364fc17b5d2661de3f7c6db7bbfb2cd35750aefe28f186631a9dbbc6efab3c4b

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
Size

705KB
MD5

e8fe3b743ba871db4af68f7fd3911fc9
SHA1

1b7637356c1eaf4a880ad6a92c3e800238450e47
SHA256

364fc17b5d2661de3f7c6db7bbfb2cd35750aefe28f186631a9dbbc6efab3c4b
SHA512

612f626fdce3be514ec02edeed5ca688ab083f71c237ecd4b1e28151ff2a19439cf0de0669c4fa2d637074ad960c5f645680ab3641854fb5ae658617d1833d2d
SSDEEP

12288:sDJnJM4OpSpnO8kTZl0OvkDfxbdQ44XzsJDdYtsE0NxEmb:wJnJM4OqTW30hRdthS+pF

Score

8^/10

discovery evasion trojan

Malware Config

Signatures

Disables taskbar notifications via registry modification
evasion

Executes dropped EXE 6 IoCs

pid	Process
2684	alg.exe
3024	DiagnosticsHub.StandardCollector.Service.exe
4988	fxssvc.exe
2424	elevation_service.exe
4904	maintenanceservice.exe
4004	msdtc.exe

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-817259280-2658881748-983986378-1000	alg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-817259280-2658881748-983986378-1000\EnableNotifications = "0"	alg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	alg.exe
File opened (read-only)	\??\N:	alg.exe
File opened (read-only)	\??\W:	alg.exe
File opened (read-only)	\??\Z:	alg.exe
File opened (read-only)	\??\K:	alg.exe
File opened (read-only)	\??\L:	alg.exe
File opened (read-only)	\??\Q:	alg.exe
File opened (read-only)	\??\Y:	alg.exe
File opened (read-only)	\??\T:	alg.exe
File opened (read-only)	\??\U:	alg.exe
File opened (read-only)	\??\V:	alg.exe
File opened (read-only)	\??\X:	alg.exe
File opened (read-only)	\??\G:	alg.exe
File opened (read-only)	\??\M:	alg.exe
File opened (read-only)	\??\P:	alg.exe
File opened (read-only)	\??\R:	alg.exe
File opened (read-only)	\??\S:	alg.exe
File opened (read-only)	\??\E:	alg.exe
File opened (read-only)	\??\H:	alg.exe
File opened (read-only)	\??\I:	alg.exe
File opened (read-only)	\??\O:	alg.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\system32\fxssvc.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\msiexec.exe	alg.exe
File opened for modification	\??\c:\windows\system32\spectrum.exe	alg.exe
File opened for modification	\??\c:\windows\system32\openssh\ssh-agent.exe	alg.exe
File created	\??\c:\windows\system32\kclndhck.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\Appvclient.exe	alg.exe
File created	\??\c:\windows\system32\ljlighma.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\tieringengineservice.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\locator.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\vds.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\alg.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\Appvclient.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\searchindexer.exe	alg.exe
File opened for modification	\??\c:\windows\system32\msiexec.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\Agentservice.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\vssvc.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\dllhost.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\svchost.exe	alg.exe
File opened for modification	\??\c:\windows\system32\lsass.exe	alg.exe
File created	\??\c:\windows\system32\perceptionsimulation\mlhknemg.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\sensordataservice.exe	alg.exe
File opened for modification	\??\c:\windows\system32\snmptrap.exe	alg.exe
File opened for modification	\??\c:\windows\system32\vds.exe	alg.exe
File opened for modification	\??\c:\windows\system32\wbengine.exe	alg.exe
File opened for modification	\??\c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\openssh\ssh-agent.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\msdtc.exe	alg.exe
File opened for modification	\??\c:\windows\system32\spectrum.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\system32\glfbjkdp.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\syswow64\ichnhogd.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\system32\aldigjoq.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\system32\diagsvcs\jfpcmjlg.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe	alg.exe
File opened for modification	\??\c:\windows\system32\tieringengineservice.exe	alg.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File created	\??\c:\windows\system32\lpjgoajc.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\system32\openssh\fmdihaaa.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\fxssvc.exe	alg.exe
File opened for modification	\??\c:\windows\system32\msdtc.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe	alg.exe
File opened for modification	\??\c:\windows\syswow64\perfhost.exe	alg.exe
File created	\??\c:\windows\system32\ndakqqpo.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\system32\kooqkckq.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\vssvc.exe	alg.exe
File opened for modification	\??\c:\windows\system32\sensordataservice.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\system32\nadimapo.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\sgrmbroker.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\wbengine.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\lsass.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\dllhost.exe	alg.exe
File opened for modification	\??\c:\windows\system32\locator.exe	alg.exe
File opened for modification	\??\c:\windows\syswow64\perfhost.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\system32\adoogekl.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\system32\jbbejmda.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\svchost.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\system32\olekjjkg.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\system32\lgcjgpeg.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\sgrmbroker.exe	alg.exe
File opened for modification	\??\c:\windows\system32\snmptrap.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\windows\system32\cbkipkch.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\windows\system32\Agentservice.exe	alg.exe
File opened for modification	\??\c:\windows\system32\wbem\wmiApsrv.exe	alg.exe
File created	\??\c:\windows\system32\ekohegic.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe

Drops file in Program Files directory 25 IoCs

description	ioc	Process
File opened for modification	\??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File created	\??\c:\program files (x86)\microsoft\edge\Application\122.0.2365.92\bnicfhgh.tmp	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	\??\c:\program files\google\chrome\Application\106.0.5249.119\elevation_service.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\program files (x86)\google\update\googleupdate.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	\??\c:\program files (x86)\microsoft\edge\Application\122.0.2365.92\elevation_service.exe	alg.exe
File created	\??\c:\program files (x86)\mozilla maintenance service\chlpnplk.tmp	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\program files\windows media player\wmpnetwk.exe	alg.exe
File created	C:\Program Files\7-Zip\gkooamha.tmp	alg.exe
File opened for modification	\??\c:\program files\google\chrome\Application\106.0.5249.119\elevation_service.exe	alg.exe
File created	\??\c:\program files\google\chrome\Application\106.0.5249.119\pamfjaon.tmp	alg.exe
File opened for modification	\??\c:\program files (x86)\microsoft\edge\Application\122.0.2365.92\elevation_service.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe	alg.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\source engine\ose.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\source engine\ose.exe	alg.exe
File created	C:\Program Files\7-Zip\jgpijieg.tmp	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File created	C:\Program Files\7-Zip\nccafaqk.tmp	alg.exe
File opened for modification	\??\c:\program files (x86)\google\update\googleupdate.exe	alg.exe
File created	\??\c:\program files\common files\microsoft shared\source engine\eqbhpnmm.tmp	alg.exe
File created	C:\Program Files\7-Zip\lncjookl.tmp	alg.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe	alg.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe
2684	alg.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	436	e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	2684	alg.exe
Token: SeAuditPrivilege	4988	fxssvc.exe

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer	alg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAHealth = "1"	alg.exe

C:\Users\Admin\AppData\Local\Temp\e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e8fe3b743ba871db4af68f7fd3911fc9_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:436

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Windows security modification
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:2684

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:3024

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2876

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=2264,i,7994609493164365963,13212734413040148104,262144 --variations-seed-version /prefetch:8
1⤵
PID:2968

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2424

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4904

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
613KB

MD5
9cd6a7692db1f8a4d3358e18a4d76f05

SHA1
dcc9f38ce4bb77f676be820afdd35b393a871e7a

SHA256
1d8fc288b10b23f4a80cc6e46f57a5fa7a2d9a08e291637a343a8b8dc23d10af

SHA512
5bc7330bb2c2a3b09edd781d3f8735f4b42095e4853efe0c25f5073b30a94b0cfde2675968b64bedfd0daa1587fcbdebbb1244af0c901cf52c373031579bb286

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\pamfjaon.tmp

Filesize
2.0MB

MD5
8addea4cfb500c899aa2ae828f129b1f

SHA1
58855af6248217b1858693a4ed1b93974a78fa2e

SHA256
43bc324b7175236e7f09f92cc6c6cb790a8138bff667b7263ef12f3fe109fc5c

SHA512
21f4756d644d6bc52430fc027c6c79e06e6cbc39f69a7f2014eae1e07ee11fdac6dec0b0a8a03ffb833f63b3a09e0d789fba68c395cad8832f0b359e847023e0

Download Submit
C:\Users\Admin\AppData\Local\ejbadcak\fgmmenae.tmp

Filesize
678KB

MD5
d513a95cdb04146a444ee91bf8603746

SHA1
1fbeed15ef7fc9c46fef0d00fe5a048934cc981a

SHA256
65d047778f83c6c5fab256ed823ca70f09726eca461cb10065920eb07c0060cb

SHA512
c0cbbb50d84dffac610ea41edd847c073ec6e20d4db0138ae7acc2a4f60e1c9ec461f344af28a42605d0ff9c3f3a785e88061a20bcab87702de95aa08fa14213

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
487KB

MD5
61ae9a79a0fef315c4f0e8899f3aa881

SHA1
210248948bc0f66203b225c81e4b53098e9e07aa

SHA256
1248b256624ca11866ed7e53ad154005fc2078a645e167e373027118e0f87ffb

SHA512
b244bffea5c2fc13361637c28e6b3e38aabb29ad3bbb9b1e1763c829f10db93abbe1692dce9724ffd9a9938ebf9d66f6b7520b1301e5ecefdba2c040b280dfab

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.0MB

MD5
67fa8a72320e54233cb5301a9d0197cb

SHA1
38929744e392952b638c9fc7f23fa88be49e6f88

SHA256
eef248835dbb824995aaf7cab0639b3f3a58af29a0cff1839fab46250a919580

SHA512
a76f967577933a6d49cb81a4830216b0ed96e77622054a290d6713c3188ccbe5e9e987c33d5bc110f32a944d91122cd9209c17ae00a210b48baf72afc1c06204

Download Submit
C:\Windows\System32\alg.exe

Filesize
489KB

MD5
931d40a2fe674d37ff09287fa3053c00

SHA1
c68fc53977ddd329b23807e20608c24074a7d821

SHA256
973ac0cab1bc4f73fe3a33bdf1a2a613832976c678964caff0fae184c7f50577

SHA512
71edca57fa24b39be0702a8e1ef580db4b1dab3e95c930d8d3b35374f4ef54b60fb8be7ea9edfe936563480df71ff867ee6eb7174f9700459a9036a2ac39b1e0

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
540KB

MD5
b134fcb8eb27a871875cc41ec5acb3bd

SHA1
a0c0eab7e6c71199044f1c85f4c6e0341a18032e

SHA256
9cd0d779e828d7d8a44846aad1d1872a14ad013a37f111a3d3814cb82046df60

SHA512
0119e1f3561201aef6dd9fda7b11a27a0175a6e93604b2051be0abd5c82d2dbc33fb68a2e46bf1e17fc8838c309533e0e9dd9277ee0ccd704bdbb8fd098872dc

Download Submit
\??\c:\program files\common files\microsoft shared\source engine\ose.exe

Filesize
637KB

MD5
a4b9526162d48e76c5977b25470ee75b

SHA1
01fc63a66c0440174b562ff578a59dc9855f4c58

SHA256
7cacdb98eba7a47774e5545069c01347c2c1aa34349bc674c9f59a9d3da63c77

SHA512
4deb9191d62ecfc9bf607853e752eeec147cfc8c4a42ba95029272f2a1ce0e168db1edc22754b4c587c468b73cf1345423ab5b51e54e7d860baca1fa935d16f2

Download Submit
\??\c:\windows\system32\Appvclient.exe

Filesize
1.1MB

MD5
5f725a491d7af18e97501fcdb5664113

SHA1
e0870b8ba7a186274097e1b12f34556f0bceff74

SHA256
5388c0bceb32ae7368bc803da1ec0c8c0cd0dbd5af07f51a88f3f75497272914

SHA512
4c39886807259d75fbf134f8fafa44c79a5fafe011b131a4f0710680e7482c18f530ee18d8c6fd5a858214a22a4246c5ac81ae035ef9b167b96a129d7a2d443a

Download Submit
memory/436-17-0x00007FF6BC800000-0x00007FF6BC909000-memory.dmp

Filesize
1.0MB

Download
memory/436-0-0x00007FF6BC800000-0x00007FF6BC909000-memory.dmp

Filesize
1.0MB

Download
memory/436-2-0x00007FF6BC800000-0x00007FF6BC909000-memory.dmp

Filesize
1.0MB

Download
memory/2424-50-0x00007FF628CC0000-0x00007FF628F21000-memory.dmp

Filesize
2.4MB

Download
memory/2424-93-0x00007FF628CC0000-0x00007FF628F21000-memory.dmp

Filesize
2.4MB

Download
memory/2684-70-0x00007FF606140000-0x00007FF606213000-memory.dmp

Filesize
844KB

Download
memory/2684-24-0x00007FF606140000-0x00007FF606213000-memory.dmp

Filesize
844KB

Download
memory/2684-18-0x00007FF606140000-0x00007FF606213000-memory.dmp

Filesize
844KB

Download
memory/3024-32-0x00007FF6C7050000-0x00007FF6C7122000-memory.dmp

Filesize
840KB

Download
memory/3024-87-0x00007FF6C7050000-0x00007FF6C7122000-memory.dmp

Filesize
840KB

Download
memory/4004-77-0x00007FF754E40000-0x00007FF754F22000-memory.dmp

Filesize
904KB

Download
memory/4004-119-0x00007FF754E40000-0x00007FF754F22000-memory.dmp

Filesize
904KB

Download
memory/4904-62-0x00007FF6E2C80000-0x00007FF6E2D74000-memory.dmp

Filesize
976KB

Download
memory/4904-64-0x00007FF6E2C80000-0x00007FF6E2D74000-memory.dmp

Filesize
976KB

Download
memory/4988-48-0x00007FF7C4880000-0x00007FF7C49DF000-memory.dmp

Filesize
1.4MB

Download
memory/4988-46-0x00007FF7C4880000-0x00007FF7C49DF000-memory.dmp

Filesize
1.4MB

Download