cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
Size

625KB
MD5

a833081033be25dab5419209fd333d4e
SHA1

5f26f29c8ad182ed70fefe3144e0ab1a797f1a50
SHA256

cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82
SHA512

51b481c0b690b05b71465af526c702c394486e0bd538c06420ffbaf5180ef3ca870c407957c055b45bcd3fe864fae6a3171dbf9048ca73c286cea620ab11e1a4
SSDEEP

12288:z2SGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPhn:C1t/sBlDqgZQd6XKtiMJYiPUn

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 19 IoCs

pid	Process
4836	alg.exe
1392	DiagnosticsHub.StandardCollector.Service.exe
1532	fxssvc.exe
468	elevation_service.exe
2372	elevation_service.exe
1896	maintenanceservice.exe
3076	msdtc.exe
4804	OSE.EXE
2524	PerceptionSimulationService.exe
1636	perfhost.exe
3000	locator.exe
4588	SensorDataService.exe
1200	snmptrap.exe
2604	spectrum.exe
2856	ssh-agent.exe
2756	TieringEngineService.exe
4832	AgentService.exe
1604	vds.exe
380	vssvc.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 34 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\dllhost.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\System32\vds.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\locator.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\vssvc.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\System32\msdtc.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\spectrum.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\AgentService.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\d27bae1812d07ad8.bin	alg.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_91140\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1392	DiagnosticsHub.StandardCollector.Service.exe
1392	DiagnosticsHub.StandardCollector.Service.exe
1392	DiagnosticsHub.StandardCollector.Service.exe
1392	DiagnosticsHub.StandardCollector.Service.exe
1392	DiagnosticsHub.StandardCollector.Service.exe
1392	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3304	cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
Token: SeAuditPrivilege	1532	fxssvc.exe
Token: SeRestorePrivilege	2756	TieringEngineService.exe
Token: SeManageVolumePrivilege	2756	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	4832	AgentService.exe
Token: SeBackupPrivilege	380	vssvc.exe
Token: SeRestorePrivilege	380	vssvc.exe
Token: SeAuditPrivilege	380	vssvc.exe
Token: SeDebugPrivilege	4836	alg.exe
Token: SeDebugPrivilege	4836	alg.exe
Token: SeDebugPrivilege	4836	alg.exe
Token: SeDebugPrivilege	1392	DiagnosticsHub.StandardCollector.Service.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe
"C:\Users\Admin\AppData\Local\Temp\cbd7bac157b6055817c99402a1c482bf04e70db4faf34cd52a48a9ac4c111f82.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3304

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4836

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1392

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4680

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:468

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2372

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1896

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3076

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4804

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2524

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:1636

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3000

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4588

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1200

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2604

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4768

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2756

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4832

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:1604

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
2d7f2180673a7d2af5aa9193ce35caed

SHA1
c576b126ccb9c012c66bf1b8d2d00e0748a4d3b1

SHA256
f084172e62b5c06f44bef65daced11584f99a39fa11e4da573aa4c22dc68cf73

SHA512
d3f0934d6687f1f21b7551af0dd5feb7c8010f59f4030e9b4e6f18a5a5cb13bd5df7880584e82ae666ac8564868978af6acda8ecab38a480e6492c142cab907b

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
f2f96450225814ca78c14f7eaa682a79

SHA1
d4816d638b9aea7356b33bd680740aa16687083a

SHA256
682ed6c8d15a4f3d51df6daa8370db8d98217e26b2f3d6860d1649dd86893f9d

SHA512
48dfb890d5c841a95a67c558894936b37ea37abe8a707598e24e28f33014afb6f77291f786727eef99fadbb8d6bb30a14d62587229b96f79a759c2adea31bf3b

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
437cd7d012485265bbec2cfb36bcb491

SHA1
7f7e766f4b161e33ee6549405a38e8a99cedc487

SHA256
4d70a95249e37ada878c4abbef04fd0f49718d9f3aee60e473f1f2937b04fc37

SHA512
9581e353c5300d28920a5bf920a6a0302a9c2d98e8875085a9a33d07b57cb2827bf53ea3746f3cb75f8920abd02c8d5581b63f98c987df39e436c2650d7ef51b

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
4f120eb329501fa51c8d7f825be64ceb

SHA1
068b5407a7e8d5ca8bb0e30cbacf96e1c80bcea9

SHA256
6f5cb1167fe388bebd52d9df3ac9146c70939944e22cf78a654d8513e5295836

SHA512
fa194e7bdd390c0790a8e125737c49c4316f7214ae9378e19acae901573e3e29d1b7710da27d6f3cf7d23689859631fb6759b74cc681be2caabcc672524ed5cb

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
432ba35561da6996037d4c1e7eae5492

SHA1
29ce9e78139c5b136ad60e018a66b3b28cb4d694

SHA256
3c91102e4476ae3321846b3f3762312baf3247b3b30b033ff0df4e33daed5a53

SHA512
ea0073a70a2c17ebe353f2c048b6c4db8d245d0c59ca76ef3b512a34d5b555c47a1c45e0330a8b84d8f5864ee52f955c249d0651b94e6e51ff23bf392700639e

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
95e22a0da13e3de7ede51daa73c6f805

SHA1
b0faf5d1284ec1e2872434682f151ffc091dcafd

SHA256
b276277afd71dfa31e6a22f3264286791154a498a1145dd17116464bb57c417b

SHA512
6e29dba377f9113524a9a973994c72b581ca7ac229ec3725dc02fb1f45527690fb265d16f93fe05b560ff0a85244bbef8e7090598bba653491cac53641d45a97

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
36266e9ed4ef6047cb7c4b8fb980eefc

SHA1
e7028ec0e7e2b1df42b3b4d4c27144435fda1add

SHA256
afa8afe7e26f692efedd832fd372ca3c91fcce3a7efecc30589e792f42cd4a13

SHA512
63194e8c1c51eb7b7d9c7abc5cfc7b9ba7e714012e5743eef33439802f90dc40d564145d5a1a198fe173caccb659ef145e9c83ca3996c8f7d9dce398a5728b83

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
51914be35322155c109647afc9d1f718

SHA1
921a13ca750df0f9fd6114168c11f2e78fb1ef6c

SHA256
69820b56148adf98fe1a06c61daf09d4912449d4d3ecfc6141806c949572e08a

SHA512
c319fba75d1bf49ba7a28ef149599127495721fb72bbef55a94a1cc003f6da5291aefb0777891071644f75e6af917980f5998257c0347bc50b9a105631408296

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
339864ae08642601c5e79c497ca2eefb

SHA1
03b9860e4c3b6814ca75113d5fa8619bc7f46469

SHA256
44721d7a40527d1695b7dd3c089bdce342166f90140f2f98d59ce96220371ec3

SHA512
b457d4bab7a68cc516676215075e053ea811b7f21fe6b92e809df68e61944fbc0a2fcb941d2173f1b35df1628ca079b7a11212dd392caae402ffde6029ec3a0b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
82bdd13934f805b71f2a391cb84b2ea2

SHA1
0e646155046181317343a41c46293a0d511ea503

SHA256
773b5b61042f9b372aa100a40b081010829c0c41616de1af59001170a8e267d3

SHA512
0a7d9e28de8a7777f5b4a1c929692c273f33727e616e5e05077b84ef600edffb85ae0854a4156b3ea40025573e902dbc019e4b1a69357cb0dcf4e90a6881a06f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
276672e3ab467b041e16199f05496996

SHA1
b875c13ca89183dbe36a9300e45036e23bd4a735

SHA256
6b7dcb67c5abc3694552e20b258665e0196804ff6892e5254db6bc7313517381

SHA512
80acd1ef9572137449be131ce9ff44d0a4c16fcedd8625197235cc88f8cb748c88b321d87f22c377ccb7d9b1b7192b42bf44cc6452a53ff60c1c28fe84447e0f

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
f3b0973e3c512836c3da260d93bbfffc

SHA1
aeeb8d6371ccd906092c531d7482748dd7045979

SHA256
9f51f46c20b30d8188b5926e555cadf4c01d10ca2323a0e13d019ccb3d5f5573

SHA512
149bc359ddda299a08cff29ffc03c705d71db3824a3b6f64ad6ef49befa019ae15979f6bd50b68ef53d63e0464aa117576a213079d4cae3c9837422094d31651

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
60c406ab043151d31266a58714117026

SHA1
9eb6e499180ceb421be90aca04aa37ddc9412824

SHA256
371a3af1d40d92235bdbfd6e9aa1c7a1c4bf4521cd79a95e38aba4289dd37c87

SHA512
2ef7a1bd741f1c7c587075aabd006ff1ec5938d44be4ef9983fbf350f80846181abeea7e9ac0ae14bb633b29f8f6e0db054961dc1061ed0f0ee048909d610814

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
51ef49b6ec8f48cde4b0d4f1d61fda77

SHA1
f74f060cb3fdaf7deca3472c629f82c881bd2951

SHA256
23d798a09fdc098c4969a06c9b29d2b1769ea5e307176357af2438758c81da51

SHA512
a4c9ae422d969db9749ea0b9927d2b4879e2d5d1e45fb9d8d78dc4412b16298d96b2283d85d0c5332e527c05b3f4aea05f06fdbc81e20cb587e603d2f8755a09

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
c96f7d059e420940a9a9f40e318eb041

SHA1
2abd8f1ecf39a946d09d0bd67970f3170267f20d

SHA256
7024fd378a8abe903e314dc10ddd31166e22c5cf06c4f9053e42086bb1539319

SHA512
6e9759312d74a18468d76b616fb35e4a7a09a485c5ab5713d09848143b2790380b5e89ea47b4f3dd4dafb92377f74e72b343b8404b5153f6126c161537d9a2a3

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
d30bdb6d5c38106dd427122395ed7463

SHA1
5dab6b0503314c72b2e32775c7ff4b6312237992

SHA256
8813d46074c323ce4b213e2f2a345baf69a617d85871e6d6510cbba3f6e3a159

SHA512
b9165cca656dbfe303bc9bebb8b72e26566e93439d303c0e63968f0744da41a9d5b1291abae1a95b705df8dcf6e51c921ef767b9a3fa49d07c0219d18341b294

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
942f884e026b1755b04228df25ee2196

SHA1
10edab6a203ff632168d56f9dbcc64e22d1ceaef

SHA256
80e193ea73cde68da2e13d3867f36d91dd7b8fd749f38daec5ea8dfed3a34f80

SHA512
3a283fc3f79155e2aded6462415efc8e5bf13fc8a87ddbed3adb4dd189f5849160b7bc6b51f4947fdd2ac1cf788d5e9014ac134ebbf4fada12f0510894c1befa

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
d65fe700fab01d0cd0116722a4090dda

SHA1
ca19c802d95031d5abe9f9d7f8cb3c98808c29c7

SHA256
191d72105ef0ddfb83ee0e467413abfdc81597e2785e9949e522c577643a1a45

SHA512
16f70c511c69cce01c84d4d8a6cb627b95d92e473b70af4231d5854f6aeed697311b0a5928a962fb2c08de766c395a5d4c251d4750a44661b6b9972687a05c02

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
7cd6704bdb8e12bf853e2e474fc037ab

SHA1
cabcd849909e93bb48614562a028fb5030316e09

SHA256
09abf709ed0a79246b50a310ad761372f3f382ad62e54d8d4edae6dc948b65a7

SHA512
61abc5d53945ad5c706ea99f21e7a3b690a0c7c8cc0dbb7dc2a23ca5c801d607f4ea100cef7eceac7a2bc658ca66fa2398b2fa2c29cbe66cd1ec49e0a83f4b65

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
e19742e0af0d99cff12e0597034ab2dd

SHA1
765e2e8b3954290612b0ccec451af57e05bcda95

SHA256
936cf4cb58f91e710776f4cb3a2921a39a2738ecfd985796fcbedd69fe5331da

SHA512
0a08efa331fa8be27767a7190f1b614b071bd57178673f914b3b8c6c187cb4d878b1419284c20fe3cb9719be7d587d156bc67ee58cde9969372de76263ee28b5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
bab3cb663653c4d8d2238a7a1374f072

SHA1
b23eaab73fdbd7b59a097cb32c18964bd84f1f99

SHA256
e5ed9829d3f0d038faa2db940e11eb70fc89f23bc0075113e90c3c6804af5015

SHA512
2babb8be4b37bb0dffd46bcfe112748c84405beb43012d59065a2cdb5dd11054323a929590241f82308e8cc1825390052a5f826a8239d4499c66b97d6b3d3dd3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
fad322ce3ffa04b8d700f1892168e267

SHA1
841593759704244d4a1ad8aae51bbde6adc2646e

SHA256
53eb3db9837c7c948ad03ceb56684cd08458f1f3fc6a72d325c1b52cb4cf78e6

SHA512
961c79b93584f518f0d017483b95e814e7d3be51a51d8dbb6e5fc4140fa75994d8eec0b66531957b23bf40d054f7664eb37f37bd90cac66c4d9df8e01731efc3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
7095e13b080768953c3f38437ddd4b2c

SHA1
062516d16cd0ec808687ed1ebad59b4a8ff0511c

SHA256
56046174b35f6208d482f587548b2d05be9132425010fa2144d7fbc1028c3a4b

SHA512
3288bd2379cb86cfb0c695272f7586762ef519cb575b70ded22241db53af3c62e295f5aa23c374a8439b29a811772a4d107bbfda87259a05e88df9299e1d25c2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
9b7fde41e8dd2e8c7d1cea1bd328cf0c

SHA1
212c18d1d543d0c5a9b3a015f432976ffe333993

SHA256
f9d7dbf1d7805b7aa34b3d09bbe66d8a434846e3cc4066cdb2d1ff0fa0529d1b

SHA512
4f5bb71a8cb267d6e61b76fc0157794649b95bccc13037d40eadf414e13ae148362c2ecd3fe53a6bc944c43ea06640b13c145083f0a4a6cd112e0a3e826ad597

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
ae0c64a239822cddb4ec2e2aecaecf2f

SHA1
c002eeab81cddda50be42869f5344fd37fb82f1f

SHA256
5d01f5258d09cd7e71249e069e71a5572aea468478698f6bfa6558e1277d187a

SHA512
b180d866ab214e7d261c6f1dfb1d2e7d077f17b20b233d86373d49d99dd2a4d1b6fd638a09137e2543df682c805b25c57c54b32820abdf97e93269918e6265ad

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
55b06f15ccc0875ad0573c91e1148d3c

SHA1
bf45e989c345859dd0d4222a1744e53a2533baee

SHA256
6ab3920ed75becae9ec4c2690ddeed195a8f3ddf006dd8bfaaf6139564d02b04

SHA512
14b16af47f1f1cf2d8d05fdfe09f52ac4f7efb33ab7d24e79c61f65a4de2ba32f3c1106e25208169d617eafa528460860b6f8c90de19f9d959343669a7139e65

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
08572d0dc286966bd0a2889369183bdf

SHA1
4e9327b534b5f97ef0209a48e6bf7f014b5fa752

SHA256
2ef8e18b35d203f9325b4b2b277fa36a2620d2781c2f6d5c4b8eaa90e5e0ac44

SHA512
c3932d97956ab72931483d3d059ceb4eb20c2198ab7ca5580d0da5c88f7ffb97a72db6a36d5e9f549e70f388a9e2f76ef965868424313b6e1b8383e9f2287e7b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
33f02cb1b2df699c50b9d0cc930e861a

SHA1
67d2801b57a1fa1c0da78f026c31204ff6ba70c5

SHA256
e572ba8152bf8fbfa6bfcae3eac6ca737ab2cfe037258f3224820c05ff3e3f3b

SHA512
2b9a0e3a4e372724aa090a781bf9e87bc22a78d39c2b2403bef37930f7f4da606968e586ed75d8d3343b4d0556610071ada6c640c452829bb9b8a762f297e1ad

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
90ec3ec586692772c37f8677c8bc2408

SHA1
732bf9242f139dbeee16c81b4b46334fcaa33a93

SHA256
eeaf92f94c3ce1e2fb037628fc5e9f0f60aeca15e18193de61c96632f1f367e1

SHA512
0a3706f4b84920145861e668bf515912735865c1a72a3bc039e35b0020266f2b7b335283a8a88a4c2bbeeae502e61d1aa981239002c26059b724b7f225c9abbc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
c4d2daaf3b780814478959625f7fc20d

SHA1
e60da6d6938cbd560fbe314f67f43ce6c483992f

SHA256
376dd9d5db90c16ae4c424b33a1130e522787835eeffed6ea98aefd7b6b6ebf4

SHA512
191a1fe6979f40d3b4d29c307257fece195dbb6113fe4175f89b0c6efb8f682a92a73907135027b26e9c2cfc1d04b6a6f7736e31bd7c7a2fe187d290c131777a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
0fa109dba0bf42128237a182fc6e0231

SHA1
c24627b9a791754d98fffa1a23e438b77a900d4a

SHA256
c80826992c406864d998c8025cb2a732c33764997aef8a4e3485fbb4c1d3ad47

SHA512
6d0bda439a9cde3a022f2663f97c34a7414581bf80f18c77d683f1873fdd9a5938115788a50f8d4c30b5d075fafd0a1c9144916d6cd98463968be6eafecb1d7a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
f8c4ac2f506c1d6cadf6c211cc438785

SHA1
fbd0121fe689ecf63ae4ee910c6efb368dd2b92f

SHA256
7483ff010ff46a34d383b011e57c6329b2ecc60ee11cc06c71cd604ae65df7c0

SHA512
7cf80edf46e30f9c983832f0380386944a8aea6f949a0b578d3b96362374a9126cd62e1cea25da22bec837309b0f263ed6aaebc80b3e3f14840fd7526ef94bbd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
0f92d5b2a075d84fa6e9cb0faa243bf0

SHA1
6c7429365a3e19696e1b4c9ac5cb9cbe378c0a8d

SHA256
7f71dd9e953557d4c4810bf14891d8e076ccd8c86d10e61d92005599317bc5d9

SHA512
c624bc844adbebb46159f927731d0a586224d3c47dc1d7076ac3789d43b8cf2af5fb3c7060254988f955b365f7b9470aa732fd69424cd8c3f204afe56998de7a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
0dfaee27c0b05e997839e50cb18b4115

SHA1
437962ae9e34e8ad3771169dd084c767c2ab0bd9

SHA256
ad471512be8af12ff23bd3ed9173267b6d57ac2c81a32abf93a30f61ad1afd06

SHA512
234e1cfd420c05613c977cd22942814be0a3038ac3d1e57908d208e7eef870dbe16746a77f42c12a8718fbca09a1cf74c9f30a93696833cc75bdcf4324b59d92

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
e230508793e921b7301c7ed6cebb9c9e

SHA1
f834d89a8ab95d2b548e10d5a2d042728b0af2c3

SHA256
8c64041b99c631a97ea065916a59bd9bf684c071b39d11b8906f505a33c2dba0

SHA512
90d693cb9c2b9a47caf1a27fff77784a8800ee202d157422cc7fe0f166b25596179c3b465ff887c0270e8ff67d47f90ab74dbb5576e33fc3167f0b321592920a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
c8af33e27785260f9805f494c1b0936e

SHA1
76221b550cb055f43c37a6f459f7609a8929b08f

SHA256
26599c251a96e00ad36633b8bef88252f5a93abf7afb225c1c993b0de1ab274b

SHA512
47bd36245c7145bbb9fcaa497827b16f98870fd5f3550c775d9a65d4aa0d1bf0cfb06849a6efb1e242b87686dd7b591e8e24aaa15feb55afa6f45a21e562927d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
58761d8eb2fede8b3bfadaadbbc16490

SHA1
fc0cf9f7a77dc94a840834840fe5c9a7a8de0f92

SHA256
33299f2bdc52a9e36e4eba4ec89643dd11aa4e8ec2b2a31616be3a42426df5f9

SHA512
a894c2453a3bcf1921096c613b5c41d37055eef482e41ef4668219cb20a62750ed1d7f3c42fa2ab3d2d20c6a8ff4d3680832eea6a8dd222d6778f61761574ddd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
b31de9e12840b83223b5f3d0d2a2e156

SHA1
50ff2d1ff697fbfd0a15c72a794a253eaf03b301

SHA256
be971ed6c025a304e12d489b3c96c7bb5d0774f8a473efbb369f4a4994fc95bc

SHA512
1568133a807d2dde6d725bfbb5d075baa90b381c78c0d0b3ce42155e5c69e8a4f91c8b8e0887faf787366b26bf61e4adc593f22e49ef45ba5ef2497ea3a2f8d8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
0b501dd7dc55ef14eca2b41ae2389ffd

SHA1
af3085a615a424ff66ddfa4021924612e0be6a63

SHA256
aa5ee1521f7d174fdc6d48aeb20c9c600fee12f21eb1975a7a30b239598c749b

SHA512
3ce4fdbc59a62b5dac4cfdc2cffcfe3fc61e2d5898f9bd665424b3462ff7c7926167b254f8c3425cbe1c412d67b90bf3207c9b335010b21e3dda0d4e5729d7a4

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
696KB

MD5
34d6dc6e33b30d4b885c59945eb5b9c3

SHA1
9eebc7ff5efdae06cf6ab6111ab6b4ab80a695b2

SHA256
f69a2a09e03ab079c2b142efd320516ed5566927864e325de8934e93bc0c9d59

SHA512
a0da0e619f5b136ca645152fb799359652366377a46d9b79ce6c139b9d8ebaa5ebf9f2e0ed4175920bfe7cb8ca4ed7b747dd07836a0a5d0f8f8222dd609506e8

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
2288133c9a6d6e8f9be77bb8f79f96b2

SHA1
816b2b0dfd9d9e9322b93d0c878d8fb9b05b4076

SHA256
8c457e7471cc7aa7cdbdecaa214ce3f99698e28a870bc35f2a9c9576ee765295

SHA512
fe3e273d525320c8a24081003691b1a3d0a334d51d632dd6f184c20bbaf2c9a70962c6e9680a4e4001a673fa3cbb093d2cdc3e4754b3c16bd43a07c6d6380d70

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
fb3db9f4d8fa21da1c955d98ab8c77ef

SHA1
6fb2d3fc84ec4a855e33fdd47011e65d0348c52d

SHA256
1d599eab0aabf44145b626cb5ea2e404e9d268ca3ce5cfc77616f054d3a1f161

SHA512
05bd599ca99c6dd813e84308a936f728f16566d9930ff189fb8c8e50fb6c9c1bb0fbc62128e8f58b874cad5256aa07a1ac32953b23833459c1e1c68a04cdc7ba

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
4c0b8e1f5989fc4b8649347cc7e8939a

SHA1
76bbabf9f724dcbc2ba0a77ead77fd71997d6077

SHA256
e79a59f7dd1cc3702ea2954707add5facfb6e9ebacea27cce327ab82e6748687

SHA512
04652c9f814ceb2b1f5c0339775ec3014fef6e109793eb1c13f737b00bc50aba7ede9c28afb5762831af99fcf54a6149b38627028c678261a65504ed863305c9

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
26ef50a8b6bce6efd089a6cd0513485e

SHA1
a1bdf982ea25eb12c7a4c9d3dc3e9e315d869b6c

SHA256
98776d2d9f5e8fdfa71b4ccea4034163ee9178d792db68dd669694f92cef17c2

SHA512
ea1cf9387306c3b71d0336744ee4138ab6a45532006a7a37441911e4d7312c8d5bd07e06ab7edd50a36ab1088ddb6f378f57c260bd800e84d9bf6ee6113663f1

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
4e5098b6ee40fc238b5905da3f4e136e

SHA1
3b8438ff43393e85764f1be7527efe37c6e70b48

SHA256
af2b589f1d7f2c8958768de7c2b216e7d1fc2235fdc051a7453b1f59ad18b9a0

SHA512
a0ece279120f9fd231961fc6638a93639d352012c203b2ec44612af3db0be4dab57e73daa58e1b2e84a7a2e929f0dc89d460ab4183ac23073d425eb2e7b45fa7

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
600a2ab1455a20b561a7410c1a0a545f

SHA1
59a838179545defbc5acd73db91e51980d5d468f

SHA256
decc71950c37f4d84cd69db34b40204a9053357fd8021d4a41dcf0b50c4e436c

SHA512
067505a1f921db905610131a50a3addf097bd47149e75e0d97aa8c979d8da6d98136906619174da8f93d9a290b59ab839f856cea705e7ab629c0188cfb5367b2

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
7eae3eff8030084b1b4766ef20f6c374

SHA1
f2635cfd5fb6ef44f554f6e31ba97e6df1fd89e1

SHA256
cae775ad45d3d2e6707080165ca3617434f9089f62f71eb839629978279f0f2b

SHA512
d33b2c461a43923a3fe623c6d3c24fa3ff4e89ddd5a4cdd540735c2273530f358eaeb0f4787c7ee4159ac8ab6286aa6d18c4abaa31b0d14553eeccdeba71e543

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
8016ab31396bdbbb817579552f30003a

SHA1
093883df1d3dfce3694768e7d730c8611e23b997

SHA256
9f199f12ac851f836e3cc1543c87c840bd77197eace2bc51a2f0dabb84263709

SHA512
15c7d44b8f6e65051ba6695a6a852750d19265b40f8fb4adc813a8c03e0ee87e5fc74c38226434d578eb04af0e83fff5ba50d1bbdd6628c4151fd520e749ade6

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
4fb750b693898b5bcae9f3a14aacdf33

SHA1
49d7d1c918685f11adf5618079ef7ae0dd5cf833

SHA256
c5107454ee59d7addd1f5f4060fee0e26f4731fb082d463db7620bd1278992f2

SHA512
4ed34ed4ff338e94daf4ae75d271e953f8eb9f129deb284de5eeb2d958f0a2215925ce2be4c5327ac732b5389a0d8d981aeb0814e3d8d9ba72177571dd02c9df

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
c48b87b9010121ea459231c88dcd80c1

SHA1
b6796dbba70e68e01627442e3201a41d1681b863

SHA256
755874a29077b59e72823b346e1cd4ae0ec760186cef47402f6339e7685cd0e7

SHA512
42e787845a1f478859e52ce8b21ef55b1bcf35c44679c11da0be8add807877e52fc63228f18777c56753ec9d518d02ee703bf7409a641d5c169407f48d43203a

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
dec8d8ef2f3eae9226b6ca6065b901b2

SHA1
ace204dd5b001fbb053a436ea33fc227ac0cb435

SHA256
cc8f28ffd41ce1a7e761891d55cd6e8e97de5e25dbb035a9d79ca03df566d470

SHA512
c30d7eb2e2cbf6f2a049124db7ea78ce918983a9389000eee6935cd3da3154d6ba33ad7450745114e2af273e5215cccc4e3932db0b2875e4dc340ca09c07ff85

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
863ca14cd0527e080c0c8481c1fbba86

SHA1
6d3b2063cc9adcc47cc9f81b4413b6ac29b152dc

SHA256
0a99fc3c2f0aa92368707932f7be57ca772a95f7b2a61cbf3c3484b59afc258e

SHA512
687f0088c7f0a0f69479d593f7fbfd4c79f2e8486449191294801c5946b50dd99aea1707d3f39e120229b9cd79e17847cb6afd0e2cd85afed80013c7a92c0bd0

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
ad8e29534069c55e5a4df8a139b25396

SHA1
679ef3f2fcb685baa1e165cb6065daff2b3f1820

SHA256
e0844cffa7b6f11e56251655c72d565f104b1b7e515ccc3a013628df2982db70

SHA512
5db6737040a6b5960c28734f8b3c8c32a0d12616751be6357ce6b43f34e492d35379e2cc440cb063a4a43cfbc2cbc54d2a48163dc64f1991d385753f6bf9dfa5

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
f817268bc07568c8641d3ea505a0d7f7

SHA1
585d04c260a35995d0c78ea10104ec43244c7f70

SHA256
738221bfa02d4bca97d6b7cddee4852c47bc7da4547979c3df379ed950d76224

SHA512
c94d641dcd449390549e742f07632cc2228be1c855c93075dc9f5aa7a3444ec7fdc3997bb82dda092d1d2736e715253ba9821e102aeb46ba63998a83e3691633

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
438b76bee4d12967d652f2fcba263b03

SHA1
acbbd6a078a7fc641e61db53c6e93576659d7626

SHA256
c9882b57b526bede8a633459e18d480d51515b00d5dc78fa9076be752d6fe65c

SHA512
1235af4b5f5913c6dd4a47d651ea956c09207d0b43444aacc08ca6ee7b078ce3666c767fc63cb4289609ab3e121c0a0ce6fbed50809e785d2ac85a09390194ca

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
8199cad3ee45efc1ce335abc9b7d4012

SHA1
d428870155bbd4278f1a99b6b27c9ada781f11f8

SHA256
40e0535d238ba0dc8b2b7aea2ca5ffa6737dd0e1548041ca82f9cada70998faf

SHA512
fded657c0023cfaeddef4f38cb77771f6fa0ddfd314d78ce890b0d3959cf2e1f1c3b6b2ffbdaa70f63adb3564601887709be6f80b6a96e5d292b885872a81143

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
f5ad64ba074dcf85782b84eac0616045

SHA1
46973c906b2db09f98dcb15c3f4ebaadad021342

SHA256
4a42d41a6b3e1064eaf2bbfa96639313f77a506e3b52009fd042a2e1654254df

SHA512
720ee4f181e7c6cdabd406b23065aecd28d64c6e2b9c0ae97a9639f670dfced24e10260a2b0d474ddaccdbaa940dd6b8407937b711f0600c1d1be94b64040ee2

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
064a364fdbe90ccb42cb1680d14d42c5

SHA1
6918a7f9e16c8520e212edb92011b39d86b1ab73

SHA256
ded6a69212e4834cb4701b8e184cc04d516218f5f5e471009830601aef40091f

SHA512
49d0b73fa0a5d7775fccdd532ffe5591cbfedbd74f83fa8f8c4873c86f5bbb73b45dfa35e18020f868c07bd09bd17a089e33a396e2491bc1e4ebc62f2611e452

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
bf02ba2355fc61020be9f6fbd0da88c4

SHA1
13dc9ac0b3874f6435a7608e2ca67983d2fbead2

SHA256
3f3327781f18fa8540089555c873025d9556073c96afcb89a42661c62dd6fe1c

SHA512
460ae4c52c5110f86984e631a397a1d355df322fc87bf0de5988eadcdc319324acf6621e0463a3c7df0a19d889531d98dd494c447d1bb373cb11edba58eccdb9

Download Submit
memory/380-257-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/380-266-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/380-443-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/468-49-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/468-50-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/468-122-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/468-56-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/1200-176-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/1200-183-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/1200-243-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/1392-33-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/1392-93-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1392-26-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/1392-25-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1532-60-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1532-57-0x0000000000E80000-0x0000000000EE0000-memory.dmp

Filesize
384KB

Download
memory/1532-45-0x0000000000E80000-0x0000000000EE0000-memory.dmp

Filesize
384KB

Download
memory/1532-38-0x0000000000E80000-0x0000000000EE0000-memory.dmp

Filesize
384KB

Download
memory/1532-37-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1604-442-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/1604-253-0x0000000000B80000-0x0000000000BE0000-memory.dmp

Filesize
384KB

Download
memory/1604-244-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/1636-200-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/1636-143-0x00000000007B0000-0x0000000000817000-memory.dmp

Filesize
412KB

Download
memory/1636-137-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/1896-77-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download
memory/1896-88-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download
memory/1896-78-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/1896-85-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download
memory/1896-90-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/2372-63-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2372-71-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2372-135-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2372-72-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2372-66-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2524-131-0x0000000000B30000-0x0000000000B90000-memory.dmp

Filesize
384KB

Download
memory/2524-186-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2524-123-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2604-256-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2604-195-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/2604-188-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2756-439-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2756-214-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2756-222-0x0000000000800000-0x0000000000860000-memory.dmp

Filesize
384KB

Download
memory/2856-201-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2856-410-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2856-209-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/3000-156-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/3000-147-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/3000-213-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/3076-159-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/3076-94-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/3076-95-0x0000000000D80000-0x0000000000DE0000-memory.dmp

Filesize
384KB

Download
memory/3076-103-0x0000000000D80000-0x0000000000DE0000-memory.dmp

Filesize
384KB

Download
memory/3304-7-0x0000000000B50000-0x0000000000BB7000-memory.dmp

Filesize
412KB

Download
memory/3304-64-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/3304-1-0x0000000000B50000-0x0000000000BB7000-memory.dmp

Filesize
412KB

Download
memory/3304-6-0x0000000000B50000-0x0000000000BB7000-memory.dmp

Filesize
412KB

Download
memory/3304-0-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/3304-272-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/4588-162-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4588-226-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4588-169-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4588-437-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4588-438-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4804-174-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4804-107-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4804-119-0x0000000000800000-0x0000000000860000-memory.dmp

Filesize
384KB

Download
memory/4832-242-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/4832-228-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4832-236-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/4832-240-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4836-76-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4836-13-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4836-12-0x0000000000550000-0x00000000005B0000-memory.dmp

Filesize
384KB

Download
memory/4836-19-0x0000000000550000-0x00000000005B0000-memory.dmp

Filesize
384KB

Download