dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
Size

1.8MB
MD5

0c414c744d93254cb1ae93770374aab9
SHA1

4afa2b6061fa2c48eae9858cd3dbb70c6ca1eae4
SHA256

dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db
SHA512

1ecbf203e558870bb5fed2425b3051357aedf5429f766237bc40e7d9cae3aa72767ddb314bc59781969b6c87b6f70d29ef474919b0a70a7a5677707b68332e78
SSDEEP

49152:Jx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAzgDUYmvFur31yAipQCtXxc0H:JvbjVkjjCAzJtU7dG1yfpVBlH

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 14 IoCs

pid	Process
1232	alg.exe
1652	DiagnosticsHub.StandardCollector.Service.exe
4404	fxssvc.exe
4424	elevation_service.exe
4624	elevation_service.exe
3444	maintenanceservice.exe
4220	msdtc.exe
760	OSE.EXE
2136	PerceptionSimulationService.exe
3064	perfhost.exe
3956	locator.exe
3168	SensorDataService.exe
4684	snmptrap.exe
1980	spectrum.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 29 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\fxssvc.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\spectrum.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\System32\alg.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\spectrum.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\system32\locator.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\d94990948fd48cb4.bin	alg.exe
File opened for modification	C:\Windows\System32\msdtc.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\system32\spectrum.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM515C.tmp\goopdateres_iw.dll	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_115765\java.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM515C.tmp\goopdateres_zh-TW.dll	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM515C.tmp\goopdateres_uk.dll	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM515C.tmp\goopdateres_zh-CN.dll	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM515C.tmp\goopdateres_ar.dll	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM515C.tmp\goopdateres_sk.dll	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM515C.tmp\goopdateres_cs.dll	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM515C.tmp\goopdateres_it.dll	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM515C.tmp\goopdateres_ta.dll	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM515C.tmp\goopdateres_ko.dll	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_115765\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1652	DiagnosticsHub.StandardCollector.Service.exe
1652	DiagnosticsHub.StandardCollector.Service.exe
1652	DiagnosticsHub.StandardCollector.Service.exe
1652	DiagnosticsHub.StandardCollector.Service.exe
1652	DiagnosticsHub.StandardCollector.Service.exe
1652	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
684	Process not Found
684	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3580	dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
Token: SeAuditPrivilege	4404	fxssvc.exe
Token: SeDebugPrivilege	1232	alg.exe
Token: SeDebugPrivilege	1232	alg.exe
Token: SeDebugPrivilege	1232	alg.exe
Token: SeDebugPrivilege	1652	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe
"C:\Users\Admin\AppData\Local\Temp\dca1ed2a5774ae9122df793777cdf36931fe98a3cb062235efa8b36b6d33b4db.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3580

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1232

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1652

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:892

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4404

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4624

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3444

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4220

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:760

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2136

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3064

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3956

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3168

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4684

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
30aad9d6722982aee08d352a1cc16168

SHA1
bc9e0f192954540878fc9ba6fd0849fbd6fa04f1

SHA256
d0f08cc90158762142a091c773a71f6b7990a5d6d9c8abb2ac78a9655f150f7c

SHA512
d043c47a2e9f8d5fc817c05b824f4da51e06e5a0f78d2938f321d11eeb0039e7dd597779662652f1114fe2674dbee9e87c6f6ae9c48b132215c7a7b68ac47275

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
1e043815747fa9c247a2c33e49833a10

SHA1
50d794e2a28d40137501d6d98fad0f7f28879ffb

SHA256
4e34ef6b7051e81796f21fc3e2bf794a7069bf08b1b16e5ad0682f34b5d77c3d

SHA512
34f8059b9af92b3f4116b7c9a7b21a53f3e24b2c2ff35974d81e1ba9a50356a5edd4b94269d333638dd6969de8ecb0e8aa573801d2a95d3c9ca3a808bf521b9f

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
43668b6a83f8a82690094e8b2f0495d1

SHA1
2172d561bd87ba22583821473fd6117fa8be375a

SHA256
a6598b715599e05dc13f10f98b193f77d55262a48694bac15144b076d07253a6

SHA512
b08404c75b0f24a66567cfa1a1d01cb4d1c9d21347a3f469beedeea53b3c5434c8ebee276d8cc8140b61cc805b18e5e58ba10ea574a2d8c86963bd4585e1b371

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
53bf5c16499bb8df792fbde4a593b107

SHA1
284a4fb0ec94fd4447cb341ed6eee4d2c14f36c6

SHA256
dd6e2564e689b95c9a59f6b5ac803321d19c5bd6481107a6a44052d25d22c799

SHA512
2ede8f6d37778a340cc6de464f689edc37a77678b20d4f58f8a7c81163204da222736ce0cfe088a6c8a09fd17fdca906c4c547220c842e23a537c953eda3cb66

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
e397d7d8fd42c6f0d577087796f8516e

SHA1
67f5ca8fac04d415aeb5d84e4bdb3c8afaa20fcc

SHA256
3381f94ba09659351a3a9e6ae9162084f94561d197605ba2995012c54f49d5d3

SHA512
d5f466fb64a05838158ec728d05ec1248559711daadd65dc081b3b705d505eef519b2336dc785246d03bc70c2c1414eed76692f6542ffe8d2e8bacdc97cecd31

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
4c7be9a26bbbe990f56d8f969fb6661e

SHA1
bdeac94e6fffb52f27320a96b9ce35a0c7cdea63

SHA256
f7ed283ca34804dde2bfcf3a72214bf6d6932127d370155d77de0fce8fc5b02a

SHA512
d841f1841d1814953f7341bde67234c81db3404c75d441d8cf439e71b9e7b8eddefb2beeeac47d5439e6c531fd8bb6d712063ab504e0c38840583b3943c24b8f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
3ace3c59f45b2ec4f8ab87d054f1cdc6

SHA1
71036db0d888d8af6b783803fcebbfab10ef04bb

SHA256
140ce336e7a4e4300ef696d941ce1e46579f88e64c37c88ce217f4b3a004d8a3

SHA512
205d64ed3239c371cb2b16b69846254219d014c615b5ebd8594c19878c33eaa96febbefbc1cae945063804173ad0b94d84a14b3cfe9cfa0b1bdab62ccf6e8833

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
e62deb41a94790e67150db4686e0763b

SHA1
e7ce1e5fe1466d1bd8ae75be0e05337bc95d3267

SHA256
d0d47927738d24ca235851f0baeab3430885f28b71e9ec1a41d055e558269e95

SHA512
9a2a1fb1747278064d2840aa208ede6126b3d895f856e8ef4110f423239a5a597487c7d0ad094578876e2809e803533858837f964074de37f008ad8a8d447747

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
ea5f6510e6acd56e84d8d479bd66320a

SHA1
5c25e805758fe6ec9a83891be980c4fecb1598c7

SHA256
bd67e10b52586f6a9bd6bd3b9cccc48e75c33aa8d2299ec626c65fb510068b90

SHA512
61354db5cca37e446c3622ac4f1afa8a00ed352fc0eab9801179ac642cf559a47e56efac59ca22dcb79265086f96f46a6f2ec121ab81ad451de9985aa0fc1b5a

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
abcbf42952a8a44238003b9f6c6ff679

SHA1
a898f72596bc46d89b736c162664c30b76a08f3d

SHA256
8fc2b9a522245f2cadf13156439572f89dbf8d3a737f8412e4fd8e3f977321e0

SHA512
4019e6117663f511ea4adce1914dd496d5d71157f0f5219d559f3e269ca827b8733b4b7649aaa62e9e40e30a366b59e467c6a0780201ffea64af0fe94a6d8220

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
d225699dcc6d9536cd9e18e4e0737553

SHA1
c917cebd04d4000cb303e36abd7bfd7d8fa43031

SHA256
67ae74bbee0979e1023b60a3cafe2208f3844935aa28f28fa39d778b8da6dc3f

SHA512
6c072f63f2da7b85a6cb4bb861631bba4584cbb7c781c225109cf256791d147bc38429fc8e23045a57b43e980303b7d7e1e5d08e2055ac05d432ebc48f1a7902

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
a46cda42b189f4de6b33db30eb004f67

SHA1
5b1deb10e3595f9330bd3024f468344ff904a61c

SHA256
16cba0b55467cf52e6a2bd425ba782a604faf93b241886e72bc14fdc0b8c99c0

SHA512
5f0ee4640e9b974d47f969b5673f67821555180c9514e6077fc81575a4c33f4c0f9c5f4fe7f9bde621691792ecc9b582dda032bba93385418942f4961c50c652

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
40901a01aaef67741a798f607676edd2

SHA1
b447a414e904c0f343b3cb95b6253e1cf7655349

SHA256
d8e70e95fb009688991ed6507dcfa3264dc862e579ed885c80ad853d9534d1fe

SHA512
5024dd4d9a6b079a93a88916af10c8ee665b7fe65e994d74fff291bae24162384f816a9e93d1044a97ffdb5aa6e0a4aae96d00f59c1ee19c0d986ba073c9b709

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
6b3612d9c0b92b9a5809e98b95c01592

SHA1
690a85c1e22bd0b1ff8fa64c2b8b07c2063edb39

SHA256
acfac35ce962dda1017d097b5c14cc7d626c853539d4475cf41d9149ae42b616

SHA512
df79637de28ba942448d02fdd64c2938579d6f23ffbddf6412f1cf6ed91c37b4dbe420af2e158c24a5b2a65b7b47132c7f0fc36faf7d9c89ad0d9a1525953c41

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
149148e10f4282c444694d2b50b5db54

SHA1
49224b5d22f4695ee5476e926cfd9dede60b6715

SHA256
c9f12e46e32f6d01312ccc1373240384beb0bb38688ab9c8f46926e4cdb3a6dd

SHA512
9d37504de389215444bd77151c1b4f381917d11a1b2a3a3c5d856870af866452305c6fd7a83b9f2f8c3f920f44192f8bd5c0e7486be04b6d6409c8b7b12d1075

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
ae7b8a72215e07f5839710263ac8e5ac

SHA1
dd0a3233d227e7e69abe1937ebb83d4e3db3ae27

SHA256
98250a057f0a0b382e27b0d6aaa0ecd3585b673c780e77ea1e076078450e766f

SHA512
ba56afafc09773a2621701543fcec22492d27fa004184bf5ab6af164966a826ea1d90dc6b5124f13777cf1a58d51b47d3fdc0009d5236e4f16b384c2c256abbb

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
7b124fc226be150fdc7f59ee923dfa51

SHA1
e608fc57f958c48fd7d76b6eda06a53d159cf6db

SHA256
df4c902f924c7579646323a2d96590d9c39b603af716cadea6066390db499160

SHA512
b8bc2ecf42c32e09117c1f62848c99774137511072fa0988ee3f3575f26bd5569ee8429b31a2fb684c29d49656b2f12e15c11af45cc46be9809204b2bf5fefe2

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
49bbf9fe0ce9474b7a82c07774697d00

SHA1
af1ab349fc6d09633fd2116c86596226b56f5abe

SHA256
433f9149c393fcc81b5ca4649fea690e127ea742c7a323e1093bd2f5ba6b00b1

SHA512
b4962db9374bf00694f91fff87d904b83e365629f6babd08d803fde3b48193345ef2356f46cf0e2d3b43a7d57bc23037a013267703ce1c0b629cf8f9072a2b71

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
6e63184c95b5941ac24d79cd9643a0e4

SHA1
2658ece4afa85bca3ea300101a3b1cc2dcc9421c

SHA256
06436d59a97c55889248bd5739fc5b959766cb4c2bb9b3ebebbbc024855f8a80

SHA512
edab451fd6393f401646390803d161faa579d8b4605e35e65027f67c32c5f5e812e06eac7b3c1094398f7e0dbf28ddf20e1aae22c37f7cb2d88879adb771ddf8

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
da2236635d8283aef5270a6250de6cb7

SHA1
8fccd4219ea6272841536fd4bbda4c3e5b82d00f

SHA256
871fe8144597733c9fa87507be7a87e92a9a5e073174cafc138f3e071030645a

SHA512
23056addf5a94a1bb29b22a9bac47a4adf4e431f034e59f1dfc22700ee9148fdabbd1740c050c1bf669e52248259cf9e6cf5f136e040797aacfedf4a7faf900d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
73d2b2e2e27392b12f512bbee703b0f8

SHA1
68a47db4eb445596be0a476a8b7982ab99c41186

SHA256
cffea2f32e6615bdf0d955cbd664b009fb8a8ba7802429794f0c9e54fba1b2f4

SHA512
d13b00ac2d95c5264abfa178f27c98ac152dacc813df8a50f9d8e8a827efcc8d016a68c55984d0ee7b09b92019e1382424e2551728e84c957d16043494b1f2be

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
62dd14c1763e4c116613216869d4aca7

SHA1
2d945b71dc2ed8d4be92099381bff6a25efe01d2

SHA256
001f3f388f1aa866ed7069278ea768d179ffaf4ad0c164a39dd58d02f513f8f9

SHA512
15239f97c788b063815e4fec2024c8d46752b0ada20445175102430fa381ff92d95c63bc310b067242c002f5ac4d782fcfa1fa822588715549c485a3571414ef

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
fba783aab6984aa0320ef3f4ddeea26b

SHA1
d10a413ba6caffd9e64b97943134ebb4119eca8d

SHA256
7276bea06c22ad1a6174ba18018492bf5f024df890784765efd04f576b62319d

SHA512
1c12aaa6b60c280d57b6502cfdd887d53bba8a6e560831363aec6f5ca654e6b911a40e03cf08cc06c949af32ba0df783418f036404b8804feb3cd7aae9a80f6d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
f3a7fc39dd3a0c9343d99cf31c84364f

SHA1
7b29b91051205f21bd71a733f572185f65e3fe71

SHA256
017a24a32a76585ad725aa0bfa7b784a5664ff04539c532268169e298c953cb6

SHA512
1db97a931b3b4eed9291b6c0f68f3ae5cbf31ac211a1ba06c098444f5da139f253b6c0a9e666dd6e4e62108dcc861c09786454b9e02ddfd1d2d6991a4fd50f88

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
6e5dcbe5657e66b00c08d4437df9d33a

SHA1
25f1f7edd0f5366e625477996c305b86ae243a88

SHA256
ff844c0137c837c118a60c235ddbbdca3ea11fd0abf9b7ca54ae9bcd8116a757

SHA512
de153ffae773133928ef658bde692e278944af8f4fc88b2232a1621599c9ab9461c0c7896d94af450ee9ce7df84e7397c68760db25f863e818ef049b3bf6ebb2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
13e6e886d4263b38dd23b2ca8fcdc4de

SHA1
1f48b5773aac1c55a64b6c6ddcbdfccd7fe74950

SHA256
1047113ea5871ceed0777b5491188d4aa9284fd06dbd5031dc180e43c67842d7

SHA512
fd6ee175f76833aed04c0985a526bfa24dee17baea30d327a433da2e874e700153bfa63831b59b4e8919d15651bd9e3a39a1c35027174f0d8749babdf0dd8af6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
8b3239425eebaabc83717c9ffae75c3b

SHA1
fce16993c23fb5d6bded0302d7f4403ca90548c9

SHA256
3eaaa3b367219ba1f741fa742dd8d302bef0d8a0ef6121462c45a04e3619078d

SHA512
7d1610655bd26d1f88fdcdb87b72ae1519f0b7a964df4edc9b4966fe088d5d25a22dac363878042c0943a8b27d47b4ab446e1f302e07873543b034f321f025ad

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
2e7fda10509b018d84d48cceaa10c9ad

SHA1
2aa53c9b8403565e4b726bdab479d5c856c224b5

SHA256
38531acfe8e65bb00192422d0caa6a2d8adb752929621f4d79638aad77528ca4

SHA512
c95021ee3953cc3c9d8bc75ca71cbf47fe438bd20f34605ac80b11cb6193d1615914e8317459d2a765bd56e7a0ebaf48d4ccf7df2ad580d1f1c364bfdc6f0f75

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
c7a78b19ac2307b98227de2bf036adcc

SHA1
70e8ec7060869d46454c01141b6fe73a00661731

SHA256
a8fcf5c4049e6b10b7e492a8a47dd7d488a2ed8ac10847723b5b368e3e401fb7

SHA512
51c65daa557c97effa231314b9aae338cfe1cb68deb10a06641c2b59f95f3cb82d9b9a8e6e704aead2cd8b3a85496d1fc93b9395f74a79c96c6469736ef450d7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
60890d7c0dc2a72f50e280488b60101f

SHA1
595c783a178282960eecaf750f9a47c978c8091c

SHA256
7476f1aacb67b3e019053fd88865132127cf69b04196fa1d6a8ba5c648e1f275

SHA512
0f7a153eef9e3a72035940a695938ddf168f4f67285aa23aca94acee996809bbd096bf4c5d9082accc89def2905445cb8d6b21bc232a2b2721b012e0b37db35a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
344a8c441e17a674d4f6e675059ed34c

SHA1
bd857858780c4ccdc58202e95bdffd66d29e14c9

SHA256
760464c9c7c7686a001b2bea61a6abd2ab146c934facc0482937cf7dda1b9194

SHA512
8feb9043ec607f04ce605a7d5918bee34dbecc717a400607d65ab62aadfd67fd6a85fc5f09df120b640d97dedbebabf895e382a2e47344c72622dc72914c1551

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
c64ccdeef661001512672ef0741c5125

SHA1
dbd08c02b512fe044c06d3179e5b77a9e5111f0f

SHA256
6b7d09e95c2818c09df287b6f380bbfac09b9f47fa8e39c63491b76d32e53a42

SHA512
bbf08a83fd68d6632a0cd88a0296548701922614e2947c8d4dd4f6917a139a07fcf8125b3110344007f00efde06d0a0e2e0ca8b439f763fea35eca5b71584946

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
8e6006fd6b0ba7fa3e166e8d725da37d

SHA1
fdc626d42924fed83859452f0383aab0fa332bb3

SHA256
b7c6848e0315409e43d57752347e6390e763c885e7debb13a15f3accc33c66a6

SHA512
a17f689792a4d3c9a024ddb085ba0d950b8edf7443e988fe35a9f1e9e372798ca6684ed620466a86b9f7eefee54ec8ea83ac5be8fdef737584cf4405d771b06c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
8490803dede2732980a927e78f27296f

SHA1
99bc67f153567c236ed0bcb521c62bf504b15567

SHA256
71a31c3e926a0981193686ca7c12a0e29a3120c0e787f5b6fc61c85075bb137a

SHA512
2609364b17e81aa327b969fcb5237c08a39edbd75a14183942d02c529495134f7888658fad00019a64a9526b075447e757546d1d1cfa27a3f2fb7290d6935361

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
ac81b517e385124dec848286934db6e0

SHA1
215335ad66fa15f77cb8dcf43f7d20a4c2b1f7dc

SHA256
6951566b80deb96c95425be5167fe16eb116bd14f1d0d0f22fb5e3a02815c5da

SHA512
dd10e14c7f3de3908245e187e8abdfb735e32c100a844909edb1730b051e0ae5e8721de719625e443daa9237ae1159dae5bae02c212f9ad987bb8531f070a841

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
36d5793a92f46a8cecc356e1d9b694fb

SHA1
09a32b00adc1a7f15bb1c194e14ad9a517ab5dad

SHA256
52d185344487226abf3635aaf937aa4f3e0e7f5aa2966dc0e4d33717d16ce8db

SHA512
26eb52f5990d58f5f87230bcce5690c513580ef356db8d77a89ced40982640e648aafb6c9d9730214573cc8a6d2df476d20f65a50fc50309c22d28c97059534b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
7c2f08e384d5debd965af755772ab0b5

SHA1
77a0c0d8103bd496a21cde4400be64db4ceed12a

SHA256
8fa8bdf8617931f0d41ae1e6f22f0e3a4fa2fff8b75a3d19f1cee3f4b2193ff5

SHA512
a43b0aea3d81e959e4ad2f3b4b61aa57b6b813b2bc891678a79b4ce40232e7fa549fdb0bf5d5cec8c44654ad0221c05169dd7213bea31fd87f4545c9769ea21c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
89c802cfec835314f8398c897f08c1fe

SHA1
03b5f4275864b6fbadccaff8201a3336a02e9e6a

SHA256
3887a07d4fb5701660a4f186294cd9e099dd37baf23e0fce4b213459cead8969

SHA512
1ead3691ac58f6b42f0ccf059762d5d5d8650f5623a732d65f1a18027bb680712968f24b1abf105fa879e091eeb0ef695f9662abc47c4acf21fbff887713673f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
03a8d0bf127e339b88eebc96ee7e1287

SHA1
abb1b1021516aab406ed9aadd5f8211144eae75b

SHA256
3c0f7baab084f1e1bbb8500b0963471e73ae91aa8fef431396741115941c6e2d

SHA512
58b4c6b158e6ecad6ed18d7916bc68b376b3631b6a261af50c6265acf91b9e9d37a45c885b981d34c9a93f381bf6eed17c7335aedbb630f3b5d47ae63f0c330b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
2446ffb2840dd512646c92194aa71c4c

SHA1
3393c9a066ead3902dfdfa6bcdca443984643fd7

SHA256
5e692271b4417b88b96e24d0a881ef1e98db260529f366651616ed306c0451bc

SHA512
e8fab1a330ffb661997cee2d7bf3c9f4d622a4c2f6f1f553065220269dbea21f1267b6dc165f35cfcea89d3dd93a091f92430562fb34af069b03467c8f327bd0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
358c578c76ea12ac4ea4c05f6e9fe4c1

SHA1
1b6d8a4ddfe7438903b4431ce4e91df03edbd105

SHA256
74a0f4a03df9cb3ec954e13a0c234c228f1df02761dca4551406e58006214d2d

SHA512
6f20e6b4826ec607bfc439eab9aae1ccbc8bbb6ba2e567ba5faf2de13ccdc10d8290e9d0d7e3b7b2a620ed00e181e4c21f55d69e47dcffe63e6e6fc2e481d9c3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
9b07ff3bae5153a8f6135fa006052560

SHA1
3afbc3d477810c2e4706a430103b80b5bda9164f

SHA256
1adf8fc1a83461d13d2181e0768b51a398944374203a55590ebecdc250629244

SHA512
978589d879575d0cb53990d30035cfb3ccad2ede6c70927568a2018f47e48b394cfc20536633856a753fa2933b96dc783d0cb6c1342facdb2d686f7080c2ea54

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
8d9d45b9eaa30bdef3fd06fc61840398

SHA1
1e02d06bb61175e8bec7962cbba34c724a7e4b69

SHA256
0b92dd3336d74ccaba8a73dd056957ebee8130719fe227a348ff8089875c1dec

SHA512
90a83905f47d7d62945dcaf5d7341beefadbcaf637a1dd60429ab4cfd5ffb75f4155d9be1ec1bd39ddc2a50ffd876feb0e382752e6fbb62dc47729938ce5be09

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
581KB

MD5
dcf09c0fcf584ad2a9ca0efc1ff6f4c6

SHA1
3e08429cbfe8d1d6cd61277db8af6ab440751d46

SHA256
ea8973d2c1a805753834107097b168faa8e8f9343bb0b1d38020809e3bd61af6

SHA512
3664ed96a6e9972f740e2f1ec5d4ed50091b425280854557284f35705855610bf006470820145cfd441433337dfb504cb8e887acd068914028a3c790498d266d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
581KB

MD5
88e92f38fbd34517e0fadea69cd3bb66

SHA1
79fd239feedf6ec72cef6c90249155fab26d6392

SHA256
9b26d02ae084e0976e6f6db41813f9d4ce7247c1ac2d7a18a03c87ed8360d905

SHA512
55bfe91e6cd03bc0e08556db10296c34055730ecd7e2a7ef524eac588bb61ac932a6327e99b4f4f0dfa37024db345389effbc71a7dcf53a2524bde496aa99926

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
581KB

MD5
4fe7f23dbb8b29ca31df4628b59de072

SHA1
3541e5617bac56cd88a886af26be1767bf987aae

SHA256
9f940fe42935110bec6773d4d71d786fa0c4f4ae45e7834c445d1edcccffdaea

SHA512
cfa8a0823d2cebaaf0853f1bdd336a193c06ff455c050dacd6b62aa9473a37fe7bcb67401f6153d34d0d2a8011e21974ea34d5724b50f3821e65ac0ac4e5d500

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
581KB

MD5
680e9431aabbd302cd07800636b6ce88

SHA1
80723d6df207e57a4b8473eae0c8122b05785866

SHA256
458d36694ece853b3fc73b7921d4aa14b9f208672e1da773b58123d7bac83d6a

SHA512
a046caae9e81eed5012491525e3998dd0ebff2332845ecc6e2f53fe268b5e5ca328c9dcc5b7afb5636b5587cc2fa0259a49ab99b2a9f8c1e87e8e5c772d572c1

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
d23cb97740731483c01ddd52fce73f01

SHA1
925c72a30c4b7ca3d85fe378dfe483cafb33a56e

SHA256
103156b6ca63a1f87d54025844aed1958a3691133d02cb27755b2226ce7828be

SHA512
d7de10229b247c531a10ef5bb9e61e85cc0c938f6be59f84ea3a42b58912f21b082c0a845701f696ec4ebe685ea556f6cdb1c42224f6441299e5ed49cf9de419

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
8c2de93c004bc764b992ebe056453a7d

SHA1
6d8e0b3b9f21dd13ecd64175d18019ee61e00fc4

SHA256
2c1defac41896bf5976467b010f57c524c9ee1fb1e71bedaf43601ec316c0707

SHA512
09d3cbe4f76b3122529d2b3bd8638c3aa21b4c539758f4e35e3899320cd96bca5f1542aaf2cdffae6d05dfc5d2929f11cb893740bcf79569221120a5fec98505

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
7c6d93cc1a1e461b001811a24f813ae4

SHA1
d70e349e76a588694792ca722dd210c9ade16246

SHA256
3c5df6656ba8f8c0939901350bc722cb57c140a9553eb0ae95d1fa3a72d3395a

SHA512
96b398cb0e6523ca2372c7ec97bda4880c72a568d73dc3cb09c70294e6a20fd2b883a1ea740f1c28e92b4a241c812e983aaf0d56005928b96ce9ce2faad99f68

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
5f8d8dc155ddce08e78ad51c4e9b5940

SHA1
97a34d840af026903581eb9b6c28144e59371fc4

SHA256
caf3b6956d6319c2a3d97dbc0f3fadf1737cce744ee26db9f29edc255fd6ad43

SHA512
720d8c6718e7b10517681cc7aabe8e5db85e24d96eb1ee52674eb71f54d778adc0a5a390f8459275b7913ab513e01bc44a7a323ce18e314b5be5deab98c9adbf

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
1051b2ba2e63117f3e4268248970e6a3

SHA1
90c4098556388d3923f4a04ffba3c6f2cce22e81

SHA256
0a14d135393d21410848741ac9cef9cacf672fb8933652444f48b0c19ae8ed93

SHA512
44a2f00c10ca45f4718c56ca5b316ea5cba1eacb029c2b7abd51e5d360d8016c4be2c488cb011a32e0562a47668e65e6396ee66e0d432bb4bf4c1d772f85e365

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
75ad8cb81f4ea2ed87e21760dabc3758

SHA1
55332261b57ce730e7687b2a6f8d7b6a6c5c2bb5

SHA256
1bed2fd1527a8f5e50dc2be60427abe05c261453898304131fe80a04d3fcec8a

SHA512
0c67f7a2c70b2e43744a918a4a89c756ea3aeee299333e95955f6a49878e4e1f77ee2be7211927a448ce033809044fbfd99848c86da57b53b7273e8f0f0b2dfc

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
df523ac4f09cfb63c20123c1bb061d8d

SHA1
8ab79c43d9d741689a56c75f17c6fa49e2f50cb2

SHA256
f8320c3ebbd932047f6824431a16f6071cca5444ce08429df0112fad4e4fdbdd

SHA512
a4c48a468a2a04f48d528d9b635c270b434e87d37829a94c23ff93f53afe5b0cdc87e2ae88312d56bed7ffe75f1cd05a6a77270dc1e3d2138ecd060c5a74cd4b

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
e514d598e53935100811b7bdbbdaa953

SHA1
1c1694529baef04c324159d55fc8f6f93680b629

SHA256
d58bd5adbcf70e7a6cfe693bcb3a42683ff867b261db587cf4ffaba110a11607

SHA512
dc130737b1e153ce1ad8faf947787c7920c188821e5064103fb81cbf1bb395f348bb94a62de8a626f5985ad78a5dde578209ba39393a4980bc217822cc4f981a

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
38e00a6e75f4a16372a3aaa2bf34cbbe

SHA1
5e86b44fa8c872daf8f65df45543856891499e30

SHA256
8ab6703a9f63f665a1cc70fe501601e7f2d1b4fb5a7e768bd7dd3e1b8dce8fec

SHA512
5f422b7dadfb3bb2fe802250af25cc245043aa0df9d1baf20a09154a991cb37f55d71d5460c017e136a93806125fa6747bc1cf3486c5afc08c12050b4c8e1ae3

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
54f5a10b312300096b7b37e00f1283a8

SHA1
040fb291e60731c0575962751750267eeb689021

SHA256
03ad890551a0e009a10ae532cdc5b5aec51985467b5d6a09607bb994baae8233

SHA512
d28180c55d0c33eee5d6863289543578b196097c78774bb67bf1fb41a3d9151af98d350934ecd30ab83e424de67c138c340f6850ffb5818fcfd481225b12c5e9

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
d80b6c98f3efec08d11f94157918d00e

SHA1
95ba5b92ad02c71b930f0fb9e1351a7b5dfc6974

SHA256
751aa94488009d98cafc72f74f3408de8a872b85f58a5cf54b423049911ac5d8

SHA512
64ddef1d9b57215a040dad42f5ffc3c7afb3da97bf0c180165fcec30e67345f200051dbb127b279e5cff7e64df616011ce721238b6f800544b894200457c250b

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
8de2eae39187d4dff3ce2d8c9a30dcec

SHA1
b0f8d21c9efb0be9a17effd87df66593a3a46371

SHA256
080232535bb7ff5f2542748ca3b971a99474523e0c0701f2f6bf8f7354901ab9

SHA512
2c75412c103ea1a324ef8dd7f207ca7fe865fe30b5bcb18ddab7b2afbaaef9cb7e0f8dc7da27ffaf435acee5304202278ec0bd27ee97f68ec26e3b8b9ce265a0

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
11d72f3a398fdd90493c01c6139e65e9

SHA1
33c4f5282168229d60c60db842a0ec1381da1c1b

SHA256
784c44766d7c537db21e3a923c117b10181b5b1ea19bb23a5ed002bff62858ba

SHA512
694715dfb8eb713ba468093a2e387393d3aa8897099c459766b11ae076296065fc0ad3bc2543a059b2d697305d8e2e7720d56ae8e5717a72a7e5b2f6a92fc3f6

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
95cd7e471f60c436a2e4863dd80c7209

SHA1
7fae42ab09f3f890da927ec2a644fb448e3b3305

SHA256
31f5f12f6754365edaf0f99d3fcd233b1c96ce8918a26fb32dca38c49ba5ed76

SHA512
59735a910c4ed84efa378556bf1ab45e35f5404216b5779875b5c0706a9c6f802a76cbb87f0e4300d5df2e5f8c937ee76c582773575a1600f2942ef2d33f372e

Download Submit
memory/760-183-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/760-237-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/760-171-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1232-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1232-13-0x00000000007A0000-0x0000000000800000-memory.dmp

Filesize
384KB

Download
memory/1232-19-0x00000000007A0000-0x0000000000800000-memory.dmp

Filesize
384KB

Download
memory/1232-141-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1652-157-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1652-100-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/1652-94-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/1652-93-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1980-506-0x0000000000660000-0x00000000006C0000-memory.dmp

Filesize
384KB

Download
memory/1980-555-0x0000000000660000-0x00000000006C0000-memory.dmp

Filesize
384KB

Download
memory/1980-554-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1980-498-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2136-444-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2136-188-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2136-195-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/3064-483-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3064-200-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3064-208-0x0000000000570000-0x00000000005D7000-memory.dmp

Filesize
412KB

Download
memory/3168-487-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3168-232-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/3168-488-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/3168-225-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3444-144-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3444-142-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3444-152-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3444-149-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3444-154-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3580-1-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/3580-130-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/3580-6-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/3580-7-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/3580-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/3580-322-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/3956-220-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/3956-211-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/3956-489-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4220-223-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4220-158-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4220-159-0x0000000000DA0000-0x0000000000E00000-memory.dmp

Filesize
384KB

Download
memory/4220-167-0x0000000000DA0000-0x0000000000E00000-memory.dmp

Filesize
384KB

Download
memory/4404-105-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/4404-104-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4404-111-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/4404-116-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4404-114-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/4424-119-0x0000000000CB0000-0x0000000000D10000-memory.dmp

Filesize
384KB

Download
memory/4424-125-0x0000000000CB0000-0x0000000000D10000-memory.dmp

Filesize
384KB

Download
memory/4424-118-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4424-186-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4624-129-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4624-131-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4624-137-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4624-199-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4684-492-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4684-240-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4684-316-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download