c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
Size

1.8MB
MD5

12c1979e05d9a59b71a3a59f2c07d270
SHA1

100997527e994f247991b2da3ab957509a73cc0d
SHA256

c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0
SHA512

5c2d64f12a147996d0969f696efccfc9abe4bfec2bef6a8f98687895c165d805dd5f4fc3981a9a8a180b4bfd07f8cb80507715f227fbe0e2f4fbce656c41cf26
SSDEEP

49152:fx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAB+WTz7F0/MbvJ:fvbjVkjjCAzJJWX7FjbR

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 15 IoCs

pid	Process
1872	alg.exe
5100	DiagnosticsHub.StandardCollector.Service.exe
3344	fxssvc.exe
2848	elevation_service.exe
2584	elevation_service.exe
2912	maintenanceservice.exe
4132	msdtc.exe
968	OSE.EXE
4356	PerceptionSimulationService.exe
4796	perfhost.exe
2076	locator.exe
3452	SensorDataService.exe
3876	snmptrap.exe
3344	spectrum.exe
764	ssh-agent.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 28 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\9deccca020d6ff11.bin	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\locator.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\system32\spectrum.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\system32\dllhost.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\System32\msdtc.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\goopdateres_kn.dll	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\goopdateres_lv.dll	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\goopdateres_ur.dll	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\goopdateres_te.dll	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\goopdate.dll	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\goopdateres_ta.dll	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\goopdateres_pt-PT.dll	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\goopdateres_sv.dll	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{E7B25CDF-D5BE-40B8-AEA6-B262657E7907}\chrome_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\goopdateres_hr.dll	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\GoogleUpdateBroker.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\goopdateres_hu.dll	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6AB0.tmp\goopdateres_vi.dll	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
5100	DiagnosticsHub.StandardCollector.Service.exe
5100	DiagnosticsHub.StandardCollector.Service.exe
5100	DiagnosticsHub.StandardCollector.Service.exe
5100	DiagnosticsHub.StandardCollector.Service.exe
5100	DiagnosticsHub.StandardCollector.Service.exe
5100	DiagnosticsHub.StandardCollector.Service.exe
5100	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2616	c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
Token: SeAuditPrivilege	3344	fxssvc.exe
Token: SeDebugPrivilege	1872	alg.exe
Token: SeDebugPrivilege	1872	alg.exe
Token: SeDebugPrivilege	1872	alg.exe
Token: SeDebugPrivilege	5100	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe
"C:\Users\Admin\AppData\Local\Temp\c99b64c1614f465ce7ad18ea6fb0785201d83847b7abc68233047391c74258c0.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2616

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1872

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5100

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:884

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3344

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2584

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2912

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4132

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:968

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4356

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4796

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2076

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3452

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3876

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3344

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
7c6e45bd2670e4f9b911683baa4fe674

SHA1
8eeb8dfb98676e4b7920f36dda74b0eceab2aa72

SHA256
2320553e928dcb912bf33cf3d5a0b3e61440e0c6bf0449b8ea1f32a3c62d922e

SHA512
ced91a2d26d8038bfe32223e62c201779ba0afad8c2e1b34add1f81faf8c542f6f971b48a09fda07a8998643dc1dace83d78752c1ff68e9d4da80b41b8fed483

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
e309a90450b1757e4a620e066cde9aa3

SHA1
c07533c3c9e8d0758241785713cae3e96ed8264e

SHA256
e0f7bd7c929554115e55e485894c5c324bf7cf38af5cdd3ce62ef8b7620b19f9

SHA512
fdea479151e3ac924af60b91d57c002d00858b8ee1cdd5719b71628e9f30c83a7ef49f02c313de50a7ea3dbe9a4e460e01f3782ffe0612c52b21431480d124e8

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
66825301064a70c7062fb1baf61e1b74

SHA1
b04e6012f8b26452660d84742bdd697277fb34ff

SHA256
fbfec85e41bca65a44dd05c14cb410d308093f8f0822989110a122ebb10ac8a4

SHA512
6937bc577d6edaee55d1bc294543c48ec4a3a65dd497ad73aec8517e23e072ea94aff2e15e9f3e9a6a738c09e387b0ca1acec314e588406bf25ecd3501d0b24e

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
64KB

MD5
06c33c8eb6e1f0562d0a90b66ecb571e

SHA1
77003c7653370e53d112f6ffb6c7f45ed33ccb65

SHA256
46a78bf498841de01dd4e2ec9290f254753439058300af18989e31e27bcbb789

SHA512
5a3ca3a07a265d8d008a43ff08b4857f71858dc28642f3ee0c8fb5e0de5904f0c8dc152da2923e39b277a5408b46c82e58362af0b9d3f66307b936892e98a72b

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
4a6372e03d0ac67f099e581f3dfbf754

SHA1
5b7bdb7c1f03db3664bb6dcb37dc0521abfdedfb

SHA256
605de5b53691cb48724f62dc03fa737e935a80caadb1954fc71a9e28eb95a778

SHA512
e4a6ea4cf16757448694f44033f2e363942193d20054fffefc50849f2c6e2c4e7c9f994baa9efb501210f9db54767e9bc042173edc388bb4e29140c07b0a54f2

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
d057c0f26e06d61389ec90482c70b385

SHA1
dc87e6615a80bfb17cb977d3b15163ec15c7c5a1

SHA256
8960100a0c356dcc917d33a67ea1511c3312b395efaadf04d395fefd97813081

SHA512
6cec454d5be80899eaaf296ddb5131e365529428f92947e599d0d86ace41e4cad85eb1747e9dd55be5b5aa1d9315b172632b67e393c9ba09633df636c29180d9

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
0fc0d1276f0473b0c5c1f7c7fc5b0840

SHA1
ec79dafd8350a615809b88f947e2822cafbcf12a

SHA256
b571a9ffc2a8d7fa1ba0b4bc2b814e53c443904a8ec9cd2464a9bb19b7af2f06

SHA512
e65d455a2f038552d930682694921ac8a985afc8a25732f1eb6d7c0a1ea522ceaacb55c003697d61685a7fdacf4bbf3c101085f9de694185e0836486b0989f98

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
86b437ca114dc4c3b040d937c6fb97ef

SHA1
1de268a78e83acfdc0fa8b1ceaeea974729bdf40

SHA256
20ca29f559d71b66010280cb62ca0eb967ea76474869c2ebe1f9fe76bf83391e

SHA512
c6d7b309d8de738b3ad7453697f1790a270d63e903112ec506f91173cf16a6c65cb073c9bca04cc5cd0f406ea42f8803bd9c5b8e0b4ef6d84af39b79f2126a9b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
75fce488b70c1af6de060f870a3e30cb

SHA1
cc8848f279ae3d79f59602e64241d55d95d74a30

SHA256
1181fc1c437b1323cfcd0c4c589c8ed247ac0856ee8f8a71ff86e7f468118a84

SHA512
a39c28eb57fb4915aa5848e7d9d8de43686183fdfa3401aa9ae12f880117dd1926746965fb965486c7377aa1ad94c10edcd0c62853c7615e32076fbd35fef165

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
64KB

MD5
33e54d97139d6e3c5065114ae99e36cd

SHA1
4d39f6e7689fd01fea14134641cf6a53a5fe8bc1

SHA256
5f92134f50e04c2d58bc65dd077c354ed8a579b318b957619cffa6b003ac6adc

SHA512
3945782aa51a3f460b6c68cbe3a47255eb0b214133b453d3f8bb6f542c8377bf7a33bca54fd3645265988bdb596ebe0c7ee6389e08b55c3674d8656119bf5fea

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
c299e34f7bebe33f6dd991548d952c04

SHA1
17f6802229158c77aaa8373de21b5d3d88bc49aa

SHA256
27531aa285841d07f9489ccfcb721c02ab85c1bccdd014feaccd2c3b3d3985ed

SHA512
08b34f7480be7b1965eaa726a7ac4da62b78087639153853da30d8ea4b29b2184a03c678dde8e3d69ab1a21c7759dbdcfbcd04c7af66150eb288f4875992f14d

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
e8cd76b44c7d587fd6241a4b8d0d3c15

SHA1
9622d4da09a660db8e33cd12bc9198df9396589a

SHA256
83e85b7c5cfeeb4c31e4de3376c73f6efed10a2b797c85f418242133ac75222a

SHA512
7448db3d5b5205ebabeb1c36284a6400b885d665c2a42a8f9a4b996f8a9cb4731ff6fe5a4afaf104e73de60ca7fca09eb0910ee16cba8a1cea1c23ac09c609c8

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
90243743e57b3bce1a9fb13d1f2df8c7

SHA1
490f8292ec0e65149f9c47e0a50e4881c2c8a2ec

SHA256
4de3b41c04ffd562d6286de38407cb0941c2a08798cc0c57fe72dad0b479d21b

SHA512
1b4eee754827828eb5db07348c5ab1131cb10ecde959f544d374572bcc1e247d2c8b421295d4721467738f8f560e5cf47c867fc29e3cd2718339f61bb78174fb

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
799b23ac198e53d75ec4466e7075e223

SHA1
9ceb70f5ed068380c23b2559b68b4070b0f1f69a

SHA256
dbdd1de031288973f3f6d04738e3d15220e42daaae44afc91fdb9d5edde46d93

SHA512
08b33235ec79f347e1e5b706438c41e1010ee9946d65bfcf6acad270ea9ad3772237a6b0fe03e4f93ec8cd17b36464b04c828a308effab0f23c8c895eb8a3e76

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
14b075c2bd13231673bfb0c74f75c5f8

SHA1
f2259b2c6c49ba37dd18fd868efb1b993cff1af2

SHA256
9a301a8a9f4eac2580f1bd4c2628f6a7c14b461745ae31c25760ef142fc96c9d

SHA512
03e4869371b59cd7f911b8eb38db631bf01b6145660d76fc5ef7eceb983d3d3411b4af4ec30985c3f3a4a48b6563c6e14d4670eb497ec8768ef59c7bf78fc528

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
86bed4eb98adecb003f1c70e39a415ab

SHA1
677aa44d4958db69d4250a1113d87d90b7793c88

SHA256
df4ea5ed64c324ac5c11087140e122aebcb13ed4b2bd5986dc12f30d4a35629a

SHA512
68775752802a9cfaca6afd5a122323dcf838b1c2272c362b1789b2c900f6c5a70cdf00d89e482f0605afcddd1ebaf2d1e78e406662a649cd894f14d954d6eb3e

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
b259eb0bae7dcb2a621f9eaa5298356a

SHA1
d7e9835a1097d3a0bd94f649182ca2cd4f1cca4e

SHA256
a5edadb3be882a30b3c9be0e00fe19847326b4c2a9639ea32759883206dbaa00

SHA512
7c39eb5019b636b99db38f4b196627312e5a0b12e81830c27b11730d5ff2b219bc7bf851a0a5ef43a38572fffa7bd113e92db57530d56d8a5f491c1c24460b88

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
e5a9e705fc47d2133c04933d5e2b92ed

SHA1
ba51fac6c4a68333e6277d48fd6bf541336c1f8c

SHA256
3a04d0b745447a97168e49411757d03887c8e5dc49ee811f79ef5cf7d9e2fb40

SHA512
2f3be4609cac93619db184e87ce05bedd4ad80eb60742ac1302897e23230966d6dbbb0ebc618f09453573ddbf61947916ed04406db6fb7a765e0d5a199ae4747

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
5778a9d46bd6f399cde63ef39dbf27cc

SHA1
ec63faf72b0d92a698bf74142b4c57cdef7e6b9b

SHA256
2e3225499cbb5e939547d90fc8a7e87737d558199269ba18d63875f3f244bd31

SHA512
e57ee843d22ceca0f1498cc739215d12eb6093e629f9f30d23768cff874665743e0c665858f94374e003a69c37374b06d128bcdd40f3cb866a5a0e696c7cc379

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
5d30669963f06b3ed427586a9b479997

SHA1
723cbe35182dd8a9e327c22f596e00a8db864b6a

SHA256
0c56cfcd19e3caec7c0863da5c43969e1d65ed97b068afa81923a98e1b1aac3c

SHA512
1de35f52ea700cf8407c4864448a822c3a334e2e7cb61091259b23234921b3cdf6b98859bff8042e87c92daab3ff2345f845985d8ac6d6da2cf9f7d527d79460

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
260d5c485fcba0959b16a2de12196994

SHA1
ce72cc6d8f2a51d33bdbcc796bfa070b11a687c1

SHA256
fd71648709ee1419a2062c3ac3d5ac0cc4b76c736280386df99704368bca1cb9

SHA512
0ac6ea738893801b093821eab881cc13a4e091b501711b8a6a4ae6a4aec170061319de6909a359d8e3a249453c97f09f053df0c579972bf7b0e1815c3789b953

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
d7c7883b86653ceb975456806abf4d32

SHA1
1a9e0a74e01c72681ea5b00b55483651f1dcbf5e

SHA256
e2056b57424cdf8661802149c98463176cc34e7282fbadd8490093e836769a82

SHA512
ae44032008ddfef30f0e3f110982ee868d2e69a3f3647563324f84531ccc835a86355c88cc608d263c71f1327f5e02c1fff57f722ee19f9bcecdbc5e87872dc0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
e691b35ebd962d49874e5fbce3da59fa

SHA1
8dcf9a2399a69cc5cf54396be8b2758aa4e35465

SHA256
f7a9189cd546eedc911ca94bdae4f16a4221ff5e91c1719d774b5884308d23d0

SHA512
1c4a4e4156aba9c39a1506045e8c273839133d3d107483611ec3942ff489be5c6122ff1787c8d10a7a98e00983d7ae83f83c29e7b3a2e04995d631e64938910a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
f98b0a9dfb25c4e5370610234f789dfd

SHA1
74bcd64f49c247c20d5cc76ed5ef366d169d0773

SHA256
c0aecdaa236efb1dd3dbf2de796e5b09458ebecd3112dcef198abac89492d2b7

SHA512
e541ae752d85521e6617bb0d2c2d604feec9fb02bc497a7dd74cc33d2d8478f7dc7a8ef468c9687e4cb1348edaf7d1fc059164ae01c460b644970b0bec1e0854

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
c160a87b210a95b0a74d22536c2c1aac

SHA1
82f0d60a8a78de32f9d6b6139bcd13261aef3b2d

SHA256
f0511a371f885740842623a51577acc1d1ae15aabfbad94e44762e0a32d1bf95

SHA512
ab734fec0dd834432f90fa081bdcd91e928f1344b097273261246dc7279336b02483f7a0609a5734a68d69370269bcd3dbbfc06c4e336e5afe02865b8d503660

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
bb60113cffc938a316e0e16edf5165cd

SHA1
f1f96be94d64e5569dd157812c0a640a9fc72494

SHA256
2ffc9c717c688373131de9645b640bff92e135932f0aef62062bd057a84b08d8

SHA512
c1d0c79e39c775435a22ad266776381398f51ae62566105e9939e99b90b57c10416e42e5f0827ccf0670c750dc3af053fafd38b1e80e2139ecec6d4cc92c3d8a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
558cf496a05c4c90bdd23e25257e6dc1

SHA1
cfccaa2e19b0649bbf3f00821ab39fcdb982977e

SHA256
7d7cd1a23e17b42274ec9f3deadbacb9b6f053ab3e03eefdd00442392db5f523

SHA512
7879c19e9a38536d718ca9c738161b534f608ef2b22640a78792680e7992f317362e85ab97b111abdbaef3569ace2f862bf1ce09239f688f0ac6523fc4463cc0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
09e18c5c660d7ce7094091efa7b03080

SHA1
52375773332d7a912a09b51addfddfcb9cae0c95

SHA256
98fb022d9c5e8331937316a5357cf587263e7a4b095d38d52d4320af0c7935ca

SHA512
e017c8aed47db7f0d7f1f19c5c0f048032fcaec675e02e9630ec2e3c0482032e4f2442255987b8917409d5f75d855cc19544910af5a2d707acf434b0d5593751

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
9d73f55bc79c250e2945180267656c40

SHA1
25d74077e64e00be11710bcdc89543e302d231d8

SHA256
b49a3d6c13f0a5bf716cd9d4a10e4a4b5fee3e028a6bbaaa927faac62b5d1376

SHA512
9cab063c9358e9ff21fbdfd124b4267921ec84d1920f4fab02f58ffc0dae85e9614681acd69a143a7860d99278a03c251b8cb6d803ed2f6d3907bfaa6babf36c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
b5108ad58db096ae4f36767024fbd7fc

SHA1
6c467ec0a9e1e8fb556d82eb38b03c37f8271fcb

SHA256
3001320daf0d6e84868adb943368af2de83e20dc08ade21ad80c5d3a7a16c938

SHA512
dd41bb9e6567ed7649ba12429ce47ad95b20c8c7670b8efaa7db184da7503c5c2353d2ebad8b8e4139c895b8c26c4f883d74ca6c3b1c74b3aae74e120e985149

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
d3a6fdc0d6978049ae141d165f3e29ef

SHA1
d02a9d14b9c1db6ce699dfa9d520a8a9d3bd9051

SHA256
556ec0ec5e391335d6fdf403c5b2c9ec95e8caddffe7a3abed73bca3407062c1

SHA512
86b69bc48420f54bf312f81c916e985b521841bb9c0ebda33aa19b76a53b1173a154edecb198e7eba9a72753355c273b8c642063483d66426a4fad924dfb66f6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
88c7c8b20d39279548ab7d9917114ed8

SHA1
b7184c8e25504559fd87091474615f4056fabd07

SHA256
ca874c561a96fef6ff73c9d8b96b4438f9acacefef534af441d42cc24be12fb9

SHA512
67cd0ca43b07f1390e5e22ca8eb702c8a2044871e8a25ffcaabbc9395b783d88a3f752d7a620ce1cc2a72d34f466f905baf2e16ce698909a2fd1ec98a07bb579

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
c48bb54ef0e86137989048565925af1d

SHA1
7d54b21e3622b9b040934269f8c0d527559924a3

SHA256
e3df3d83966fb9ac4e2e16de92d224ed15efa45ace3c66c999ea21fe0f9c9ac4

SHA512
93a9e43546a7b5c7f2d3ba499d3c43218bc5af25886896a2d8209f2402a58c51f421a76e389e3d30856f0db07bf0b4bc4bea0cd9cee3ec743b6cd39878b72341

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
704KB

MD5
ded3c444803d28cffae9ecd1740d49e2

SHA1
9b68e97f645f6bf85c942c5090e2049e341e70a9

SHA256
b45f2843a98725a764b6ab282ec69e3a40102b88234e6e13e5fbd62c285a201e

SHA512
61a7d4c9caaee17dd9bd1bc38528233ca01a2e2135082032385aefdf83b06ad6d784ee33551515631c1b50634c597796bd4c87f7c49b4fa30cbda5173b4d13dd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
704KB

MD5
0f64c8d5a58b55bb1bcfbfcd2c38682d

SHA1
de1b6af757ed50146e7e9c073634bd36560b9b64

SHA256
3d64d8adebe4e8e0fd828880d3f0cbbb3add3f4c166528b93306d7025a5b12e0

SHA512
ce7aaf23e131fcba3534df2cb10161ff186601ae951ded23741ae2f604879ec12d42f43f6a1356496eb9ddd39772a4377d43d247a0bab3924767fe759c3afef8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
2f232d11ee23029a763fb0bed524c4da

SHA1
1bc6dfdc638c68c15d7e44c3fb87dec70a54637b

SHA256
2b79c62428507c36847aabd21e04a1e987ea047e05920dcfa16dc6570d8c1108

SHA512
24b02cf6ce7e3cd9033ae3812119e7d8b0625c0cad7ddb0c185d6d6154d84bac95be3971b3cc97690e04d94dc6b55660d6f5604fc848def88b0f2e6394d304d2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
e7b1c13e2a50d19587f457f70cafbab6

SHA1
71f871126361da8208c1ed6e86f8a8662f7f9fa8

SHA256
6ec3e133a086c2b849d83d655213d57bd3e923c619a4e34defb0537c5c5627ba

SHA512
47283786af6d34905a77b21f2bb77d25e3a83a681ba7d10403851c1d40222594bf3c0616f3e71fd8f488d23d30d5577579e74582f5bcc48ffcf4f3c762aaefdd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
418df7ed13d3f1e018a84ff90677993f

SHA1
027b578308ae170d4017c005faa8706f24ebfca7

SHA256
aa63442741f669057af5314506c44f68731325f845306d2073baf18604cf8666

SHA512
e141a7f0b8957a1a0cbf0825a052042ecfe7ef54ab23f91c6f84d819d4b8ec1d58aa55f323def8a7e025cf6782f8d5520d3135683aff0e0f540fc2efecacc3c8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
dc3019ef04b2f27055a1d89de328625d

SHA1
fee48317d8ad6d8e447f94e60e39f5c273a51994

SHA256
91e1fcaa029b5cadc12632b57828f522b881daff6aa9769ef600b003be83ab5b

SHA512
8767bbdbb6d8ef27b505beb07bb8cef7e7cee936f8e293b7287923d713bd926b5d76a4f3ccb1b75407f8a72421d549b046c8e1b2fc219c7c5f3f976265b4156e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
ff4a8cfd51226d1d6623d69b8f0d3555

SHA1
e621bc209658b479b7c140d520b09e208ccb6855

SHA256
708de3bcb46d3e6f3dd87cba5a7ca5e66e495964fc4cfc5ed3f4d60606afa96b

SHA512
0c7a56788c22fe2bbdd5cba704f0bd5f679f940e42de7ad7094dbc06d8e61cce28e682c99fdce8972de92694a75be8bee429de81ab0e67b7ff8f1bd32e4c88b2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
576KB

MD5
8f3a45d6870e8bf45e8cd6812ce74bb4

SHA1
30b08c3146dd2de2f19c18d1a5e687dc427c9e27

SHA256
debf00f0f06eef5a70ea0586408c60985b783367f1c5fb842d376912e46d76dd

SHA512
60e68f813518222dc8d13dac14b91035393f3b9eb09af9a05582a9484f5b983d16615e6f6c9e0cb4fac27763dc2133cb39323b2f955aff84edea49b62ea76cd8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
576KB

MD5
cd21d9a30844e04cb68bcf0bfb1b27b5

SHA1
b68297a6d9e01372f531bbb6c1748ad236e5553d

SHA256
138a096487819fdbbbfd0aab276a28876e34c95f5c1e831ed3c4e205bb19b419

SHA512
dc878657c2a9d0cadd6871121b3b1f6de16ecd27d085d65f67dbb9d93fef4cfdcaeefb5dcea17a311d4fce6ca99dd18423502e381b2949dc7be158c832041d65

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
576KB

MD5
bd10109fe232a7000d740cdc70dbf7d6

SHA1
2d4e400ae0160bf024117fd9b99fa7fbdc6373a7

SHA256
95d87c0bf864db1403901352baf9cd8fa9b6c6de283c242b5cd6537577131657

SHA512
b53f4243cf6cafd319bf4f77e9d5910133bc6de1163b9b74fa62f67701fe5923630615da9495eef6a2d66a51ee91df0523eccfb836179801ee8e20daae17bf41

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
696KB

MD5
a4819f5839a53161a482221232ac5097

SHA1
44d4e652f4e6c15c0b09dc9101003b227270b3e0

SHA256
6f1a355084a4344abab7d4b41085252b79cc984279f5fc0e742f1a4b302571ff

SHA512
6d59b4ebc3b44bbd4ce9d3472c2f4cd5f05855bbb297999e44d89d74d9a39035cc6d2b5b537b67b5872be4cda73e11e55ee060ad43ad65bdcf9dc06feb6d9f60

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
e8a9271a6c5aad8994e12e524a5723ce

SHA1
65b0f6a7b814987b7ec41074a5615e7fff65de05

SHA256
f6736a4361bedfbf366c2f9b33d7a073d46a4d0c3a44b05473aa7c9823851e57

SHA512
015395f032fec4a8e8daf54c7596dc9bd64eb8580d065d5ecb4af08769465ca518d4aef645d2315cf4e09cf5fad5903f53ac5c5e646c693ff084115da8c57b0a

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
aad37021618581b4a1a0b76c7c2634d1

SHA1
1a3b41cf7a4c8cabc7906d4c17aa8f2aaeba7a3b

SHA256
7ee4f742207d91b7fdbf568d2485276b68da0baf34b2610fcf23db34d43b9c1c

SHA512
fefed95f4f2ba82455bf74ffa7e53aafb6cf47325ed978f382ca592a3205442a147f7565078720b4b6f1bb7cd350d1bd21026b2a6af244318fd4cbf0d454f9e8

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
512KB

MD5
1f53d3d40a87129ef4de27c5f0fdbdd8

SHA1
e5636ca4ea0c3019540b9158c13d0355e5140528

SHA256
ed8f508ff8c54e187ac51fc8367172e30f08ac4e81216b8c9e308fb50bbde331

SHA512
18ff997f410422d045cdc1aee9e5fba8eb02e53c76950f4765ff6b07f2bc98e60f3c141d348337b2792d8ad2333654e864fef0bbf3db3d3324130df2243f5c0f

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
ae1cbf266ac13a2270684faaebf11f14

SHA1
e8d277da881300a82d780db344e62478b76ede0b

SHA256
a106db33564847ede906ecefdf194c724123270485b228b405d7e5c018b08f44

SHA512
dee8090838572c5ce7de805696f991874b06d9f12644ffc9093bc26f4b9e1f0fe8ac9d8d907062efc533293fba450d742738def222875b83b636a22b21daad22

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
2f6f52270ca8f0d7220029d1c64770e1

SHA1
22ef0793ad2fbcd316de137b82cf217b12d0a708

SHA256
88ed7f7ff0b63080552585d921041c5be160a957fa5b830af086a52ea9c73120

SHA512
99cd8aef7b85bebc2a3f1ad062515b30e926d24f9a89ad0da693f6327545834310996ba593652b65b63e395f15842a1edfb097fc4319a9366fd15ea3a9dfb15e

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
ef67499833936092e37d107e44f52ddc

SHA1
d4a00f5a07b42af5af66978ae18dc96f94b3662d

SHA256
6138bd6dcce621a04cda2798bd9e95aa0bdd0bbf3188090cd265c489e6207db0

SHA512
d9097397a51b63c1140b75b734d29563cab9e5eaf7c065c82a872e4e73d215d871defa9f91b093cbf4b53e0796fe9ef1cc0666f20125ad15c90dc29306c67c66

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.1MB

MD5
6d1716f4124bd9a99b61641235c40154

SHA1
d67638966e10e161122039c0e75ed3ea8e1eda1e

SHA256
92bbae84ff10c7fc48953dfe348b6a8de82723e6a606e37380483d9b6e75c32c

SHA512
71725d4f087ee8922d147d800c414892117574387905118fadffb3b02404571a0f7be271443d84bfe45b063bddece219f7f52d4b3d4b43e2ee723dd9268260e2

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
f061ce1a2a86dcffe520408de9167e12

SHA1
448a48f92516bd3217e3e412f73afc54cb5dff8f

SHA256
5555d0417f5979903a2ac22cb682af0c85300f4f755ad353ad309b6f9830366e

SHA512
946ff4471788762a53fae11d012697ea987e87f2540dcb4ed78eb2eca7a15fc47183eb816e81af3ab3b6aef5083cc4eb9136b193346d28d1b593222f5c52990c

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
096275ccbbd9439b858e1c44ea9c68f5

SHA1
d80f8bcece09cf77c3052e62a6c94b2ed0590f51

SHA256
a11c3d23ba927823b83c7ac8552cfa3c91340247f8029d5a49b631de8dc21714

SHA512
d0c5bcc0ee6ddbb8d44f566fe090bf5eb55f09d5ee0b683437f58c75377acd5c6eab830ae5c3d4b498304a66809836f2f385285b5c2e1372a81cd009fa8f04e2

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
75be2f66238a101ddcc8b1b7bcd144b0

SHA1
a6ffb9ec0af93cd02422be63d040d5c5b9d2a35d

SHA256
077d5608b621d26044f9eeac801af248183f53e174f9a38d01f1caaf7bb39464

SHA512
95c480f40bc21f50e5bfb8695696958ff1490f434f355e4bc55b7b888012849656e847f51fc1531eba78ab0a67b93328894c01344b5ed63e22aa2a0cf196dd3e

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
5530f059c97cfe8f7a8a659d28bef391

SHA1
7c81c0e5f00aa5d1de35ea34e1a72f915c09e52e

SHA256
90598eb32bd79d7b89b40632c7c1fc71ee6c2d780f5fd531e17998a59a246d28

SHA512
73e662914bfed3805ef775150bc174f9da3c4225fd1d9ac7f44d88de1bb32aebf58b73508712d82e7b0c6a7a75ede759189d3b472095893a2954659c265e971e

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
54c21b73af63b2bc2666d28299f2bbc1

SHA1
0e21339b685ceb5b74bdaffee25dc21cba952fc0

SHA256
3468e09c109476cab2b45eb458d04b7176fa917893fb7610bdb76673d56a4fc1

SHA512
20f9c7d07249bc9a3a47a0d7f6d55b0658f84cad6d804326959f5ff84236a50a73140e57fb3acc7d9fc45544f7f8f8741f1bfd0764b9b617b91830f3c7dbe6b3

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
b672926af079224b383b64264dca38f2

SHA1
919b5018f631c889d9683fbeade0089da0d7742f

SHA256
2e7f66d477382b0b6fac3ce7547fb935b4c5ee501f77e89708fe3a255b6aeca2

SHA512
92f32131c921a5d650219de076d421b0269bfc334ff4c03e80b8f529672af41c936ae5d38bcf3255f514cba47c974bd8bb7dba811758aa92b76c5aba337262dd

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
deffd4fba35a856a6329a96c65b139ef

SHA1
1910e04263d47641ef3bfb28df49ea1999f97029

SHA256
7e71c8ce699385bdfdd47c8755986e6d3e1bf59e8eb571e2a01c467e3aca89fe

SHA512
2ef000594e5654e77a6e6686d974e01e7a9fe2f14b4d38dfeda08752229b2eca65016c2d9acc61faf8ee9b74f1a0f58ba8a64c2d2f4f8a421d1255da3b49323b

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
1.2MB

MD5
3fd65f952695c1a476d971e22937d80f

SHA1
d3f5174748c7bf0527e30ce84f3fed50b8d4b18b

SHA256
33639d87fda8d8b82708e72a42fee15c92e2da769dca2814cc3c29e5506c48a0

SHA512
1956cf081d18e6b68376679d53b8e3e29d908d9136c4dd5501e08c1e0cc11c6ab0316ff63e19cc18b739b360350b112a79b7297c823b5a2c3b71917b39aad56f

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
32b29fb37ec5191da80e5bd0215a09ab

SHA1
a507ead4ae3484220f41d7c91aef839a0ff70654

SHA256
403b6845003c6af13bc80ede12bd3a851bc92810e5d2e70a66643fc089da4c61

SHA512
482339680553c4894c6be59fb88dce1e0293a6ab5c06f3e38e40ea8678eda60ecaf63011d7a7c9578fad4edcc1b3167ecb8a256f0e42735b6952dbe2d9150e7b

Download Submit
C:\odt\office2016setup.exe

Filesize
2.3MB

MD5
83599aba717bbd3edd6146ecad5be166

SHA1
ccf90e82c5a2da46b10ba51a457de9d7cb8e3558

SHA256
4d3af490864c2f8d67ad0459833f57aca282d08d9aa3b159763b36f6ffa2c879

SHA512
7bf3b3c6c459efffa3f045c67251439114671c8e4311f04b31e047d43fd531199f37684725fcb1ba1e4782d354000367930319a7e328eb3cb587233f751194ff

Download Submit
memory/764-340-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/764-523-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/764-348-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/968-174-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/968-182-0x00000000007C0000-0x0000000000820000-memory.dmp

Filesize
384KB

Download
memory/968-240-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1872-13-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/1872-143-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1872-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1872-26-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/2076-222-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/2076-215-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2076-459-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2584-202-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2584-132-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2584-139-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2584-134-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2616-355-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2616-131-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2616-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2616-7-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/2616-6-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/2616-1-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/2848-120-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2848-121-0x0000000000E90000-0x0000000000EF0000-memory.dmp

Filesize
384KB

Download
memory/2848-189-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2848-127-0x0000000000E90000-0x0000000000EF0000-memory.dmp

Filesize
384KB

Download
memory/2912-152-0x0000000001E90000-0x0000000001EF0000-memory.dmp

Filesize
384KB

Download
memory/2912-158-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/2912-145-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/2912-144-0x0000000001E90000-0x0000000001EF0000-memory.dmp

Filesize
384KB

Download
memory/2912-156-0x0000000001E90000-0x0000000001EF0000-memory.dmp

Filesize
384KB

Download
memory/3344-255-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3344-521-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3344-105-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3344-261-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/3344-522-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/3344-106-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/3344-113-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/3344-115-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/3344-118-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3452-236-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/3452-516-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3452-510-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3452-229-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3452-517-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/3876-250-0x0000000000550000-0x00000000005B0000-memory.dmp

Filesize
384KB

Download
memory/3876-242-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/3876-520-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4132-162-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/4132-161-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4132-226-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4132-169-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/4356-253-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4356-190-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4356-198-0x0000000000BC0000-0x0000000000C20000-memory.dmp

Filesize
384KB

Download
memory/4796-210-0x00000000004A0000-0x0000000000507000-memory.dmp

Filesize
412KB

Download
memory/4796-203-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4796-267-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/5100-160-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/5100-101-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/5100-94-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/5100-95-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download