d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
Size

1.8MB
MD5

4fd4390c3c4452e6c6a00f61bee42f44
SHA1

c0536cf9790be7ccd3171bbf4b09cf4def4a3af3
SHA256

d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc
SHA512

2c61d8404eeaed368da73bba59ec627333ec0f4b34325173bf9eeb55d99eec1bdfae765146104697a42a8fd18a62d411a395acbaa3f9cea59c761092a4ef3bea
SSDEEP

49152:Fx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAMiLlBUKubZrX+ld:FvbjVkjjCAzJriBSTZL+ld

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 21 IoCs

pid	Process
4868	alg.exe
3352	DiagnosticsHub.StandardCollector.Service.exe
8	fxssvc.exe
2336	elevation_service.exe
3484	elevation_service.exe
1064	maintenanceservice.exe
4792	msdtc.exe
4820	OSE.EXE
4724	PerceptionSimulationService.exe
1148	perfhost.exe
64	locator.exe
4972	SensorDataService.exe
4976	snmptrap.exe
2152	spectrum.exe
1436	ssh-agent.exe
2252	TieringEngineService.exe
1612	AgentService.exe
1360	vds.exe
2360	vssvc.exe
4452	wbengine.exe
4288	WmiApSrv.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 36 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\System32\vds.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\locator.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\spectrum.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\wbengine.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\AgentService.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\vssvc.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\d33622708ed1090.bin	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM543A.tmp\goopdateres_sl.dll	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM543A.tmp\psuser.dll	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM543A.tmp\goopdateres_ko.dll	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM543A.tmp\goopdateres_en.dll	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM543A.tmp\goopdateres_sv.dll	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File created	C:\Program Files (x86)\Google\Temp\GUM543A.tmp\GoogleUpdateSetup.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM543A.tmp\goopdateres_fa.dll	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3352	DiagnosticsHub.StandardCollector.Service.exe
3352	DiagnosticsHub.StandardCollector.Service.exe
3352	DiagnosticsHub.StandardCollector.Service.exe
3352	DiagnosticsHub.StandardCollector.Service.exe
3352	DiagnosticsHub.StandardCollector.Service.exe
3352	DiagnosticsHub.StandardCollector.Service.exe
3352	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
648	Process not Found
648	Process not Found

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	5104	d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
Token: SeAuditPrivilege	8	fxssvc.exe
Token: SeRestorePrivilege	2252	TieringEngineService.exe
Token: SeManageVolumePrivilege	2252	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	1612	AgentService.exe
Token: SeBackupPrivilege	2360	vssvc.exe
Token: SeRestorePrivilege	2360	vssvc.exe
Token: SeAuditPrivilege	2360	vssvc.exe
Token: SeBackupPrivilege	4452	wbengine.exe
Token: SeRestorePrivilege	4452	wbengine.exe
Token: SeSecurityPrivilege	4452	wbengine.exe
Token: SeDebugPrivilege	4868	alg.exe
Token: SeDebugPrivilege	4868	alg.exe
Token: SeDebugPrivilege	4868	alg.exe
Token: SeDebugPrivilege	3352	DiagnosticsHub.StandardCollector.Service.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe
"C:\Users\Admin\AppData\Local\Temp\d711743d0c61b47b8eddf727d615a3069ef97474a6501753374c85778d71bacc.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:5104

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4868

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3352

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1560

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3484

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1064

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4792

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4820

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4724

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:1148

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:64

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4972

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4976

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2152

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2952

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:1436

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2252

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1612

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:1360

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2360

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4452

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:4288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
06fa3913f65bcffb15907632488589cf

SHA1
e3a9938ae94ded76442a7bda060751ef7809b5dd

SHA256
56e8aa1092946deee657d8f4ba47c661957dafb3339ce33325d6378c6bd875ce

SHA512
4985486ad3191a510b4f55a57af4b5335777c15db3ebc4e532733a04c074688a7fe8a2b7dcf582d7a4e3d76874b978fc158fca09bd6f9db7d32601202e2f5a6d

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
049d659626624b62292f6c126d0863c3

SHA1
3b3dc4ad4642cd56093cab462b01ee9554e9d142

SHA256
42213852577397c472174176e961c26bc05190fa8c6de1642412d58058d5d592

SHA512
17c5f7990ddea67b3a50a3006ac79528a0149f56d58713c4aee9b8ddfa19a810e5d4924291f6c006c6f2a58a5b12cb1c637ffea2a663abc55a63414a06b0c28a

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
32e2d1a3efd0fb7e8e43449348efab30

SHA1
6a7fa4154c0152ee7cf33429bc0f95da3e685e77

SHA256
6f347df01ca656f63dd0dbdfa365a073e502e7992d29e66b40072379bfdcd8c8

SHA512
2928e93bfcadedd83f1658d2fc71523e921fc51dc7ff1884928a5157532a01db124318f10feb3bcc7a129da7307b8af3270bc353615ac13e895be66f7dc1fa5d

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
f58147d64ce6232e3bcb15fb1fd5ec91

SHA1
6b2c4cc281d07c582be3dc8f1ea7fbfb94ef2604

SHA256
6efd5e17105453d3624039430fa94745e45a824cf4317234b6be96fd71942f45

SHA512
45cdcc10f7146336d42c6fe9b27031f57b778e7f5188b985f35eeb69d4959d05f28fad4b683a7cfb682af2ba46592ba7944dc520052852cdac9cf304ef33ec93

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
59cd7907563f2ac9c5b703f177003f3a

SHA1
96ef7e1f9101152a269822afd2f4d49c63bf47b9

SHA256
e04d6242f065657521c641997628acd25664bd9e3755c63caa5c65ec6d2044e7

SHA512
66286beaf1d501d8f9271f5843965bc771430feda80ad09f0eca5d6725c45539f4e36c3fc0df2ee4ba38806da73bc9e9bf0bf8951f1dc0eb87a94fc154f1eb98

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
083c119004d0bf55f493c8ed862079f5

SHA1
d0a853f8ff85ea114de9b4cfb908621d6086f004

SHA256
9fba6b7eaff62fa3c104a1fbcabe7a2e71fa0a571157539e221fc76d90490ded

SHA512
37d9b6229ff65f0b4768fd536719b65288667019130ff08f91ab1c1beb10082a6649933d1ec1b4f9ea5e9ba3a4dca8dc43302a134e5eb76cd3547af7fc115225

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
bfb8df834ad610418278ca684859722e

SHA1
90ded8a117a8c0b3a149437921e21cf89d65abf1

SHA256
76f6fde920ba436c81c2a21423c82ce6e46b3a80bb26afcda1269c51e07ff71f

SHA512
6a26417071696d03b1890f08c3ea21bbcc713affb70c1903a5fdd6723fbb3f88e91cab6cefadc689e536730e32bffd436a8b7de2d8ee33102e03f6565387c3bc

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.5MB

MD5
9ebbc7787f473affe186b44824ac4d6b

SHA1
525209e9c0e4f67af2c38b4434e9a1ea9fe1bfca

SHA256
acc7c0afec3aa13b28031ca23374dad8f2e9fde63df62e89469da3e5a9d7f637

SHA512
a499787f2c2094199f26ecb0c3e5e30bc16e260d46917fa8fc16f3cf48bc8edf975111aa6c1d9a398d24571640b184b2b1e1b1abccd4468116cbfc8846c73eb5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
02369e4fb47f3f8b12d09ce618a53d30

SHA1
96dfbbfe0cdbfef29d143508f362b2f741d472df

SHA256
894d31b3cebfd6d1dc347b39d06f5fe1c0af1796d905e33334962bd1e70a632c

SHA512
5181d4530c96cbae9d12a4fe5b4b7b91aa2d58b6f990cf57cc9ea6a878db5133af12458c855904e8b833061f69283c967a09b5495c92beca3501f7a4075e8331

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
3.5MB

MD5
40e834c366af8afcb4466671e3d41e41

SHA1
a928490140ac04d179d58042bdf6602d824f619a

SHA256
be50b5d62867f0e1a576aad740e85045f30d5324de0c6d0cf5e899f8b116cb39

SHA512
763ff4d23d444d3a46759d9211e25d4590a4c8f7d565047e5da1e840569841d135b530007c8dffcdbb3ac44e9222e9fa6841dde1823d2eee7c0469f3be3ab9b8

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
dce8d044cce99b1aa4c640b652c5be23

SHA1
3d78acd461229128e2f1ca3aa62babde2184c3e1

SHA256
cfaa52c61e50809849ec7821c01cdec25e09081d59852d85887d7045bb575c95

SHA512
0af9226f8b18ae4fb2860bfc8c1bf94fd6d7e666a5cce068cfa2e4034ca6148f4eb093642508691508508f63b0b53ed86587f8bbb889a25e116ef3a24d02ae5c

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
bf8611c0afe12388c954c4e469534c94

SHA1
7a6ee30f9114d6cae93b21b4c8dc6a361244f4d8

SHA256
13cc6ce78eedb13d04ad0d32b583d632db29ce65519f4cc52b020977ac0b2fe9

SHA512
9d873b77bb6a4807d14bf26098bbb13ff9a67b702b43fe214d43e834a3b87d352af47d66ee5d23683d70b9075b37908a45ab61ed1cfb72189d6c5be6c15d3009

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
e40c4c0d26b18a2f00b31993175d768f

SHA1
e0fbc58430d995250e9cad8915ec102f89ceb0b8

SHA256
f884b2025fe601872042cf8db0340198c872832ca7f814da4277f1061245c3f1

SHA512
90557930f9f4bc9bf9d64ba3f7940cec88df956d9edc26915ff66a3855acb41a7a22e46451f869efa3c55ce6d050ca973310521015b054f475a8fd11d4cb3ad4

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
76febb8e27b9f47d8c80f53559d9d925

SHA1
51bba192e07c3af11d82119a03a8fd73da932e45

SHA256
f7c6bfcff355fea90621342feef32aa6de968be7118feca73b0742f658880be0

SHA512
79002390ebe11c85bb36cd2a0c00e727f12814500fa9c06cec3495ee375c39ac057f028a1a4975fb79483d48cedb7da82dac2060bd484beb7151f1ad93675286

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
5e3dbc0ebde07c216db581e127e4d1b8

SHA1
46e38a2c3f34ff80688b0d5f17025b472b1910b4

SHA256
b0a3274dd7596e76126ca433a8c4f77085bda5d48f6a96e84e4a1abb5660ad1d

SHA512
3c8ca3b13e33ab2e58120fd452e8ab4df7233c295566e93a69b4af3fbb3eb29c578d824f7c28f0efb7b1fa2d86137b72d9d88f6b776c91825db359ebfb3c8e2a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
1661796628051cbeba38f9d14127423a

SHA1
4b3618aa29431537db4032a677988220ad2c069e

SHA256
6752ef1558b7487dabf48f49e46f9cf911c30f3629e7d0516e5d746ebff81102

SHA512
8134d8a18a7fc4dab349fbe4d25f955abf584ac1bfc8e4dcbb1961d90fe4fa1d1db5315ec7362b26d47797dd744e2960334c466cfc8d3c6c7b065c2c11b13767

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
bf00b7d38ff3e23c4918746201bcc0b8

SHA1
c79ccba022c909e39a629d454b2da001aef98d61

SHA256
ca116a5d496bcef35eca2d802044179ea05885f59b8819d7e04207e81acc8446

SHA512
d7e0c6e7176abd20f98dd3352320277ae7e86cb732938bc220467a47112f0781adb2cb7a2385487d4b09739ad9af8ef8e4957884424597e1313ea30bc434207e

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
89afa28ff87269c234adb6ffdc2e6657

SHA1
33ee2d637a50e196a0aa5635dbf98e9959ae005c

SHA256
8ef65831cc0f3ae3d3ea983aa94606a952998e0ae33277039a117dd33af6f55e

SHA512
d74c3b04aa497ea7f6e76856ff62e1e457ffd5a5cea6be26a2d4b2b19451282df9cd556b28a1f8a192e4bfc887e751f6df921f4feb2a2827da526fb20e744f04

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
e122da184ee7be26c6eaf6691d3ba89b

SHA1
c5027ff8dbfbef06498d518d2863fbd5624c850c

SHA256
6b17910d4450e51c0cdfc78c0f992440907445af35afdd9315a6a25c0a1cac5d

SHA512
8e4df152ef163f24d0382226473b2193ec7d2a978758344bc5ee89da90bd5851d83208d89b08ee58ef511cfdd8dfeb3da064cc19841a181e7fcbf4d8081485b1

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
cc6f8934918ab4dc035295e38571082a

SHA1
f1609a4811df07d70aef1ec8193a01a2444eca0c

SHA256
7c7ed2c9df07fb03228bf09a36e59baa6a4b55c02bb3b9b78fb0c21f44279b55

SHA512
5fe6fea431aa2065f2fa1e9299f90ecef5cf2e068a69f7a69b2c7d6289d184d98de734232a873bea48838c6b6558ecd901e35c03fb9d0e875f6c3af7f52aa983

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
99a922771536e5719683903ab9c2943d

SHA1
0a57ab9b71aab262a5db0c7c0050e584bde7e825

SHA256
a839fe062e6637713e7bf1e2bcdc91198cf24ec042045dad395067564963ee1d

SHA512
be9dc42d82acdad7146dfe3d281abe5d0493fa74e312a82ae529e88532bd8c626da248f2019551a7c5aa6017c76259c1a2ba158c12c0c3aa6a747411fc93bfb6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
b7e8cf2f3a8b26c85c6a40a394445dee

SHA1
d0a46744b652c9dcf12602221832652687f67cf0

SHA256
0a1aa39dbe6c06138fe0e252c84ef03ca8c5a2a4ed74cebb44c9ca4b856669de

SHA512
3978bc3833c2dd235cb63663412ada2c09632c457c5e6bf72145637a9c5e34ba27afe0adbb74af2ca89098beadc4631eeddc7b4501b67feab2fcff71d2a9ccb5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
9b3596ed7c579a30e39b62eccdd20863

SHA1
c680ccd6cbab6a432bf0155dcf95b1715cd9215e

SHA256
044ed7a0f81cdee66e27c62725dc0de7923dbf5dfd1f14e5cc95bd29612901e0

SHA512
5b942dd48ddac4a9ee41e7ad3949162b1d6e89e193caa3fcf98356a8952ed4fffb21911f23edba366893c7b5167c804c17c12119762f0e12542195021274fc26

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
49c890ff10f337952275b2042b721e14

SHA1
b0a058006aa8d328ed8101473e300c5a55bfb676

SHA256
fe29f7cd531e58ecb7e70522b05fe5de546e55c718b2ccd076bc661105f4149a

SHA512
0d03f6e4eea6917a6ed36ff41981e9bbd0ab7dbac4a936d462c7b83291899763b3fa4a7eb76faa04068094bf05ca93633b23d2f3f90cbced1f29578d9e5db144

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
1d53373ba2a18e2ffe028f034f3afc7b

SHA1
ff4c10a59c70423c3185d1fa7299e5a5b30d9988

SHA256
f95370797ac12f74728ff0b33efbcbfae567f257a0852b72f7ff466a75115298

SHA512
62b0a87b15d4a821447c77261f9bb7c82fd00b7e76e5513eb5262b5a30c445f89bd83c0bbc0cd8d05d76e896b8d14e74b78f6896908a8c68a648208cb1ec4d4a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
f4ca9c9f0835949b511d735bb534ad9c

SHA1
4c453dac9105428def534b19906b6b0e06b23d71

SHA256
b14abe489fc08d8086c5a88a3a5be85e4e74c1404f849192ef66365985719d91

SHA512
792c2158311c40828be38b484a9e1f0911943a44f07db7e1b6a24ce0e94d1a7d3e6cf89e381514d73d1ffcfd475e44f3aaa2bcc7838296f3b849f72da49feef3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
96f40092b4db128d5ee0e3c92e01e4bf

SHA1
23f96ef60fd6bd53f0a860f2ea5091788fb79248

SHA256
cd98011463fe9965b2a566d232538b55b4747bdd343feaf261c090facd0ae68c

SHA512
4687aaee33f93820e44fae72ed69471460a3535535731a2fe80122aaa0e41a3da309ef24d13f0dd51b1005c36d10198e25b06a82da2872c60d44f12b24cee58a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.4MB

MD5
4bc6e78ea1d8c906d5dc16ac2d68b175

SHA1
20d89736e4b4db559e7420e58312318e4e289829

SHA256
eeb77deda6c745c2272316c8fb81db035e340943af1a38803c3fdb859579991b

SHA512
fbd2d0ce35ed0506c4f161812792887054f4126b01ff58025369ead4cf2d7651563016f591fb8751abab600dae66c5479884ce0465437c2c829845b6044dff0d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
b5d54d7707740a820e5ce761c4de261a

SHA1
ff1d8b074b4be98caa22852a93ca1c12d2975aca

SHA256
86b4c28fcec015224e8197dbad3ef64ec82303b03b82d3cb72b1c24b81c39eeb

SHA512
53025beed4a980eba71b259f12194905cb7b086750b44340973460492219fbb7c520f3f4be800db8c9d8cb85eef08193fadf9273914094614f73117eb2eb7127

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
a4e4dc8e4227998b65fd680f6e57f1a2

SHA1
7617e5171f33560de643e0c06935b74d9c883aa7

SHA256
a0039c4b3f2aae72cbdbb294977f6be7366066d955a5c940b8a9243aad305a82

SHA512
0cbcce5a8055c06ea2dc2ce0dbab3248bea8d4d7a806b389c487b3a83d4348bb3cdced9c4c94ff0d81652db3f6b060fc9b059765f20c0967d4e66b38dd702924

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
58d38100a5ab2464004ce7688d21dacb

SHA1
28be5a11a16b5ff013235bfe37f5219718050677

SHA256
1cb3286911471e1192a5129d43f8fdc94989e201a183803ed3c7524c8d158d4e

SHA512
4949b14683b12ab6f00a41152da08ca7d6c264e1ef426e3b256c8e7a2cbdbba0e19be2052aeb90d012fc4079f12f3ef71c45706fd07ff29344843d5f1b3e75f1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
08c3aa101f9da15ebe8bad6abfcbad55

SHA1
551e358abe4f8c43f7b8d5f3ea822a7877bf6a43

SHA256
5d7c02a5eff6151e6b65b05b48065b74f8702cbd5fd66ee2e33a4182ceafd449

SHA512
62f2a5315867b56b3852538d2268ccf75b4a29a817ec0fa5f094c1a9d4f641cc3d30fa7984d5c00c431cab811ae1d4030478628917e4c5bad32a0475fd538dee

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
0f3a9aac4994ec607e74a6e743369b3a

SHA1
5b9644b7a21affa7f5764b5fbab8e65a616910e6

SHA256
9ead2e88117d167e28c396891518e0944ff825ae8dfb105859aea6883e62156b

SHA512
987264853135ae42c7b479f2db1f45eec64bde3eb539242fda9df55acf0a7c8bbb384ce04c599c989e26c3473b0867bb139b7a5fb551f00ec792cbbdfb5f9bcc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
260d751dad2d6ee06a5c0f9dbdcadfd9

SHA1
20fa2d377e958a52b50d0f5089419d130913bd5f

SHA256
9c1c80d8443001470e2c6a6b03c1b9aa74b5a33a120b1e568a049f7ed2385d24

SHA512
b8db403f8ac7e8ca2abab0727477f684e643d436294249627f8f1aceb6b3c64be5e4bcb9d895d26f9936ffaadff89a8e2cbc21820fde8b951b8ed198777242e4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
6267b6446b08688a7a7bc7b0f13eb1ac

SHA1
fd5cf019ec0acd2cc1bc6ddade16bdfabea10947

SHA256
fe4e332e72c6529cef63b30c6649bf1d6f6fb8f8189526727c2dc87e9a6e5faa

SHA512
507a167e35772694fdd818114bc2c170bb7bf6443b1833ac1f2240cd40034b7cd5d6a4b385c67f79ceb37ef373e41e43ed6fc4b20944e26894e4f3e69a6902db

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
8e339e2c179930e156d9d4f32b0deed8

SHA1
7d5c4379e0b89fe5cd0a328ba7c53fe9dc6301da

SHA256
b756e6afe843723fc10853952ec908bba9a06a47c37d1f279711f0c9a340428c

SHA512
1e928d0335743154eb7cbd2092db2eed547a89392b1b6eee73aaa67efc19421918a2cdf50c4c93e822d7cef98dfa97c92e3f3eb3ab93ab573446febf04ebca1d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
f4a8ee588adcb904578cc5e3985e0269

SHA1
21dd925283d0c72694bb09b8170c091cc59c968f

SHA256
5c8329c03bde20bd304a25f65f2e57e1dca720632df6e93a81b837364bd13e02

SHA512
11944bbf1fa0f25b5cec90b677720f6c48b47197dc7204f3195d4593be65a2aecd23582ec168c7b45045eb5ed1aa07608628347bcc0ed4ca73ea04d19a8e44a3

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
f741e25dbf7efda59d072c6edc710dd1

SHA1
bf92b0ab1749dcc5061a4b5d460832dfea990229

SHA256
b765cb34f6fefc24a42cd819dcd472cdb1dcc250a89a18cbe013f3062ff220b5

SHA512
fb3632f3b9c79d63491adf7dff6ddfa0e845d81bb90c63f5be2b29e04f885b5e40cdaa14c18e2656ca856c6bf8aaefbf9ab9fedba4469dba10221c87dce8726c

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
6a4a000ae4ca711c21253289fed7cb46

SHA1
d64ffb496eced1abf0337099dda737a213056e2c

SHA256
42c9ab5ee143bc024b0fa87bd3da092dcab38150e02a47b3e718bd0e9915d2ae

SHA512
19a1cfda95c4f721a4cfa7ce27993299b27cc46afb2d9072b63193f43238157982b02c693d8c0d73be7c58eb283610d784f6700dab7ecff6cefe4ee890d008cf

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
8f3d49f67515835686fe238061254219

SHA1
997acf51e294df68d2c83de9caa990c47f804fdb

SHA256
2f7344224647af6b3a3fba892a591264055b7094a28f46a25fa8527bd51516a5

SHA512
b806ecdb61752b66a54854a327fbf8a81935a05c6fd1a0109a60898de94ed514a9131a75312207881d2b011e1b31824f0ccefbd58d4353cd0cb5a926f31ce7b9

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
5ac5654ddf2324bd337ec47870b362f6

SHA1
00568c3b018c49df950a04677cd6004f608c87bb

SHA256
8c081252e2fb442e7146c0760d86ee80e769486c14db26ea86b385c6c3d6941c

SHA512
f435c2f7e7afa5f175a320fe2197b7d32a79b40b39245d73da320309da200a9450d47313a78a086e7aefe0d44d70c6c72bca8a1d4300c37ad5c6289101b9619c

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
37df6639a2cad67017d67fb3fff7106b

SHA1
6b4072beded341a03843f682f7f126ac3c4dbcc2

SHA256
182d6bfb41d57f670ae79f25424ecde94792ca0a3bcf4faa6e6be5a7426827fe

SHA512
82880ee3020fdbc78a6b233216e55073c9196fc37360786999e916f034d64f2708c99567c8c682335a467198e0f18322906ca185b7f0438a3bf7fe9f69d00adc

Download Submit
C:\Windows\System32\Locator.exe

Filesize
969KB

MD5
6e25da78df85c2dec249faa3a8158a85

SHA1
7edac88bb8a81b84290c777f37fbcb23a6049503

SHA256
c1f617a23cca7ede790e178182720f1a93deac7f7fed61fceafac9d379d73c85

SHA512
ab41885e7ffc0cfa04495432ef1af0db55a710064ef171488660b46d56827e4dc9f64f413a4db52b0a9f79257b2384c72b008194d5996f7a4500dabe21c58d7d

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
26ee708c59d269fa19d68c6a85b9e439

SHA1
12d696de79aa7f1761e819778c7c15c261faaacf

SHA256
062eff4fcc99dc137527a2851f9ee024f5ac52157f965b96356836433f6cefed

SHA512
7f66b5811a9325ed21338eb599697d024f80bbe2d7f1ecb909a5541c516f0ae2238c3589effc93636cd7b791c24533e1747544c7b1cf45e177b64eb69f49160b

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
c6bd4bde2b2acd03d4a5e0caab87a5b3

SHA1
9b047c718a345691fe1778c9f0b8231d0b9293f6

SHA256
e7378de923562226b5953c30eb3fb791e686ab337d9b3238f19229ed01e6a618

SHA512
11a16a6a9b7db160102fa04718787f43c73880cb2669ddbd0d1986ac0645054e5317f9fb9a29b2e8979825b96ce7871a4377bc8f0fae85c4f288d87e85831d50

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
30c03170eaa8463c535a9da679d04dd5

SHA1
05a6191b673e66e00cb7ce9d4329a3c5bfebcf5d

SHA256
a82b35481d8a54a29accfa0e3a5d47260530ab722d223e03b8d1c09d152e0dd4

SHA512
8259126ceabc64faaa26fedf3525a1293b9183ed56125dd0deb886434ae6f61f8acfcc68097e5d7a8b911bbc292a96c8713af74e58444f6bb418675f315fef93

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
3b5bb4d5629e98696421148bfc09398d

SHA1
3b5ddd8165e06e60c39bd1cb544e8a32ba07bfab

SHA256
afc54bfc326d018edbfc2c022408a2d1360719e95aa2782f6114e6621e0146be

SHA512
8fb415d2be389d4b2a28c8447480a7e5b21d593424d4bb55b276d683c5fc822e7b8310e3c77712bf6b76de4736c1753c93ec74208b978bb0233b2f609f166c1f

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
2e5ce64616eea17a972820882269164c

SHA1
b8a5f6e9e60f2a16edcee65102a0871e5eaa4fcd

SHA256
c5ef68303674716e6e86d18a40d3dc9f3a0f38eb5eecd51562e9b50d700874b4

SHA512
a494a2cc406d12e7ce75b0422ba00212e865d502bf3a04a64eb2e55dcab7764dbc6ef00f44c63aba46e8217913383af92a8f87a0660d110425d5d9796ac72287

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
c8ecb614c42be957623ed85bd45b44e5

SHA1
afbc5ef36f3538cba7faf6fb20312227b005d1de

SHA256
974d030a97f2ae44b1f94da56838e2012f2a6e8cb72738a0b90aa9a844360805

SHA512
2a147616022a782b18331b5b94d5f78e935b99affaa70c9d7be402b782384d49fdeb235e1299ef69a1bc4834b00975e0d932feb02ad970f19400ef5ced7abc86

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
e59d0106defb5779063976bd18b5fcd4

SHA1
e0dc7c2ecbe19479e499f9298c4472ee2245590d

SHA256
5dbae7c2a3822ef1648961ec00d08136bc9b02e96b37f876a7d13b9679222415

SHA512
1aae41e893e4911a8a15a443e2475ec2e0c5d5673be274924a81e5c92f6c77a8795fdce69db0247d74f7c354bc864111d9ffae9150c63606147cffd9e97e0dee

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
2ee1ed692205ac29bae136720bf2ebff

SHA1
e085b20b11075b2cef715c6cba9804621ee7b070

SHA256
2207cec92cce45c9c4840f12c2470a6372c63055e55686b1596f6da4904ee52b

SHA512
7ab6380df607ddf76d5717833d89d4d9af52b64228702a640f5cc24d58f9cdffb9888df770a302a4ec68afef8f31f3ac3fae44c5bdde95d6e44cfab70e0da02d

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
0c697073f8639acd8025f5fe86adc991

SHA1
424f69102b632241effeac2f32358272a61452ab

SHA256
60f27c3764dcf6cc4de42e822659deceed50f49fbff7cf6242bd1db519b6702e

SHA512
c31c42f037fe989788c1785d190cb36532accb4e5104bed9600cb169aaccc117616a005387d30d75e0d6ad6ab9a175ce2bddc160652f6646acda98d9c425e21d

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
993250dc3e3f50ffdbc55a32780f7512

SHA1
f6f1b71fa32322433b838e739aafd993c0d20f86

SHA256
c95a5cedfd6a99e913aeb7a94f89e6977a79846609b21089fab5b68030a4d412

SHA512
d57815ec1a9caa44964658ac1e07732f268a509c72c8ee5fa4c21b312f1495756ca352ae43982654a993488ea4e31b823e61b0cd42ede4429bd770a82f9ff5a0

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1024KB

MD5
3a6c53899002cfde8e59a50fbb804330

SHA1
0cb94a049e1754fa853023700ae84e3385b5e5ae

SHA256
a2e38896835c4dce77e18517d4db38c138ea2c6e825ed266adf17715aeb3267b

SHA512
548ef565ff137e8947cd53463b5aa3c8e9e9d59265294a26356800154276c12b24d13b1a1fa26a7f216b79c430ff4553133dd52c32efc1e538a08a15f2b9cc58

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
f6b24e94a52815c41cd0f5234871659e

SHA1
10882f381ba73ee3fb8d868cecfec85a2df0a62d

SHA256
a86a29ffb6075f406f7181572f85ffec425265e2a41dc67be0b023e8c0b2f257

SHA512
49619707d8749058899b4e600d9dd04e372ff1cbd0c760efb018e4ff85f964d9239a5c042263c9a9e1790d93fa8b9c182dce95655fff87f65821b7fc7867f30e

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
997153409454058286e065f90b83f071

SHA1
cf4e32128b55905c568446549a44fdb3c6bfd605

SHA256
17dc3c4d42d812ba6bae1a67d85b13647048676395a8f8c56cb79b05c42a0c9e

SHA512
20496847354311b19188a96e8641737414d33ca8c4fb13ca3240d8b097b6d95049ef22cd2b9f7f3b9f4e8f231037690770e5724ff7534721634f2f8f05c0f9c0

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.5MB

MD5
4ca2a0850815b683eb6461dbf5b53110

SHA1
af3ba2e0bf1d1cda1350d595def70feb02cf1249

SHA256
be18a7bb0fdef25dc3f07294a19e04129e5d4e5e33d1ee71027c73c592672cb6

SHA512
b94a437651851a29c46de0b03a6d50a6205e9ea05efa792dbc76fe3bc14b147429a95ec2039b0bd7321b7666b8866d58bbfac742a82582b16dbde6d3f30949ff

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
d3d16a5e76200bb542654493784fbfb6

SHA1
0d1c4d3e82615dcc5b8445157b039ddf4e80eb3c

SHA256
bc60c4dfb91a93839c4a805bf3185340d3c586441157d62ff2b4411540581952

SHA512
7b87edfc6c0186ffd446351d3b1be9e08ab79835d03ef2ec3c1e8c73fc74a14b402378b00680bee1b68cc192d1ddec858bc75d6ee4a2b55543dc76f90f5bef38

Download Submit
C:\odt\office2016setup.exe

Filesize
3.0MB

MD5
99e30e4906603e1800e81168d239bd13

SHA1
5a4e3985d935e456a6275be47dbc0688942b6b91

SHA256
fe76f8241b62c62c82c23e3daefc7ee7ae00dcac2430536fccddecb580068e72

SHA512
376af8ed5e38b5e6b37f85d6d8f54695775d83c8230bbe6958f2532ba29e871f2505f18d01dec98bf9d51dab62a5de5839555ebc46f8ed277113187c28d1e3e6

Download Submit
memory/8-105-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/8-106-0x0000000000EA0000-0x0000000000F00000-memory.dmp

Filesize
384KB

Download
memory/8-112-0x0000000000EA0000-0x0000000000F00000-memory.dmp

Filesize
384KB

Download
memory/8-115-0x0000000000EA0000-0x0000000000F00000-memory.dmp

Filesize
384KB

Download
memory/8-117-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/64-213-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/64-206-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/64-271-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/1064-157-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/1064-143-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/1064-153-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/1064-150-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/1064-145-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/1148-202-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/1360-592-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/1360-310-0x0000000000BE0000-0x0000000000C40000-memory.dmp

Filesize
384KB

Download
memory/1360-304-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/1436-260-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/1436-327-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/1436-268-0x00000000008F0000-0x0000000000950000-memory.dmp

Filesize
384KB

Download
memory/1612-285-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1612-298-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1612-299-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/1612-294-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/2152-244-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2152-314-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2152-254-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/2252-281-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/2252-411-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/2252-274-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/2336-126-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2336-120-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2336-119-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2336-189-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2360-315-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2360-593-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2360-323-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/3352-159-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/3352-95-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/3352-101-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3352-94-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3484-201-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3484-133-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3484-138-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3484-130-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4288-437-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/4288-413-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download
memory/4452-329-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4452-596-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4452-337-0x0000000000C40000-0x0000000000CA0000-memory.dmp

Filesize
384KB

Download
memory/4724-197-0x0000000000600000-0x0000000000660000-memory.dmp

Filesize
384KB

Download
memory/4724-253-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/4724-258-0x0000000000600000-0x0000000000660000-memory.dmp

Filesize
384KB

Download
memory/4724-191-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/4792-161-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/4792-160-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/4792-168-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/4792-225-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/4820-239-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4820-184-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/4820-176-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4868-87-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/4868-142-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/4868-12-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/4868-14-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/4868-88-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/4972-284-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4972-217-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4972-591-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4972-590-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4972-227-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4976-301-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/4976-240-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/4976-231-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/5104-131-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/5104-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/5104-421-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/5104-7-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/5104-1-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download