fd09b6ddfd9f33cab80feae8d69e8fcf60834c705e5c7daa378b2d0b8f861def

Analysis

max time kernel
81s
max time network
86s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-09_274ac7190864218db67b456f910e8684_ryuk.exe
Size

1.5MB
MD5

274ac7190864218db67b456f910e8684
SHA1

925c764a0541c5382746439d97b347d9ac79ff9b
SHA256

fd09b6ddfd9f33cab80feae8d69e8fcf60834c705e5c7daa378b2d0b8f861def
SHA512

327ecf5b5faf9dad54bf3d453cf32634276a83147e42bcd77cac4ae52deb61f8082bf2876561804420437c9c82072d97fb1e32ee63dd23a2f79a57e06cfe3a40
SSDEEP

12288:XObXA4LWOsvAYFTLcZRXPiqwIkFPqQKj8DkBIHCP2sEMLRv1vIVq+:4zL3UTyXN4qLqEIH7sTrvIr

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 18 IoCs

pid	Process
2304	alg.exe
2548	elevation_service.exe
888	elevation_service.exe
3960	maintenanceservice.exe
1856	OSE.EXE
1108	DiagnosticsHub.StandardCollector.Service.exe
1680	fxssvc.exe
1600	msdtc.exe
3412	PerceptionSimulationService.exe
3768	perfhost.exe
3400	locator.exe
876	SensorDataService.exe
640	snmptrap.exe
2828	spectrum.exe
3960	ssh-agent.exe
536	TieringEngineService.exe
3856	AgentService.exe
336	vds.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 20 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-04-09_274ac7190864218db67b456f910e8684_ryuk.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\7388cbfa205991d4.bin	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	alg.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	804	2024-04-09_274ac7190864218db67b456f910e8684_ryuk.exe
Token: SeDebugPrivilege	2304	alg.exe
Token: SeDebugPrivilege	2304	alg.exe
Token: SeDebugPrivilege	2304	alg.exe
Token: SeTakeOwnershipPrivilege	2548	elevation_service.exe
Token: SeAuditPrivilege	1680	fxssvc.exe
Token: SeRestorePrivilege	536	TieringEngineService.exe
Token: SeManageVolumePrivilege	536	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	3856	AgentService.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-09_274ac7190864218db67b456f910e8684_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-09_274ac7190864218db67b456f910e8684_ryuk.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:804

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:888

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3960

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1856

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:1108

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3996

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1680

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1600

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3412

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3768

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3400

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:876

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:640

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2828

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:3960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:1788

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:536

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3856

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:336

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:216

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
PID:396

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4052

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:1048
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:2084
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  PID:1904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
e53404aa7bfc400fda68be275f7065c8

SHA1
a080975929000317389cb73442699a540656db83

SHA256
92521358854685a1a39ec2efe3a2899cc4369e8830096f26e83ebd57da1eaf2c

SHA512
bb2586ba58b7c1fbfe416b835c7b880da02d8625459fbd2c141fa02b4777b24cd4e27a15ec501a24b9eeb4f104d253364d7d2b6b45de33a62143c8fc7649d8ad

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
da0872802fd89d3b1af87e3d97e147d3

SHA1
8cba2aeef5fed8b5e107f738bd57a44f71aeaa8d

SHA256
199dafa21711545a11243a18b352c397f986a8877df786326b828efd0783ea2b

SHA512
2975f12df2cb0bd1a8e024e0d249258b82999bc3adcf365c4a0e52bf71f9f82a91ef1f6da29b1f2b54ebc7466f5a26c1e92ff8b9931739aa0ee7faf0434cb614

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
d327bd3882193814a0a46f14aa0da017

SHA1
3e0960d320aea813b6e13f821d676c0e2b3d8ddd

SHA256
8c50c8f4873c68a7ac729963a4dec7018c15f8931d333e8e2c3400e0d83ff4b5

SHA512
ec1ca202688d55b5fbfc8462c93019a42568edcc91fa18c377423638023a9a9d5fd40762fbe8420a73e7336f0be8ab78a0ee8e3a4fd5cdbb89bdfcea511b00f2

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
556185dfdd52849b563fe2838cab3c80

SHA1
46860ebbaaf223f4df92d640c2a8400355efe9b0

SHA256
7132c1b232841d09df7ce840ba5ff7346203da20603ec91247c07abf6f6d921e

SHA512
756c8a01022152bbb8151d74f791d594207e337a83eb00dbb68baa4e7d29542ac535bb0ed7141cada038f56abe04d6f1283236ab59cfc104c27ee1669e57ecde

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
f00dfde477489751ecc6e6ca1450a7a1

SHA1
40eca76b27bc10b92d4b4c6e229ae724043a40ba

SHA256
28b98e2032afdc21b04d1fbef34084befb00a760a6f7be3ab2399b4506ecd481

SHA512
26e874ee5e6b924dbee7101b357f502fcd15985ee4f785a0285e841427360fc43d0dd4c51255a3271966a2924bdace60fd1e5dbfdc29d32696512d7316dbaf12

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
841a4dca99e38219420f683a8ee1a486

SHA1
056a047feafbb6e08b3a1acc23a60e60477cca0b

SHA256
c996ade5de55c057bd00710fcbbeff909145e92a28416d87ab2e2d6fde448cce

SHA512
8797a28a16d14ed76036e93d4084bdafee0ae4529327036b4962a680fded0e026c84461284e7b0c8de8f14c51454074f602aa4d309b5373cb01863155a742138

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
93e253cff426c8452acb50dfecdd04f2

SHA1
bf5bc94033a5dd1b8ec0e5ecd7bbe3cda0e58207

SHA256
efe696f387eed990ad051deba9693c43d020c90fb4cf38905ebe9a1bb185db3a

SHA512
34a208ab719ca7c90dc8b4ef644ac9c5545ca526ed0d0f4e8080a21b695555b82aff42352f8e77f06bccec136aa7c1e5e4e0b784a429b2bf6794ecfd7880c9d2

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
25af2c2b8246db27f23af58695edf305

SHA1
3dc736ef68df0c77cbbaa237da7b74831fc6a10b

SHA256
6fc77cf67000e14f71682d5615a7b5c7e3c0d6beb7b64084cf592eacb9497e35

SHA512
670ee0016cdf8fb728726cd139edb31040e146c901daec636deae255ba9192c77dd8ea936cc6d1aba2a539b0db34f52919d44326d7a8278e9cc3ef9106d88045

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
6a323eed5786aba2aa48873359211357

SHA1
5854b80656d0a2e414a39a9a988489ccca208505

SHA256
6f71d186243e10d8f08a1223c1a505eeb5ba58639e539368daf2b0519e38df99

SHA512
783dda7310bbbc439bb348d7bb1114a685d4f0cef8aac6750a1f556214c17f0c65e34fb8efd5a89c3ee6ba96b1d3f0abbe6e561832b70c85711339640569e6d5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
4.7MB

MD5
5ea0840ed6c726313941b6573f22cf32

SHA1
d1b3ee188bbae04ab198b699d242b927906d1f1d

SHA256
b0dbee611300cfdb6a4f6acd3c94c6fe0dafd8219a05360a256abd66a1d67ac9

SHA512
e18d1e6214ac9967496065350bb30eddbbd88cac18280e153c41137eaa5b45406a2b2af1c26cbf0e3eebf6a18307bb29bcf9da5d49dabba3576964ce7852cb22

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
8857f6770968fc779c33e488489ea527

SHA1
8d9bb796dcf99c826cfebcde44689d17c1f8f750

SHA256
34af5b25dd89a7f41952f16ad8973959e91a005fd836295ae94112e6d03fbf84

SHA512
fafbc91ea84b1f7ebc9d0fcaf2697f2b43d1fbe8ffbae53d255cd708bad8c4fda189809d9f665705b7fa8d899c7334dd2b764f799a1f38db3ea4d512ca3093b0

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
d33a4611582c61602dc1c32975054e82

SHA1
ab89aaaba70f812d75cee92aa9e71106f7998e1c

SHA256
91b0e1825a25bc8657e07c0a67f807601b3f7a9ac8427a3cc9881373ef04c3c0

SHA512
8df48c30752f57a4b1f5ff0ca6f11f5861852037702a64e1262d4d1c4326182cb067bd9d00d33ad623f84f47d90864dda250b5b27c3449a421bbce23e167da32

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
44ef9ed69044fba4c1c9335dc8709c26

SHA1
6f3e19e252e6c48166a76d2158714ac19132db9b

SHA256
f439f87510ef408be207709925a7725e19b28d1653836b9702f27c98bf61f226

SHA512
206f98c0195fa288f4f866d10b6fec35cc8d89753076f8d95549e5e8d9178c63160dee220492b2119afd3a8d659439287cda0ead90d78226f8076f2b943b26f9

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
80bc0a3223444f647fd4ce2a9cb5de67

SHA1
c8025300addee88f90cffcc2efa883791eca6204

SHA256
8fd32e4f62fb294f6be952df2f57814e84528f1a218af35055ce2f175c0684d6

SHA512
daafff6d1f2639f3871455a8994e890001c09caa19b46e4628d878fac45ab20e16c0da0d6bac95f57bf83c071550402e6b0422334f6c96ddee87890335a46138

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.7MB

MD5
b3462dc97df2e0e6d9d090c908b75c19

SHA1
78d9ecddd3d67e961d411a22cbce67bd5fa4f6ab

SHA256
22d095139adc7d0600bd0bbc9ac1bb5cce7b1c08d63ededb18f281fa0e0ac7ad

SHA512
00a59457cf3178b58df184c2e2a84c4063fd00536c39e659d8ac61aa4ca038d281a01d38698dbfafa1b59c71c51f432dbb418e91176182ed1cc98aabb23fc08f

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
2fce8ee146d412fd2902a42e5cf9f6d8

SHA1
3790e830c363f6b51c92213a50fa2295a1734660

SHA256
5a2aaad8c399ba701905252a1d0fc4b97f73d01094105c26e2326b64b242cc39

SHA512
b83be8faf99aff3b2a7de471f006b2dff066742eaf5a1996af4335258bec9a61120636963d6cee8fce0d4574bf1fa036fe9ef8e327ed97e17cbd9b0fcce189ca

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
e02d6ee7128ea8f63d0958dc08aa931f

SHA1
d722d1309214a8e57667c347c697d8ca8206a456

SHA256
d999f12ddfec8ba6df5b918f1abd7a231395caba3ee8c692f417a690f26f369e

SHA512
6fc8a65364bf9eee19bb1898e1fc891903744dabfd4149ca953830ec51a5bd7f1f0141e1abb6f661f1caa6b7446b19a4e56e57f73afb8309ba60a285ef179905

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
1cc8c71863c06a5c697e08a3ee69e41b

SHA1
956ba1456e8c920459ed858be919af7428206a43

SHA256
5e8c9c9560742a11b881b3049e79cb99d1ad6ce9f0faff864c61805048eef762

SHA512
be1e18c8011611956300fb5306466ba027f477e7d9332aaeb7e6efd86f1e642157ce853d09805847c5c5d9c7cfe38a5dd87532d1964b82897817f7eab0d58903

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
f26a4c297a573e31f118e5ae0c7a882d

SHA1
52ea311f6ac9e7dab198e2db4f250add1cbadcb7

SHA256
f96aa310ba3f0e9a366e044756949d1ffbb76f6ea9368556ae23bd9b43c4a108

SHA512
ba50cb9df368bce9fdc7140f5db1c31018e594bd2a3d43730f38547e0d4538d4186dca98eb6178cb2fc26ec6668eae75780e66aa3fe6eacf77433baa86a2086c

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
47d3a0c0e0e3017491a38ce4d79ca2ce

SHA1
fbc7fab87b87ded9030ba38e96a548d0ac97ac36

SHA256
ec75bef02b98b683c7b394424545a1f5063407f86cd8f6b4a98c767110348a08

SHA512
42beb99b2eefd16d0363c32c70793c5f33c139566e7ac8bff189c31d102e031f094a37aca9bbe1959d960245aca2af4862d17f7b050a4759ceb1fbe30e93930f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
388e60617c526cb4849afeb81f4835b9

SHA1
e79d6e1b8ecff046b4923576acbbffcff64d43c5

SHA256
f223cf3b5e9fc5956d91137ca9f121d4e372c7e1292bd72b131edcb3a571ebc9

SHA512
26b4bbae461bd53f29f867b6f140406a4c059655d2fac49e44a7e9391d2eafef0d5527ba6858ef28389f2f7054d75f9af1b3af81e577bc734e303c4a0d181ef5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
ab8e01679d7a5982c4adce4d03f9110d

SHA1
262ab29c0c3657cd568a4e90176925179f1fe3ea

SHA256
571b63e532875c842737114da52247150348da8c5a0e8772a623b4b31e054f3e

SHA512
7d6a20a660bc76c7d7b30ef07df31996cca2d9e5e96d15671b106b59148115565e08c0e55b4c47941182d88d374d1c36645795f375c69c5fda0059fc4f36958d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
77ef517693d002327caa2e6cb774a8e3

SHA1
bf167941d03fc92da6744907c922e606c119ab3b

SHA256
849380db86903df1097eb3a40035e67d689b460f980528d75fc6db9e0e12daa1

SHA512
219937270969a6927f87dee8826aa2bb089b651f1f67fd034f6b6deebcc44de5eca390382aab16089713f8e0548aa6c47571dcf01f66edca7764e587661d7118

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
0d4ef15c618f1abc8065c0dad35e1823

SHA1
f9d9f8c6a99ec71f9dc47b1cd162f6d074112002

SHA256
947692bfea87d97a41b6d66d0868ede53d5e9dec78ebfc8ed63f61ba9edbaf76

SHA512
87c3c20d7bcafddeb4a8c6a6688abd9c7890e93346f684d7e8d16a3a1cdd032fcee7698351e19a6b2e8da1d472d5f73596ef25ce8439f4d129d866b4f5787a4a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
6a269700f25f284c8115ed8fc058f41b

SHA1
3f510ee63c9b8520a6323407c51a6a2008619b35

SHA256
8124e7d7c4a120d7c7ef188d21cb02aca8f0135e9c9819f28274941518acef3c

SHA512
5a7a5d58e1277835bd63437de792434e37f1d530f680243a4530bf3f781a10babc0ec43e7bb4c4a5b606a19f61394886041fde24b031ddd182873f443531f910

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
3e003d6bfa505f4ce1837d9f082e5244

SHA1
81ebf37f94bdbac21238f96d3323939ddf8ebdaa

SHA256
72b891c4562a93a58e033dcd264fcba5a7427dada7c22d21ee2aa14844936e29

SHA512
03eab2af8ba7df8317fb0af2fc307ddaac50810a1e47882537544bd23b89d87f2053dc84c53a0b0260bbd527bd73cb341fad6150e42467448ea2a7e524bed703

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
396a29da0e3d66c79ac540e7e2c5d58a

SHA1
2b8ae3db5e388839d1091cff2455017b752de53e

SHA256
d49cd692b33d8ae100714ef7629547fd06d1ee941e865f63e69ca23c469201f8

SHA512
787ef756bd18ddbe8894d5d31df331bdc0d3744c4bf3d0f1339fff2dec5a14659a2dcffd638e68447d2dc605359b0653b03bd0ec2f80fffbb81bc1db2fa3a83d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.5MB

MD5
0c36e773cd109a869a4a0f0222c6cd13

SHA1
64ffbe645f43c90a09584dae0a00c2d11b9a1009

SHA256
99830bfa4bcf3cf53c207f4002d5136aa63ff052588aa004e0367385bfc8da83

SHA512
cd0d2c166a34401ed1d19732236835ec26b3b6a941f7c55cbaf9db95f75fb2f548963b0e768fe244b7e398c522c5929bdfa0423b3e2343b8c91bb1f4125dc970

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
f32e099f6a00ad50fe950e4b6ce76258

SHA1
a4db82e20429aa693df924e2384c186880874b47

SHA256
f5f47ac45b1b3bf256f1718791921e6d637595bff56e607099891c43856a80bc

SHA512
5962b83b2a0c90ba68a823b0762da9e22bd9acdb4de05c5ca86dbc9aadbec1ab5f5dc7f484bae732a590c3eb28eae399f8fb5affd1eb751b159b991a17fc6e89

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
55c6943370cf03438265a61f5fd516ac

SHA1
8a28cc001052d0c67b1013eac55892bdcb112007

SHA256
e03e53d67689224ea7f50d26efe8eabdefc9694ad9897ef357f2bf98a87a30a0

SHA512
51e2988db4ce03442f94de42487c8d9dd792d77ad461d8bb96659d021cb532a693f00fe1cf15590525ed6de7c4c87766a952febe9fbdeb207050980005c487ab

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
dc3cad8419fceca403445ce8713dd3d8

SHA1
61e41b9535a8999d2774d86504d14f306c7929b5

SHA256
39c094702f53e761bf758881269f8ce991a29cf11458036c460663bbc82056cb

SHA512
435e73819ebbdbd0efc72651bc32eb3635822df224364863784e1634e3a936f8cbaecc935d5ef6fcb6c99c8ee14fe7bfbaf1c1adf716cddb13b423185acbb197

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
00ef5c99b8ba11485bbaef2ffe5f9de9

SHA1
65a8b94cbfffd9f506e05736a9c1615cc6d325b0

SHA256
964da59c49820f53e6d65bfafc4dbe62d050a148893900866291284ed17bc528

SHA512
8e2141e668323bcc798761c4bab54a1b0a9ad14cc9996a902484cc6c796e3a13d46442b1392864b000dfd7902e5f4325112568da73dd72be175b8550d531aebd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
acf5c3be352d359ae384ccc0b9296bae

SHA1
05dbbec6e46a5c387cc7348298e6af78d224e7f1

SHA256
75cb8fa0917c53a21b78c167278da20e2333bfb30d5f06512615f971c228a97a

SHA512
d6fede604f1fac752bab1eaa89a018ce5d5a097332d5e0703b177e79c63b264d2c07d16bdd149a153774f40a3156d4bc569ed4800ea2704c69f5793f92114131

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
5abda539cccdf5de7a03b0117810f0de

SHA1
889f159dd51aa9f0e7c60914eb654ef123da61d4

SHA256
060ff7f9f6f27961787b02eb666dd4548034c933bf506e909cb6922169116602

SHA512
4c473a743f1f0ff92da35b5ab9b21068a21bf2f1f6dfa4267deef50d1103ca7ac64f87cdbad5ac088148d08bf5ea9fbf10b776ada01c55b19ac686e10ca99ab3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.5MB

MD5
b3c7b9ddfe6f4c49dc203b88ee1b2f75

SHA1
0d74b3f1837801ee1d6e29b0bb93ed316199920c

SHA256
e29feda3ef03a00e4de775687b38855d017c3e3adf2bfedcd96ebb070d1f41f6

SHA512
4e9ff4b24cb9121d0638864d90504eb410cce7b294416891ba67a81b042d122e6a5e1093c4d196e85cd91ab4bbe1ca8d575a144f8187f1174f729d63de72ba9f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
88991f31ada5f7c4bd28aea75eca9570

SHA1
5d93aeb882f65694e25e349a043341134d6a78b7

SHA256
928e336049ded20e031cba528b266a5ceced5d3f3cd87a9096d0f5ee5565aee5

SHA512
a7dabd658e647f66b93b5de91898a5f602fcd231585b0501633f9e1f1b682361d515d27f9503222aa99f36470b33c9928d9b3c8b0f5a797378c4cecc0746fee8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
d23fbc4c05704d61250bcf6af0b22518

SHA1
2f6cf446998ca3face4df969ffa992c10f11dcbb

SHA256
1544ae64dfc521065e6de75e954abe8752d8ec9bbd402cf364ced412c7fca9d7

SHA512
94e46be496c1658e177d9d2a14f39479d8c877ad0d70e534a106c0ba9c89dc2272eac0ff73b083ee0ed118d143c730bf54e76613921f26b177bfc10a25cad5b1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
4c847a862e4b40edbc2805992bc88f3a

SHA1
f4963057f2f7f5cf96080d4db1a553ce2394d7cf

SHA256
71e3cc602b161d4b770c09448720d47b3a6fd1870cb787da242203b02fec59e8

SHA512
88522d78771eb0cf2f8236a633fad9b74246a75f832f1b6b203fc0753564590ee6441ebc1914a6c4beca43ae008b59038a2a06924e645a3746691bf0cba4ab1b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
cb54995a625c3111c7612ebcb8fafb87

SHA1
8900a06e5723de9949a43cb0ee1a898c819e56d2

SHA256
e97525ed013954a9ff65f3bc9e54c61944b06bdd40965351aa1b449b883a7864

SHA512
db971e8a752e28a52381d32fe6e4b301c874b5cba144631668c9a61a0a76889b532360cbff0960d37f81a22a5db62ba1bc96f5a43a52c84469c18d6f05a6a17e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
1bd8b1ed5e96b8641ee3252441cf5301

SHA1
e87c21f1a5cb52a58ca090a449902f17643e71fd

SHA256
be60a6f0a787447848c083a5e904a8c0ccb8273e086ffb4e0252d1078b5a1660

SHA512
99af20b2375d8e7e965fc23421ac091ad35a96be6f016afb9e23e9acecfe13e125a0a69faab3d4122b24a3f332fc51c0fe6be1e9f526808dc3c23849c09149fe

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
398fb2f47fa6ab34ff3ce4fc109d25a1

SHA1
2c40d1e76c3e65a36ae0ef619ec35236b3f5455c

SHA256
6ec30d03a06f263870162382a46745d2ad4cb104022dd447727c98c7e60b9e89

SHA512
41eca740cf4bfedb41cf969ccdacfb2f60cd6a9f37bb9f0b436607bbbe41c8e06bcc9c3ef03fc350b19eab2d0022aa7af797b5e9af54edd0a4d1eb354712df91

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
189a4830d2bcd09eebb45c6db3651437

SHA1
5ef231a2871a972bf1407f149f78e11ecff8509d

SHA256
0bca5c07bb005a27fb9dd164fa07835cfca5922b00220a16f9c3d0a52872e7cf

SHA512
fa9ae82d88401b4f6afcbba8d79fe7a8dd1d4c8f7af5f88aaed189964248341f569765799d5abdb6f2ecb775c40ad5017b046214a450a329f18910e8b6ac1c4d

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
6dcb8e0d13d586b7941d88ae287be335

SHA1
699cc378c12039680ecef0f90d6d2ecaaf99587a

SHA256
b8aa1684a854f20ede8b34e2deef050f5c5f2dd6e0800688e58e9d527452cb9b

SHA512
e83944b37a49d545f1e6bb7a5a36f41c6cef9ea28f4433539d49cf7323fc94081b26fc132c915f495f22175027ac7830f822009698cc9d7995cb56553f2a2de0

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
10a7e90446947fed8f7894c7140fe3cf

SHA1
90482dde16594caa00dde10346d99b25cf62bc70

SHA256
53cafae9f5c5b95cc91f2b3831aaff751cb4da0f7776476828ebb08f627d7f98

SHA512
db3176c63dcd69a0df55cb309427d1eb8b9a9a605a06a4a68dee41c0455d226ce4bc38af5d0ec7a7be4588c4c9d671cc125a9da3da00d826e36c7e17fdffa421

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
e741e23d3d62287c5c598552dab2d830

SHA1
ba1015182caecd7959e444b35a11fc53245a6f6e

SHA256
b1e6d33876d991027bb53c59f401e8c1478b1607978bdfcaf697ebdeb41c0a4e

SHA512
71d93547b781a3f3daf6f898c87dee4919da056367dbf11c57efa81537b5ad3bd7d0c4b18ca370a0798124714716985d334b88357bba0c1d2886d8bb40138e4e

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
4b712917520b328073ef2e27cd6c5b84

SHA1
dda22a63ac27d6f1f53493587fb3f5ea1feff918

SHA256
8c14c444733abced6ea05263dd143c13a063e1aa9b667e918528145624001ff9

SHA512
829bc47936f900d03e49eb977ab25904d0946a63d197683fb3bcd74996f79cd75b330a4f072bda6d39d8112c646d7aa8e8d66d4392d724c79e8479e5d8ed0ad2

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
42145ff3042d94b1c6022997e86057dd

SHA1
bb2012b9c3bc628fa9e2cd3375c2657406fdcbc5

SHA256
3ab7e7ae90dbf4bea41d9debc053aede6b6fafe9ce778605eb6da371c608f8ae

SHA512
4a79ac31088cc7d9ee81e3c9d2f0bf0d92e58c127fede19ef2871ce6aaee7fac27814584a28cf6abbf2bcbb2e613dbc833d6b7e57dc654315e124650b4702947

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
693231337fbb5d06b90d15dd8db92edd

SHA1
1a09da2c8584c63bb269586b9f2881dbd6d74ea5

SHA256
d81404f7401d2c0993c2bbe7233c18ea57cdd8e7e8903064cbc0ad228470f939

SHA512
766cee9faf69e6adc28f36d576ed345c659da095a950d0fac6faa566204aebecc804f02d9cb6f09740a60b0dca6ddd4e78d320b72c3675ebbace62cfab171006

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
b05f9bbf23d6160b1cf39a25e4edf185

SHA1
48f27fe50bf3176361e1f4c68bba628a93c0c1be

SHA256
3b8d2bf162d6a27228d59f2e42742c22444e7323d6f5934f21fc957c3fffad38

SHA512
fa60a8015610462a90dd9cb71367504a8e85ffdf8ac8efdbd2495f878dce3504a1f32738d8948732d8b9af3611d0ebbb8fb46025746fc66b61585c583b078d85

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
a5976b48a804c58364e7f373b2121e9d

SHA1
2c7fe535601e312ae00fe66db5b104327d0450a3

SHA256
43b11ef23b10a247b039f0f586070b608495ee4791338d8bc602e00ad7015fa4

SHA512
e3fa4e3d1128bd7527243a73e58c4d39c6f31e05490568f6fd9fba45147948a860bc44d767a57bcfbcf9ed36d9341bc81bd2bed686627254f45bee140d30e2b7

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
35a8ada61214b72ba9abb301c1f9e8a2

SHA1
4bd88155af26f01ab781f667a1896ae5382c3754

SHA256
74b863af86fe9667728ee1443a3f6823cf762db0fe154284eac534aef5464609

SHA512
b8fcc6d67cdd1f0b3f37250fd06f75d6a7e0aa3c8428f40f7c3df5615b7b2664c58f933b2020faa5eb6e2d140b5e6ce2abdc4af8f6f4933689ce245f99fb8e8a

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
07828e253639f71f8f8e401340cf0b52

SHA1
79c0f003a3812d847879ce5a81b88a2d9886dc33

SHA256
04b601b2f9bb68e0b5e0ec7f83220842016cb0e44d814dab9104be46a4d6f3ec

SHA512
fd57541542758696519b7ed4af33fc2ffd437434964c8802c1d46748d41112c71c7c635b5c482ed6b4a2cebed7b667d564561d52aefbe6f8f73d80de15799c88

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
13dd04465cb27afa069b0660384fbb2e

SHA1
0e7f6cb4d90c833c0110c5eac533eba0f4d03482

SHA256
e59b8cf0eb74690e54d2aa1b6b9b9f29a744afe6a4bb9b184f9c78edc29f1b5b

SHA512
eed5c635c6d39aa4c0db2674515e147bb90ed9a250fe0de1d2097a227e5593c7bdd5923578c3e3c1ee9a125abe0e26cd454f5cb371bcab2b8f552244ced5c025

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
1d2943dbf32f4e92a70aa256f5e5e3f5

SHA1
d70ce8f3cc2affe00a38fccea16d8e2159f8f1c5

SHA256
b1483c59bf21572c439a611171d9edec4a0ce00e8643e1e3643df70f27151adf

SHA512
15f41222847bef5565c39e6e62ab8613fb98d7d26743ace44a5abc78179dba13b984ed119a256c9264ae29b5ef7b62c9f527932f8209596c658448ccb875857e

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
6304d40be6ed084f645e188a2fa6ecec

SHA1
6cafb37b3c053322da2189e9cd4e1ec9cbd6e92d

SHA256
1e589213f128b94d20244b428e7be5ee5ad903b67dc1173cfb10032d2ec02637

SHA512
d88f07fcfe5de55647b1f8441c21bb06a1a82cdc93fc95ae6b74ee1421c0487b43957a97b6f4998601eefc119f4482fa9fb6b6db020ba96dbbfecd83d43be5ad

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
a869405cbf61ecf36d2da4634a2f9093

SHA1
f2adf942789c42e02ac6a7f89cecf426f497130e

SHA256
59be1ba915147277698a74ae78a7696a06114f23af3b71f32fb1d58d115efa37

SHA512
eb04db58ad34163d7b1b35ea31c38372a2f4ce13099e17f1404d1147c319ab0f3207851d75975919149dda33a771ae2c854f042e44c83de143e28901f977b798

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
d933aa992734c9893a5c11dbd1eaa6c2

SHA1
dbab6d985244bfb79e5139d7856f07126df866cd

SHA256
1a3dc3c0201b54a5e34a824308fc1af4e5519b4c44c52070890db6055e8c57e5

SHA512
27b62c2d27be876e7d912f62f44e95bcbf42236aecde59e748b1af0a7246aa422a8262233141be09f109b9e65a8170943a2dad5d41bc9dd6a7de7fd97c4c0932

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
f35eb79920ac5b0134534be1d4f1ad85

SHA1
d02e27b0f750d4e66782daae4bbbe180ec85152b

SHA256
ff58385fe442fae032e6147c8f7b63af177968dafed8faf830d07664fc87fcf1

SHA512
f11e172480ee36ea7049ec2ee3fb2a758236dc313d2917bd590821df3224ad3378109f3f273c58e0152924e70e6369fd2dbc79429bbc8cc1a6224ba20e2f4ecd

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
afb7c0f3a8320f6cfed96f9e8c203458

SHA1
ae64f8218b7dd955b62d238b6a966f5a7175a3b4

SHA256
60e4d56da62d9a4c92971b5b4f34d1ef6372133ef2ef8719eef74a93865fe474

SHA512
97475b6c53c8a257fbe9aca79e9a551b92035c5667e271bccd5c42c020839f6127e9880e260d8dab09015dd89b1fabe3d1daf335c02e01fdfbb6d6901f16ad37

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.4MB

MD5
dc8a5d8cedcabdfd1bda25c964a9f641

SHA1
0402961ac5d50f30e3fb3f149bcf313bf667d91d

SHA256
3518362bbcc06647914326122a436c38283fbdc2df92e4fea507caaa7de7552b

SHA512
2ad42eece16b1908669ef436c1b625b0502b10e42a0560f0a16f5f376676d486ef3a42353ed7fc97db11c75b2a98ace769411c1eca50ae5cf7956f426130e938

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
29089f8a1c10e5c5691294f34b299da9

SHA1
fd1f9ffc6914bc35670c1117d8b8ebbfd0087695

SHA256
cebca1aaadf511893bc2205b2900cb4f643c85f21ae3c3ee98298768174bda86

SHA512
647548e57a78aa27c4391dcac3cc1be6387c113d0a032c5683ac2289ec2bab6cfcf3b49ba2945d51002138d32224d66a15ab891fb05508025528fc41b22bbb35

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
07d15e357e72b09c2c5a4114e9e0a61f

SHA1
f0dc1ce9cc30f660f89821baebc78138a8790e53

SHA256
58cea8eb469e6ab254e3e1c533e4be6c9161f21b589280b6a3b3b9c226a51b54

SHA512
f74ad0f384f4a1aed948120891f75758489c7d2cef066e11be05d84988489a36f279f07aebe354025966d395c8675549f99b1c0d550641c21c2abfd4432c540c

Download Submit
memory/216-412-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/216-421-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/336-555-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/336-408-0x0000000000C60000-0x0000000000CC0000-memory.dmp

Filesize
384KB

Download
memory/336-401-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/396-425-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/396-433-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/536-371-0x0000000140000000-0x0000000140182000-memory.dmp

Filesize
1.5MB

Download
memory/536-437-0x0000000140000000-0x0000000140182000-memory.dmp

Filesize
1.5MB

Download
memory/536-378-0x0000000000880000-0x00000000008E0000-memory.dmp

Filesize
384KB

Download
memory/640-339-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/640-398-0x0000000140000000-0x0000000140136000-memory.dmp

Filesize
1.2MB

Download
memory/640-328-0x0000000140000000-0x0000000140136000-memory.dmp

Filesize
1.2MB

Download
memory/804-1-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download
memory/804-14-0x0000000140000000-0x00000001401A3000-memory.dmp

Filesize
1.6MB

Download
memory/804-12-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download
memory/804-8-0x00000000008E0000-0x0000000000940000-memory.dmp

Filesize
384KB

Download
memory/804-0-0x0000000140000000-0x00000001401A3000-memory.dmp

Filesize
1.6MB

Download
memory/876-381-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/876-324-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/876-315-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/888-46-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/888-235-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/888-39-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/888-40-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1048-460-0x0000000000880000-0x00000000008E0000-memory.dmp

Filesize
384KB

Download
memory/1048-452-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1108-244-0x0000000140000000-0x0000000140149000-memory.dmp

Filesize
1.3MB

Download
memory/1108-311-0x0000000140000000-0x0000000140149000-memory.dmp

Filesize
1.3MB

Download
memory/1108-250-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/1600-271-0x0000000140000000-0x0000000140159000-memory.dmp

Filesize
1.3MB

Download
memory/1600-280-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/1600-337-0x0000000140000000-0x0000000140159000-memory.dmp

Filesize
1.3MB

Download
memory/1680-254-0x0000000000EA0000-0x0000000000F00000-memory.dmp

Filesize
384KB

Download
memory/1680-256-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1680-264-0x0000000000EA0000-0x0000000000F00000-memory.dmp

Filesize
384KB

Download
memory/1680-268-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1680-269-0x0000000000EA0000-0x0000000000F00000-memory.dmp

Filesize
384KB

Download
memory/1856-67-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/1856-238-0x0000000140000000-0x0000000140170000-memory.dmp

Filesize
1.4MB

Download
memory/1856-65-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/1856-72-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/1904-558-0x000001CE21260000-0x000001CE21261000-memory.dmp

Filesize
4KB

Download
memory/1904-559-0x000001CE21380000-0x000001CE21390000-memory.dmp

Filesize
64KB

Download
memory/1904-556-0x000001CE21230000-0x000001CE21240000-memory.dmp

Filesize
64KB

Download
memory/1904-557-0x000001CE21240000-0x000001CE21250000-memory.dmp

Filesize
64KB

Download
memory/2304-16-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/2304-23-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/2304-17-0x0000000140000000-0x000000014014A000-memory.dmp

Filesize
1.3MB

Download
memory/2304-227-0x0000000140000000-0x000000014014A000-memory.dmp

Filesize
1.3MB

Download
memory/2548-28-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2548-29-0x0000000000DD0000-0x0000000000E30000-memory.dmp

Filesize
384KB

Download
memory/2548-35-0x0000000000DD0000-0x0000000000E30000-memory.dmp

Filesize
384KB

Download
memory/2548-234-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2828-411-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2828-341-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2828-350-0x00000000004E0000-0x0000000000540000-memory.dmp

Filesize
384KB

Download
memory/3400-305-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3400-312-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/3400-368-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3412-295-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/3412-288-0x0000000140000000-0x000000014014B000-memory.dmp

Filesize
1.3MB

Download
memory/3412-349-0x0000000140000000-0x000000014014B000-memory.dmp

Filesize
1.3MB

Download
memory/3768-299-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/3768-364-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/3856-390-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3856-396-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3856-395-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3856-383-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3960-51-0x0000000001A70000-0x0000000001AD0000-memory.dmp

Filesize
384KB

Download
memory/3960-424-0x0000000140000000-0x00000001401A3000-memory.dmp

Filesize
1.6MB

Download
memory/3960-365-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/3960-50-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3960-57-0x0000000001A70000-0x0000000001AD0000-memory.dmp

Filesize
384KB

Download
memory/3960-60-0x0000000001A70000-0x0000000001AD0000-memory.dmp

Filesize
384KB

Download
memory/3960-63-0x0000000140000000-0x000000014016B000-memory.dmp

Filesize
1.4MB

Download
memory/3960-356-0x0000000140000000-0x00000001401A3000-memory.dmp

Filesize
1.6MB

Download
memory/4052-439-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/4052-446-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads