72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
Size

1.8MB
MD5

7376e2a7ece8bc2d4df062c2eff4c1aa
SHA1

f25b27172fe7f9e4bb78d25d76a63216ac45349c
SHA256

72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48
SHA512

82dd77693b015673f6ec68cee9657aec11ca947f8c4f608c8eb2a1570d0f080fa5edfe03eeedeb214eb2305971bca98d444a9ed05f2b2b283a3f51c8550fa62c
SSDEEP

49152:uKJ0WR7AFPyyiSruXKpk3WFDL9zxnStblI7a8K2mFhbrr:uKlBAFPydSS6W6X9lnMlI7K2mF9

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 14 IoCs

pid	Process
796	alg.exe
1540	DiagnosticsHub.StandardCollector.Service.exe
4972	fxssvc.exe
4440	elevation_service.exe
2336	elevation_service.exe
4608	maintenanceservice.exe
448	msdtc.exe
3100	OSE.EXE
2768	PerceptionSimulationService.exe
4932	perfhost.exe
1564	locator.exe
492	SensorDataService.exe
4840	snmptrap.exe
3216	spectrum.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 27 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\system32\locator.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\system32\spectrum.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\b21abd527bb49580.bin	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\System32\msdtc.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\system32\msiexec.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5757.tmp\goopdateres_lt.dll	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{E117A834-9F7B-4812-8F07-DC3D7FEEEE8F}\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5757.tmp\goopdateres_es-419.dll	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_114562\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5757.tmp\goopdateres_hi.dll	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5757.tmp\goopdateres_fr.dll	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5757.tmp\goopdateres_ja.dll	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5757.tmp\goopdateres_hu.dll	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5757.tmp\goopdateres_zh-TW.dll	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1540	DiagnosticsHub.StandardCollector.Service.exe
1540	DiagnosticsHub.StandardCollector.Service.exe
1540	DiagnosticsHub.StandardCollector.Service.exe
1540	DiagnosticsHub.StandardCollector.Service.exe
1540	DiagnosticsHub.StandardCollector.Service.exe
1540	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1944	72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
Token: SeAuditPrivilege	4972	fxssvc.exe
Token: SeDebugPrivilege	796	alg.exe
Token: SeDebugPrivilege	796	alg.exe
Token: SeDebugPrivilege	796	alg.exe
Token: SeDebugPrivilege	1540	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe
"C:\Users\Admin\AppData\Local\Temp\72b92372377fcdac6ef322494db967a3c40f638c9596ed3ec85613788b281c48.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1944

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:796

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1540

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2460

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4972

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2336

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4608

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:448

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3100

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2768

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4932

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1564

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:492

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4840

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
c61d6cdfff0d4d566fe4c161e0c223ab

SHA1
5a533e03200cb2450c9121dfc33d20656b3202d5

SHA256
35821abfb33d109e41d5820e8fef4a40edf6d37ea26847c02e9372a8633ce452

SHA512
88d8969037c481e508c7388b86eb25aaa00f2030c303d66dab79490cf3a628f00d596f2352ca0a4d680db11c114f90bb39bf528ed91ecddd15c5b8404a8f7e7b

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
bf00e00afe9211dd3b060d576cdab342

SHA1
858e19ba35dbc308f7c0cf97c39c04683c77bea9

SHA256
710f68f6c9ff54e5df5a63ac2440bf49dfe3c51d46de8b8dfa0c096fc7081aaf

SHA512
efce228b244904d158b68bc68d2548fa5cc99f07dae416a01473900660f4d97cf0f68f03a1e615a7abf6a38b00b857ee2a87a2aedd7a66dd240648182ce0f1b1

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
7e2fee335b69942685ed96a39a36f1f2

SHA1
9fc3b78aa4bf8b410f304f90ac531e5f8fbd97ff

SHA256
4b4a053cdfa4049adf32efa1d1c553c7e265567d48d64e583fe33b466de10f93

SHA512
b723e8cb91abefb3a6b6fe1355d2362195dcb2bd721d048636744ebbe4fe01316e1616d8d61ae77d941a86244347a7adb87082f41fb8bc441e01e49d957ef1ec

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
f2835687a6aa530f4b842d7ee685da2c

SHA1
594ce03ee59056cc074c1eeaa707bb49e7c0cb5d

SHA256
f886d24eb124eeff77ea0fbec6d2d54a839b3f7b66ae6eb77ca10210227e2bde

SHA512
3b19f7c18e2f7994c3383b9183367b7d4d4702031a7fb5a1cb93875800d1c9ae655c6bee66511188c8fe0487cfce25150657e18c4359e6760cb5fb22d5ff8baf

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
e5a223984e147b4b7ca58242cab72dcf

SHA1
a1100d2e077407d6fe92142c35fb8549f4f0064b

SHA256
89e4ff9e19d39c580459fa93cc7ba0b0ed9df52d73b9fda38af672ed6b5f0cc2

SHA512
b3cd88bcd0fa0faac9c71f717882a0a9303dfec85ebcbea0420171e6bb18e6ade11feb7103d8ea78058af7c6dc8e91d4c75c2fde0c4f9862f4b2d16ef05eb325

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
50e520d1a616f8adbb71ce83a3df1663

SHA1
74c3c5de87c577fdffcb653c45a7640c672061f1

SHA256
af0f04ef338cd2a6f5f088d211333d9442abb3dd39acccbd8cbe28f4d5da56f9

SHA512
e231f278732373d456b7e3a748ce9bbea57a8b2717ff02af4a393fe5f90b94e728ad16c3c5ba988e7fb7fd0fe19fb90aa2f8ca29aadf52e1c63715623feb59cd

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
350198456662bf742f6939abc56eb0df

SHA1
5389ee1926dfc5e7858ae95661fa5928af463f81

SHA256
30c79c72a6d3aefdbadeead5767327d16e3121de8d54a05036d9db78725c7b90

SHA512
4acba1dfbbe972523a12d87beeeaa9f96b8deb85accc71018b3d8f1062fd258d4ccfb9c09170e2a276f4d33186b57a64e48084aa9714b931730ffc9246fb68e4

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
3500083c8eace6466e9cef2506a87629

SHA1
4b51a5b04bffae4de0f0166f9f4a54ba9da46d7e

SHA256
34ff25525d62058f68110a92054ac629b2a86de43ca89c90ce4d612b7ab1e28e

SHA512
eefe59012789cd2168d0fa88fa4deea62a3c88816e7a3e99b7ac7ace63663b4fb3d75aa52c8e3dba555787ea311e7b10e8e7638c75bb264aed94b9876d2030dc

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
8eb602eacce96ff007e86a3267e8608d

SHA1
5aa3e03c40ae601d777587b01d3991cbca6433ad

SHA256
48c2b3e7bfff6c76d5fd5f026cb7bfab27cdde4db4b0603751a04d49d43bf930

SHA512
92ce3d5b94dceb4b84168db681a7f9522a64a6594814901e309915b3660e5e470ba50217b0d1656f3c3ef6710c4d9fbc47177b5c50da4373317650842584bbdf

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
89985cae2354c27e6101d18cae27586e

SHA1
d7c5fca990f67200e5e2296788f184bd14f897df

SHA256
dc1fb353d538f68cfe0afc1f5f6c9f05e1f81dc82ea5220cf054bba16abaa1fc

SHA512
787b3c74d9081fd5aee7a6c9d24e3fc4e8fafe73e975b840b8573299d332d435d48fba974af5bd3f1aeff83bda346f951f3caf142c6f563834bd200c180e9e1a

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
5fce486149407c4de5048c5c0d5e44cc

SHA1
74ee570ecffeadb969282caaef11be609dbdc7f0

SHA256
d6e43980472f6a10a42ac1aa6c6b033ce4168ac434beb38b323a08e857b1d9c5

SHA512
c6552fec979803e4301765ef6e48febdc40c29a9d8b454d2d014c19823b60c276fc6846e6f28f8fa08d8ccc7be4c8e272da6d78d8da0ad5a33f7e0a284932911

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
2422890920e5d66df7cfea7bff91e432

SHA1
5556681abbedf2b67005da830bf3727fb0b32b6b

SHA256
e9186064470d28d5c1b3e47cedad4815d3ad0e3ed2e23d0884bb725454c68e61

SHA512
a9191f2d3bbcb42ad807692591a99ba01729311e1b9d8759430136a56801fe4b9f2d7028d01034813b3457db71ba0a4dbdd2ea6cfeb7f410d7beb079c33c1a0c

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
8d0c20ee3201e86929a632c16b64fd27

SHA1
59dbac6c6e46ffc7896f13e92619721a6a166cb4

SHA256
5983dfedc9fe739807fec71cdeba8b82c7f1a9dad2357a376e8637fb720cd401

SHA512
c7b189e449d010eb8a3b19d87454dbe03911323d4e1ea83dc68115d9bbefce639da24384e68112b9ea44871f7543c3dddb3b5651cd5b49e6cbe244dce9f1a62d

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
8a3e866922649fd5cdd15c80a79c32cb

SHA1
7cabda3886c9dada2afa84ba7977d8e2b0c35529

SHA256
ad66f03ec5fc67c511256cab327f6eb7897fec4b668c7a1a13480a0052f09a2e

SHA512
43a0ad340b5ed63689101d8b04c27875b713b08eb2a7e81eaf85ad6927371a09bdbbb49041be8bf2e9ba90e3b17594f8afdcac920451b9ba2033cc0ca36ccc44

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
2b052c471a820a24a7cb953a3b3ab664

SHA1
3b643238551d1bee9c2c0d288ce3c2d1ce07c3de

SHA256
a713468dbf8898192beff12de02f3a5959268166ff85f527b0ec1dfbc7d1737b

SHA512
6e4c4eb21d1ca121afb8954ea199eb40b4d4373075652ec5c0d24322bc0be78f0c89b2db35fc1f2ec80e2ec585e3f31ef5a5b9f136f115ea0baddc4579927730

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
50921e9648922d89cda8b2f0ff488e27

SHA1
85116a2bb1c404393dea0835539e6db87bd2e339

SHA256
f4c408ee7ce12df8d3c7a1bd3881a46e2d68b0f1cc2720464092c222ee201821

SHA512
2af973d00c714177f4052db6bf12456ba734d804d54e71888eca7c27b848a5974bdad5e5344c44eb66722305ea2934914996dfd4ca71dae60d27a450fce045e7

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
61bd6e9b7c52877e0859ade777720434

SHA1
22555046b699730272409e48f24f88ffc0c54d84

SHA256
76b08a47880bc033701e68e841a41b515ba577d08d006d0dfd361569b59a4dc9

SHA512
c252ba24e902cadf38f4a4139db8855b9c894bc21be7055497154370810120731f7fe207f2be3e6605234c903d39e7720936dfc56f2f490c6de8b1647836140a

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
66cc44fdfdf6482549f44c63893d1049

SHA1
82c543ec0ab72c9a0ad3742e08aae07595b123c4

SHA256
1a279891c47051923d870b4dbb2c48be795c5bb0b6800b67bef0a196258d931d

SHA512
46b970942dda6ea9fc15eee7d3c4cbc78eb5f74130a81b42d4e6e37a155a8f780491a22afd8a8b5785f51efafca32e2a2cab4a4f1f405495a76e271b42b5b103

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
e64d98b8156875fd2db466a44c21ea73

SHA1
7296198c8450a9c14b894637dc2815aac6b75e62

SHA256
2de9cd4c37968e4aaf1b5426411cc3252514f37697dc0b4310739cb376c18577

SHA512
163a25e5a9a7a531bbdf68ced796045d8b7611663902381ffbca9dfeb6cfab62094d296ecb7ebf15118d417a5a73bf35f1d73914dcc5b4a6bd23c9c545df1bb7

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
fa32916ea23076f20d4008e87bb0b26d

SHA1
4007ca4aff7ba36dab309e6bd54833a8c2c91aec

SHA256
c623226dff002e3da79529590baa9b295332f22d857f33f14ac59f720c64a8a6

SHA512
9a72cba5f364f68e77b79a8e6bcf24e09cceb8653166e97cdfd1ba3086d2b4e81a0e3dd3484bb268d0164bf596298e401e60762955b9ba4cf2f3b6f40e4aab4b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
9505593f4115777eaa6f69eab4a68499

SHA1
b46141d5030278ca1d3938ac2f21a54e94c8a5c3

SHA256
52587509c92793433581a5083cb3e9c1e91a3be5f7b49ee22788f7b24b35b3b0

SHA512
bb5014b204b8e418ff7697cdb4327a0a9c41aa2f95ccd72dbca0d33891cbc92800cbc2622533d8f5722c8c25536b70e754f1dd35e0f4b3005761a47b376095aa

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
09403c1f97d6039cc32ff473177b780c

SHA1
9830da8a82a5847c812c699e8ff697b359fae681

SHA256
5f6f4b6b458ab421812d7d2fcd766e3c782c7fa5f2e2c56d74b2c42f563f8627

SHA512
494ce21084ff00466324221f33460c8b5a4a62a2218b35523476ab718864960557807346530c25be7edb674de30858d34363c6ee2dfad50cf97101574c82eb3e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
33b38a5f9923523db328bfa89c9a3e28

SHA1
ba4de8e7c814dec8aef55ed72b7cc82ce9203e41

SHA256
35004c7385ee558e9d416633772cd9206aca9cf3860536ffd6b238702f596339

SHA512
879c51e22b6302e5d0e88d2ab7f2f497f99ca60076245f4797752a7e46d61c976d5284f8e42eebf7b3a18dafc57e48893eba026ee899ef4ebf7d392a5c80c5ab

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
98741d38cc106d0dac9b7e880f32da6a

SHA1
809cfd754084f58d24ba2ce2b3d8597a1a837be4

SHA256
ae17870d2809f35b935ee2bb1672b3b71763c73e82ef9eaa4bad97cbbca2e067

SHA512
7a60f824975faad6c68e5d043ec5bc34ee378ff4090b00733195a08c395aa69c15e16cbb2718e3d80106f619fe6eb6aa8d55891dc77eecd8459fac6d9dba64d9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
3898342904f213c9e82c4c3f74c1199c

SHA1
4c18ad8298aa8abd06c42e5ea3472d6515bc9e01

SHA256
49b2904e20add0f9b6d6ea00c65367c1d4ade031dca2ff0ffc1cb9e0e09f0339

SHA512
664a28e4dfaf0bdffb07bbabc52efbe3fca4502f49da33d0d4b5b28605d82bc387ced0e27f68a896c418433e6c3c6d26c282ce74a9f2d07f2a598127b1335ddc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
d43deacfdfbbf9ac24a40429fa58ce79

SHA1
be1a8b827515e731e5af55116c797534a31b84b1

SHA256
191f860dc2679fc7dcba48c44c2d264b6bb98392dae6a2c12c0546dc18c6209d

SHA512
096e8b67c96bfcd3324e1d5983d52e7278f3380c1414d5123e19427e822a232c2fabc2352f8cc38242d9557ca15dbc6b9dcedbd68e65c4a7407b5c3c0083c6af

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
bb261b65c70337f6f8a9ca78e294109a

SHA1
4c0b4430f3205ef3f57288d94d5bd8355f695ab1

SHA256
92ed629de35ba2da9565a7d0159e2606b8f21c237ca75d8189512c34e139e43c

SHA512
239eaf7ed47c23d5689fc04866c7f81e91240db8481df7ee20b421aca1d7c7456bab84157949aec8221da046a6e6a9f880bb9ca66a03ebdb4a94b81fc1ae3ca9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
2f96d7bc257102c815ad3f704afb750a

SHA1
bf155c832e19f40e8dee4ad610c9ebbb0272aeb6

SHA256
302ff0bcf6d6b8310fd2b83f71477f054e89ff14f494ff38410b8152eee680a1

SHA512
f66d0c2cfca08d42ed1929a5410626d1915169d8f0e52156d2167e27f2f133146810e5bfff3db4dab19dffe3140eef31691e28188d17739aff0d55d43751533b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
9000d48ffeb9fbebac419ae76c877157

SHA1
9b0245e01029fe0139e49a82ce401ff880abb2f4

SHA256
a575eb88611b2529b403a5189bb67ba72facf5db8edcda7d0341417bec452446

SHA512
3a9a32d500e42bc1a47c5a35562faed7eda0869e47f58b4b228a933f8514a84df7eed6e0af6e9e641bb039ec4db4228bcdf40f30ae62cb10ecc4de63dee8504f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
1507bfb049e3badf1c9a7e6ad0282ff8

SHA1
ecba58e005c05a971913728de1738cb97169225a

SHA256
1b1a9b64c299756340cefe3364c93935fbabf58582e04b89aeafe1d251bd13a1

SHA512
a97790c37ba3dcf832edddf6ec9689712aa5dd29f588e11f7610192cb152ab5c10168143e2cfc4d71c94e12375ccf970fadd5b0e23796fe769c13fe5c3047a4f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
2ba575f4004c1acbf214e0a8d46397d2

SHA1
4ff883577fce14b6177e4c44eeeb9251a5317129

SHA256
45e75ada5b29d6952923fd90a641be2ec9c38eca25c8a29fb8b9c7803c4cabac

SHA512
d3eda422c147bc44c1f233691d4aaef1717f1d257466a14a62df91f31da627220bc7e530fed59e7a3e3706f4cd702f77de03273d1c171bdc1bc395fc2829203d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
4ba9ac4c8e49d4d87d171e6ae9e6d9ec

SHA1
7cb4dfa27b9f02bfc526ff56746dec1958e956c1

SHA256
7f810b6732eeb8d3ddf578e6fe453035f5be91705752f900aa17355eb4559843

SHA512
7fab12da7bc4102564aeea31fcd6fedbbaf958368173a34a4cd798dbd64d1870874f823eb13da61bbdac7c28e7c9ffcb32c8a32fd95c0cb9e2d07eb325deacbc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
28a09559bc203812320f94cb32b71651

SHA1
2e35ecb1c5431e5343ac9f8df1cde56e8ab2db2f

SHA256
cfe7af63c174a62422a2f04561b3dce2cf7b2a05a65559878fc58c0e7ff215a2

SHA512
e6b3012066551cbe390e8b55d5d02da543e755e95d3789780a428aaf82626705a1d0429a30c70586c66af210e2ca29e0cb8c42c8f8334d4f048996f4df140a39

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
3169e69b522bef879f9bdca87e19beb3

SHA1
d221cebd2d08001a6ffb1a4799a441384ad95fb8

SHA256
830c7adcb02ff0339e95f6f60e04edb6a8531bd12c3b205ececc3aa999539fdb

SHA512
95849576155cc1d27953ad47838b5b960ec472921404b3bda703ee312e48ae5e82a5212eb5b018ac6f4faa76caff2055cc449c09fa153efaa70cf0cea304e46b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
30f75bb2f2ed59ce54d825fbd015b34d

SHA1
3c80b57dff783cb91c7251d688f34d6cbbf3c2f0

SHA256
1497ddbf0f19e64d15755aa54abf75261c544e06dd0a303bb50519c8fa2c2341

SHA512
20dfffaba46f09deac18926a6c915293aa613601e694b3979cd644c33752c2dd92dace6c18b8682d0592adce3a77eaf06b759021b8895178d7626270f77d3a20

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
dc49ab2f6ceeb67a828ba2c850baf1ae

SHA1
f86aab5ce7fbc6b289c9df27e59f3d6ea4ad8342

SHA256
979f79b96ec88480a23e947bac1ada868323ce5115f4247bcc776ba1412a1993

SHA512
e96ef4fcd26b69d945a3b146af3087f6ed23dfa20e479355d130da6f5d62234eefa3f4fd266090e4a96d97a6151d3b92fc9cf57b319ffcfbefdb547f60b4a320

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
905ee11daba6846a65b5c9fb466a9850

SHA1
fdce992af536ce42d7170aa574646eee9dc4237b

SHA256
c97e783b3981575626f1b4cf8cfbb0fabca67105d8c4c65a3b1c29f1cf0b4979

SHA512
c57bee0d552ca13a5e28d75bf1ec2b5e55d3582f8ae9a543a0f5c01d0d6563a1b11d2296f69d8a8d09d14cfefd1cb2ee8bdd4fc0a384b9bc2970a27d2415f6ca

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
4c97ecbb3543ef0ca2d652883794691f

SHA1
9dd3bd9461a40298037e9795b42e7c977830de78

SHA256
d57db0acdcc4467c638cc9ff64be374f51ce1c39a2df9131221d2b502fe6a26f

SHA512
bbf2b382a311adf587f21486c7b26a37d9be2e6be3d4a1b298ee15cae71fc5389116e32d85e695048ffab6d81c8cd9961767677838c0a43b08879e1d52baea30

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
e46f98b2ab9ffd29f0517e79c4df5adb

SHA1
7adad8ffb4549870c00010aedced052a7db83e08

SHA256
e5af5a280e0ac4e9736ef642d37efaceb75559fdd06cb91479203885acf75829

SHA512
0ed53e69ecc4605c2b132a4679ed36a412a4b02e4f0c634effb0842332bf68c44e1f7aca71af51788054f6f62bfdf559c1f5a45c817c0d2fb2a7331324d0eb6e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
82dd89214d970cf73069088c53972d73

SHA1
53d8e7b3ffa99481f060ef82f2cedb741bfdca4e

SHA256
6e0bbee1e0422739e5cc8bc585df01569da29296cf4c47a144b0c3f3a07e52a1

SHA512
e69b23141c718b3c53deefc5b38f512fe5aeb6ef30ebedc782bfdfc55cd2eeb435074ee833968236c50b2006c9e0a60e3f3c1b7a25d15cc312c088d0abbf5221

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
2ba401145d791df058538c6a91d17e07

SHA1
493a579b820cc68236a97690c1c330b9b1b92274

SHA256
da3e6f6d03c71cd83ce5bc03172125217b23c17d9c4b0e54c6a38a4c1aa70cdf

SHA512
c2deafedaf5f3b55ef44eb12e8f1f523ca5789665c45a43437f499e89ff3bb65ca1f913251a348059e80a736e229bbf59023449f21371f53e5b77600792e4b5e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
c616e87bb9a37b13b4d59593a8c62bcd

SHA1
a8a9b4ee7fe525ebe7650bebf645dc812238b603

SHA256
ea285b6eb6e3b8bb6672623479f7ae4c9c7ed800c28eb949155357f323cd6d21

SHA512
f9fa9f58f764df162417cfe3aa4253869a0556166a95514d5ef65e3b76ebce946df9cec167c79835725b96ac24cddc25c65230b62e3b65e7eb164e465fbe0de0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
57af1da95574afe8154a87b9869cfd48

SHA1
a4f1e11a7dae46cf141a3a81b1cee74a9faf70ea

SHA256
4ccd2a511673927f79e20c22b6ccd5e2d6d1cc780c72107da8f765334765e415

SHA512
ff4d867b8a1f13d592a6cbb61f46486135be241ef874167acbf5e860de03245302d2e94382ae1c4d972f00d47566e276aeda4aef448e69f6f17349e2b58ea96c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
581KB

MD5
9f62c0e715b9513f5ddc6131bf13bbe4

SHA1
05c44cfbc379521d42f0acddd7b1f5bce697ec95

SHA256
25d127d1bd1076fb50fe4f9e65f39d351054f2c90ee048713188655809e1da58

SHA512
96a1bd76c7ac5a44d79f8d35aab15bb39f38130c0e1a503bbc6c3e06a41cfa8aa4d276ff5d87d545ebc5e530a0e8c9f3ff1eedf1da5de4b1e9ab7377c673bc1f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
581KB

MD5
2d42e455fb4bbc8ff413f15de8f0d9d8

SHA1
41bed2a7ad5ee2fda5f9a434ead914e4d8a6dac4

SHA256
42f730ba8607180095756cb5e922fce1dad102e25ad4a69d97c0756e10059896

SHA512
5f942ab4de327b5c92c9032accecf31dd5f1a142ab3fceb35561a6ae1591f01998077c45878bd5d831c6c9656e11c0ce6d6d6839471f2adc862ea0268683d37f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
581KB

MD5
7ff41db429224aeaef9dd741e4c5f5b5

SHA1
bd1a3481ab16b2ed7feb13eecc31e7504eba8c31

SHA256
98d9d1bc8b2e8486825f5a3034575df0087f3b61cc17ba395a64bff56c85cfd8

SHA512
454458ed76795cffe43832e73f4e5dc1ef8374889cc4045ace0b3fb6042480fd24da662c9ba40f06d0e6a1e4d011da9698bb26aa2048a5e999b436d4bd008f73

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
581KB

MD5
35264d2961ec0b3f99060fdc4e13aa21

SHA1
b74bb6f0248e17170577ec3878317bab3a216949

SHA256
97d184f57ab8d02921c648f9178d495095a0d9cf01e4f635455999eee29a7088

SHA512
51ea7047842307ea5c40ca219e3f10323c4ad862de89d2a77e0a576f03a5715ef3b2f5c6a4243ed7c1984b21506961f31ca89bdebbfe0ede4bf74974b42692b1

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
103c0f495b30fdcce5fe984471dc0e2e

SHA1
5793099dd6a1a74e1ee826defec3225d161fd561

SHA256
420ff946fe1eec8b3e1df9514747c565b2d49593f43778d9f087d2d8a95c6b9b

SHA512
2aeb155495cd8d3206d9a05ff0b24edcb5bf8ba091f5c144f0f4f10dfffdb69df8f3809a304d55df52e157d10c14a95e8e11d1054ed65581d0f944e91b026dca

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
d6f704c386cfcd6d840a3032541aadcc

SHA1
d1ed0245f413729c87f6eda5a4d0d763980d35a5

SHA256
9c48293ca1f591f87acdba9a198742e58c42e3e316f259531d76816ad8e7e27f

SHA512
5f30e1c8784f633f0b4543d2015311722eca783402db15e128c2ad95d6354f47b4550da82ff3ec50269d69b1b30516e2820f37ec174ab0d6646d1e45adce067a

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
4bef6948ba5bf761d7ae5ccd5f3df53d

SHA1
322fcec7c6042ec2fa2c33ecee4073adf670994d

SHA256
c87ace85190165c1b8d658697c1de9ae6ce79959788cb11b93f139cd7dc3f015

SHA512
4bbeeafc2559c68265440cbdfa4c3d5650bd74d835a018a7cae890db67974ad224874bc7ab70e148f4803d74a82421da08df170ac25011990203a5b12fe60e0d

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
d8d72c21ab8cbdb7fd17fb5ebbc75f47

SHA1
db5e957a31fb003b417e28df7e28c0956a608d86

SHA256
18524961957385a1ac83709ec5eda4cd559842ddaacb5904e25e0ced4e9a8b34

SHA512
fbd86afab34aef847611b5323a2a741c9867c13a98448316b2621646f1d1d1f9efdb917c6bb73e2a5076d4787a1e0726ead87320443919a8c5c5eafd467e8423

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
80b77b9702f51742838b681015bd97df

SHA1
4d69ffe5e7b31bebe4abd2b17ade3b98be646883

SHA256
cf94db7207e8ccdc77b3e17e309d84bd53db354205367f0767801d3e89c4a2ee

SHA512
e84f00dfcad2e30b5194aac1746640fef35da04067a6680be98cb5ac6ad942c01c090af81135a7e29ad30f7af39a5a311cdbfe2b327a29fffbae7e0c0262b3a4

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
f7d39df20e92f7c8f549e70cfd5fd340

SHA1
860a2f161e74d41ae7c4d0d4467a5272a115990d

SHA256
a44c3c190bfe92ae3a264b5b9c1010cc20a81fcdb0041ba3aa3b110df35ace67

SHA512
de178c57948662b2fd9ef2687d1c63f2ad560ff7e53d4e02fc1096f27a28b6fb3f5ac64c6c27f8407af3d0f55fd5eef7423f24ea374837c8ca1aa8efd697cbc2

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
19dfb13e5961d16a4ddc28805d9e27ca

SHA1
bb613d2c1a1a4afe3fda5552d8bb93317f1a2229

SHA256
dd1306a162df438006cf1ca34e9773f38b263d59a18056a6d78c6f36c4c4755e

SHA512
c15a7a469bf1b1e936510f75e8c8555af8da5cdf07b9b1b15e77c03fea9b8513cc5be0a7d349bfec9f3b781cbb6ca12daaeae73683892634593c97654d61bbb1

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
4689875aadff79ccd3884e91fc210206

SHA1
f6d2c974c79c51cb1da3497697952468e6cb45ee

SHA256
dc6e59d89c868acc15ed7e024362b927176db4285337a2ab00e3bce8d67abe92

SHA512
78790205241a49cacc21ccc0061bfe2a99aa799a6db284883f54f7d3ac09598663a5c4e921a310e48a7dc4332036a56330873b3372e4abf0f481d740bb0427bd

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
f7aeaf2114800d27eb9724b9097faa26

SHA1
c9d454e3e69bc7f9bccd88b8e5fb86887a981f61

SHA256
271ea2a5720242a730babe18b38823b3eb484dbcc2fc439587d4ae6024d2236b

SHA512
3a82403eeaf2fea020519a622ea6223c692b5fcbfee0f890cd0b60ab93a649746ed4fd9446dfc7fbc81972007175158ba2174edd4bebd0c7f6b41f1447c7e312

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
a2fe0a576b91930cb5c8de244ba4991a

SHA1
efe2bb378781a64f898f67eba474856fbaf16960

SHA256
124c4e3cc3b4e3f01c8547019f5cedbe25de0d9975ee5d2bca5978710139fc0e

SHA512
39acccfc39318fd27ee15c461585e0ae7168a39b9fdf3bcf8887501fc4ae0a5c651cf6ccac8f193dfd68055e2290f50efd3ea1d2984974241571f759a35ff95b

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
063595391b583e1295a8cde61bc074ab

SHA1
92057173a8b08635ff7cca957f80018ea480d6d5

SHA256
c795cdd745a61b84c643cedb99a528edfffc3e4a96ecde697e80c202f4bf9baf

SHA512
bebc219024e94cf639a3e797b4c94eb64673ff9754fc96c345d58266ba695a1cf67e2fd949413f5a5e6fc5c1f87a3112c518f7f1ba4df6bf956dca44f43675e9

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
9b54a02415fc5467fc5e4815f373c043

SHA1
e29b0356b19fa6d41bdacad1c9a1b9c13d22581e

SHA256
8aa7ae2ca8b16c317623942b2c4a4c48d3412e4c8312010fb8f542c109d6a240

SHA512
f0e2fadbc6709cba810d7588cf7be589b123d82a0d440ba608408e52130cb405321e9ac14989ef408cbee618f24c1450613882fac3fee96ef444307f36699b9f

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
ffc6ebcf58d97f72c804a84062823590

SHA1
d34d97895ab0fa1e18f62c948ea885190bc80eeb

SHA256
cd0200a68314969ceb2499ff456c285b9f688dcd651e47c72b73c0276f27f457

SHA512
d8cc1ddafb939b5c682ddf47f66b232dfdc8a087d138af4bb90606cdaa78977ddfe50a3817cdde501e2105b28815449caf73e5a4cafad89bb344ccbf770e3804

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
044cf4ca785fe4dbb016bf70420c2bf3

SHA1
f6fb8c85e1b8696a004b2d19bd6100e207730622

SHA256
0ffb7b8d0671ab2d33940bb88a9a393a4cafcdcb9a33bce5fa4799b154b8b807

SHA512
8cb77c6d424d904c431f394e07d93401923066428969e53bf5b99165d39d22937ae2b64fd7a9bba05e4256a1b1ac35a7dfc1ab3a0fee576cb042eac3b7413d7f

Download Submit
memory/448-161-0x0000000000CF0000-0x0000000000D50000-memory.dmp

Filesize
384KB

Download
memory/448-160-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/448-226-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/448-169-0x0000000000CF0000-0x0000000000D50000-memory.dmp

Filesize
384KB

Download
memory/492-217-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/492-490-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/492-491-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/492-227-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/796-13-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/796-143-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/796-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/796-19-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/1540-93-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1540-94-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/1540-101-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/1540-159-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1564-205-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1564-214-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/1564-485-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1944-7-0x0000000002450000-0x00000000024B7000-memory.dmp

Filesize
412KB

Download
memory/1944-1-0x0000000002450000-0x00000000024B7000-memory.dmp

Filesize
412KB

Download
memory/1944-6-0x0000000002450000-0x00000000024B7000-memory.dmp

Filesize
412KB

Download
memory/1944-331-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/1944-131-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/1944-0-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/2336-138-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2336-202-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2336-130-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2336-133-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2768-322-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2768-198-0x0000000000BB0000-0x0000000000C10000-memory.dmp

Filesize
384KB

Download
memory/2768-190-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/3100-239-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3100-174-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3100-184-0x00000000004E0000-0x0000000000540000-memory.dmp

Filesize
384KB

Download
memory/3216-496-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3216-244-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3216-324-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/4440-188-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4440-126-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/4440-117-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/4440-116-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4608-145-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4608-142-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/4608-157-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4608-154-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/4608-151-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/4840-241-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4840-232-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4840-495-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4932-203-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4972-125-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4972-121-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/4972-112-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/4972-106-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/4972-105-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download