61a38d47213580ecf34c4b2be46945988c333bf80ecfeea6b086a66d13f33351f69b05a863d4f8859b7a794a30e112e3350

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.4MB

MD5
13d0073ec56ee1bb10d98afa59962fd1

SHA1
1d5fc3eaddb3701f4dab25c51b88472f416e99c5

SHA256
64dc2859a83bda198a66f48266a316ef19fbc64ff872d72ce122a6a19a76ba90

SHA512
f15151f06e15c4de7474347683ef640e6c7e649c7d21733e3cf9a2e8200f6f53cc30c82b9934c3fc15d6d95b93707ebe9708322ca8f10b12e25f24bee22f3b23

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
a53cd50e4e357e3959ab17458a0c61e7

SHA1
3639f8b11e29958d476fe94ac2c7ed4691f56421

SHA256
c1c35ef75b9f7ece16de31e9ea84505e32ff0787701a5ba09b88b6406870c802

SHA512
4f4a10fa2bdcc1ee6a42af87b1706a6d00f71a6c9a1c211ad36c716a6503febda9f76c789e1f06f5e24f042ee9c8b27f2e32bb63ef22651998ea606a21da1c09

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
330KB

MD5
a607ed2ce1d348238101be7320fd4dec

SHA1
3d2707608c51c95aeed44289cd86a44c0f300736

SHA256
bd008567e427162b839badc1eb74ccdab3b3f8e4e1d6a9d2303d41c6a51d82c4

SHA512
91995e1dfea496a0d5c69fa5d17c0eb6d21be1aefffc9d407b94e554ec753716344f0cb579029a9778808cda4b61682768ecf32dcd28c023ff0546d0e37677a8

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
526KB

MD5
cf851f323bb4aa9b0bfc40f19285ebc3

SHA1
9113c972b254d1747f6e439e37266b607b6895fc

SHA256
4502e524874426bbd71537a5e37c3986400f9e2351bfb4bac5152c077946252d

SHA512
06d66809dd16b4f283632fe09c0426ef3d4005a9af94319ab07e9fed2d6b59fc341506900bbb1987203af334c071a1dd1d9e11560c8530d98d526c52cef375e9

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
304KB

MD5
8b27d418bd0c7551137a2a6f8c017abe

SHA1
75f72e020e2fdaa2ba0ab6cdc5ee8a2433f57749

SHA256
2d7785c05ff945befdc11b24d5fd6f8148dd9b90cfece9ab244ce21abab1995e

SHA512
b7e997eaf8e5862cbda63049b5423d252cd2ea4ac2170a55667615271e832b155a4441df41f0314db19f44a2cc8129a5decbe89d40e9f0c292051342ec03e88b

Download Submit
C:\odt\office2016setup.exe

Filesize
2.0MB

MD5
8a8eadabe8a18d19685a528a35fd89f8

SHA1
a8e81cf52ed82f3376164ba3f5debe30480948a6

SHA256
fb2d755baf16ab829f7815f66317b7e615ce200eeb3398454960cc6763f615a9

SHA512
3b6aa8dea4f65d5fd8ad8bf1d20eb9bf06bf4d04ff81d4c97dbb66bb02570639a5603ba53b586553b79320014ea23305b17b21889e8563b9e051683bcc21eafc

Download Submit
memory/376-53-0x0000000010000000-0x00000000101DE000-memory.dmp

Filesize
1.9MB

Download
memory/376-7-0x0000000000B20000-0x0000000000B87000-memory.dmp

Filesize
412KB

Download
memory/376-0-0x0000000010000000-0x00000000101DE000-memory.dmp

Filesize
1.9MB

Download
memory/376-1-0x0000000000B20000-0x0000000000B87000-memory.dmp

Filesize
412KB

Download
memory/376-6-0x0000000000B20000-0x0000000000B87000-memory.dmp

Filesize
412KB

Download
memory/376-94-0x0000000010000000-0x00000000101DE000-memory.dmp

Filesize
1.9MB

Download
memory/452-330-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/452-332-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/456-308-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/456-300-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/456-350-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/508-342-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/508-452-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1560-24-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/1560-16-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/1560-77-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/1560-17-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/1704-31-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1704-29-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1964-57-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/1964-64-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1964-68-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1964-70-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/1964-58-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2020-280-0x0000000000890000-0x00000000008F7000-memory.dmp

Filesize
412KB

Download
memory/2020-286-0x0000000000890000-0x00000000008F7000-memory.dmp

Filesize
412KB

Download
memory/2020-279-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/2020-329-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/2052-456-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download
memory/2052-346-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download
memory/2112-73-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/2112-253-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/2440-297-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/2440-345-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/2720-323-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2720-313-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/2720-426-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/2968-293-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2968-341-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2968-390-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3052-47-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/3052-52-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/3052-45-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/3052-208-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/3356-290-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/3356-337-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/3708-351-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/3812-12-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3812-72-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3916-334-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3916-448-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4180-89-0x00000000007C0000-0x0000000000820000-memory.dmp

Filesize
384KB

Download
memory/4180-78-0x00000000007C0000-0x0000000000820000-memory.dmp

Filesize
384KB

Download
memory/4180-256-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4180-79-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4348-435-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/4348-326-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/4488-338-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4488-451-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4752-321-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/4752-275-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4752-267-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/5024-41-0x0000000000DB0000-0x0000000000E10000-memory.dmp

Filesize
384KB

Download
memory/5024-34-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/5024-172-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/5024-33-0x0000000000DB0000-0x0000000000E10000-memory.dmp

Filesize
384KB

Download
memory/5780-430-0x0000022183160000-0x0000022183170000-memory.dmp

Filesize
64KB

Download
memory/5780-436-0x0000022183150000-0x0000022183160000-memory.dmp

Filesize
64KB

Download
memory/5780-437-0x0000022183170000-0x0000022183180000-memory.dmp

Filesize
64KB

Download
memory/5780-429-0x0000022183150000-0x0000022183160000-memory.dmp

Filesize
64KB

Download
memory/5780-449-0x0000022183150000-0x0000022183160000-memory.dmp

Filesize
64KB

Download
memory/5780-450-0x0000022183180000-0x0000022183190000-memory.dmp

Filesize
64KB

Download