b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
Size

1.8MB
MD5

114953542caf35a0203472b96d629801
SHA1

e0ce6437697e71274c27692d77a1de7520a606a5
SHA256

b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7
SHA512

501e9310210b41c2c9b546561f40832f6ab412b0c4f89735bc18c17ad43a67d4521d4d21b040790c2d905c35a86615b3feafcf3c34ca2d84064bc7977d95e0a9
SSDEEP

49152:vKJ0WR7AFPyyiSruXKpk3WFDL9zxnS2/i3da1YS6ozB:vKlBAFPydSS6W6X9ln9/iyB

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 20 IoCs

pid	Process
3288	alg.exe
3900	DiagnosticsHub.StandardCollector.Service.exe
3284	fxssvc.exe
1560	elevation_service.exe
1720	elevation_service.exe
4880	maintenanceservice.exe
668	msdtc.exe
536	OSE.EXE
4308	PerceptionSimulationService.exe
3228	perfhost.exe
3136	locator.exe
2380	SensorDataService.exe
1872	snmptrap.exe
1436	spectrum.exe
3320	ssh-agent.exe
4760	TieringEngineService.exe
472	AgentService.exe
4740	vds.exe
5056	vssvc.exe
2800	wbengine.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 35 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\wbengine.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\72191512fc7bedf8.bin	alg.exe
File opened for modification	C:\Windows\system32\locator.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\AgentService.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\msiexec.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\System32\vds.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\dllhost.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\vssvc.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\spectrum.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\System32\msdtc.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\goopdateres_ms.dll	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\goopdateres_sr.dll	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\goopdateres_pt-BR.dll	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_89187\javaws.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\goopdateres_et.dll	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\GoogleUpdateComRegisterShell64.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\goopdateres_sw.dll	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\GoogleUpdate.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\goopdateres_ar.dll	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\goopdateres_ml.dll	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\psmachine.dll	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\goopdateres_ru.dll	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM9D88.tmp\goopdateres_nl.dll	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3900	DiagnosticsHub.StandardCollector.Service.exe
3900	DiagnosticsHub.StandardCollector.Service.exe
3900	DiagnosticsHub.StandardCollector.Service.exe
3900	DiagnosticsHub.StandardCollector.Service.exe
3900	DiagnosticsHub.StandardCollector.Service.exe
3900	DiagnosticsHub.StandardCollector.Service.exe
3900	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4500	b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
Token: SeAuditPrivilege	3284	fxssvc.exe
Token: SeRestorePrivilege	4760	TieringEngineService.exe
Token: SeManageVolumePrivilege	4760	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	472	AgentService.exe
Token: SeBackupPrivilege	5056	vssvc.exe
Token: SeRestorePrivilege	5056	vssvc.exe
Token: SeAuditPrivilege	5056	vssvc.exe
Token: SeBackupPrivilege	2800	wbengine.exe
Token: SeRestorePrivilege	2800	wbengine.exe
Token: SeSecurityPrivilege	2800	wbengine.exe
Token: SeDebugPrivilege	3288	alg.exe
Token: SeDebugPrivilege	3288	alg.exe
Token: SeDebugPrivilege	3288	alg.exe
Token: SeDebugPrivilege	3900	DiagnosticsHub.StandardCollector.Service.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe
"C:\Users\Admin\AppData\Local\Temp\b90389dcfec22b25f16a7a3f13738b21894266e4493fd6be5726bc44531fd3a7.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4500

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3288

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3900

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4704

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3284

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1720

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4880

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:668

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:536

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4308

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3228

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3136

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2380

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1872

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1436

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:3320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:3284

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4760

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:472

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:4740

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5056

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
7b2ab98746084f1d61e3d0b806e1519d

SHA1
ab793e4d80f59bfddbedb355d22ecd06df6fc869

SHA256
87831777e373211e1e291176e94e8f8267ac002aaf1efc772d7ae001d5416f12

SHA512
fe05c175c6ca05eb5e8fc9c5c281be1851442d206a0c18551d7e230f9bba5193339d6a0686e731fad0ee39a38c9a3bd2af228d9629d93b5920ce87e2a1355618

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
b86876121606392ad1c7b7ae717cfe33

SHA1
883d1b68624ef6064fe09bde04c6436bf98e57bb

SHA256
65ab0d5a5bfdbaa3cc97548f670bd877e8c0490f6accc5a30754132365a0135f

SHA512
ea201a3a5098622b2ceea07a877ecd6dc26fb76e2dfc946873bb5b9b0b8b0170b1b87fb3a4e79db64daccada2cf5d6918aec4bb398ebc15f207b2fc11bd564a5

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
83099ff263ad88ab6bb0409478316af0

SHA1
65b6469b5b805c83a0ae3056e9a84cba0c034079

SHA256
5fa698d6c190d7e04b0bd73dc9718264412f6081b9d9de67a4363451a8877496

SHA512
d49b95756aac8e8da09717fd0148f58b4ba9da63e3b83125729f031019a1e9152ed5d3a6654cfcf42f33b853a41dd668d1fedf5466ead37f1534be7721194a01

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
285858532ace5b7ed1c33d39bb4a0628

SHA1
2bc7fca1afc7daa54d9607247c9abd6e5b3367af

SHA256
4cb65d788733444cd875e25e0a857d9a013fb69069d4a6e61fa6984ff20ff5ad

SHA512
0f4853a40d3812aba2c749bcbdc3e97822f5b716a763db035c37bb96d2c4e9d3025bb0547ed8d0d164be8d644989d097f234751787b1f9af0203b4944f7ebe19

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
4c0a49f3bef19ad4ef61701925c3555b

SHA1
6fb5c1403f00c1f926afbbcd133b5b714cb4649e

SHA256
2bd43582fcd4b5e5ff2a5ee084c51c76e2d392b100658c7b61dec100e1a95a52

SHA512
8f58f5134666e347a1e10012be76453dc7532d67a3f518e486aa8b30a5475f74c3960ed9254205a37670f1803e48b565699c94593b44e905af6f1477944d99db

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
b0911b250f82bd163aa042ffbc91054a

SHA1
a44bf4c605304eebd244652ab1d4e889058fec38

SHA256
169e1b1c736ccdcc97a267f8eef1e19abf58660c35f83627c8617bb5992db3ee

SHA512
6053a6f7d32c4491bc3fc6b8e03d4e82bc7a65b096d1e171716bea4f47bfce6a30380983377a559c612f62c0d45d4ff8f94803bd805747dc02d38b71b5b21bca

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
587c5a55cce7a5f426a1ead304c1b67c

SHA1
70a66dffe29aef4a19b9328123980e3905fad41c

SHA256
c9906b2bdc7a9440a3703505556732714077894b467a447f3716b07777f75515

SHA512
18b90c4cacd9fa34e08ed7598437747a03c61d9872245a94a60698f5de08a32cedef0dad71c4cb4efa592ef8b23bce9f6e5e3c3e79180e214e03eb17157bece9

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
456aced0af8e5bc79bec81b44203bdc9

SHA1
ae53d845376143604630ae6cf649962db6416324

SHA256
eb07a32ed8d5c6184cb15576333c18cee95c0aa70154590bec8375220e627a55

SHA512
515fb0379d2c8c516f0dbef4a0efa6f7a09be28434c174f116ef411d8296fdb1f284dc53d2dde05133bcfe75e8f203106b7978f20ec77d3228f3a1e755ab0cf5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
bedb7710c77e126ceca3aa8394aa8248

SHA1
6d93f0a82b367427bdce8242e5afdc2c3ef85c0f

SHA256
e24fa018d0f234d9ca4212a28f50730ba00f4712710c5fa5e4e126461a531ab9

SHA512
a3e27a6e92eaa23d41f1a81941839ef19dd684eba57223195aa16a40a490919c7d2dd0bc1a57fd4662c19678ef69edec8f6f4e663b602866769db87f05085fee

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
33da86c056d0f38f7ea1c7e65a836279

SHA1
14e32d85d51de43feb2baa3f8b5d2bb893961947

SHA256
9261a547366a4344b41dbc042a7bf8143c54644f7697fd86b6659723c17815b7

SHA512
9db6b4ab07ab6c8ea65310626b142e21540918314f329e98e523cfce48cb2bff34c272c1d0545de83fc765c5d2d824f65ddb37d05ab29ee47ce366540b2bad89

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
d989930b0529e61f63eb0b3209417fad

SHA1
f2c9b3a9301dd22d41ee26e9221d1a30fdbbd948

SHA256
7dcdd8b511cb19b7f7c9e849ffa7bb1ef4e11b0235d4f60c42bccee711a140d8

SHA512
3c19dd5fc3f22b860382cd985c284bb15b58acabaded4fa292e617687b1a54ffccf43ec3da71c6c6cb6ae528dc8f7d1635110b5c93a226ebc1fc18457466365e

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
a2b18f25446776748ae70543706d06ad

SHA1
1b4353626c99847a427b3e7104b13b9db62bdb74

SHA256
200b225a92f68b0c3c17a7601312a53c39cef201c372405acc9def54355aa0c3

SHA512
09a5267e59cb46a479d42f5aae3f54a56c3ded8ccbfb522c1b6c84fd85702ced783ed021afbe80338243bec12f14f57999c1d9f7e2a4eeb45a0d4c00faec2ddf

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
febfbd71fbced6ac5c528df7d1d679a6

SHA1
6a9487595d4d3187277e4c72f8753995150501fb

SHA256
17c62667507d574dd93dee3f559d6a100d3054b24929570c3112625b91df557d

SHA512
56efd46941fb5b5c51695d7a392c4646ec7103904aecc3462033d8ddd9d365827f9c4d59dc669470f772c75b389a0e09135c80347b4de8ef0c8024f459b0d4e0

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
ee5c8d65f249690b841ec244287c305c

SHA1
16ad82022cf097f811437eee6af83c88c6ffe0fd

SHA256
a12703c85e733da6532b2ab7223fd4d1ae43a1acaa38420678c3888e13af5931

SHA512
3c3a2710fa21172444628e8f0129a1781aa6cb93dc4cce976f9baaef6697c78376c59237d2fd97fb7bd858a7eddc74027a26d022cdbebca7ae2e03b7c10be3a3

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
f8deffcdf74a6dcc3ce8753acfa780d5

SHA1
014f6ea37b5bb58d41fd1bfbb6cbd99dcbfaeb98

SHA256
7b68e33bcc06b3d9dff36ad1a03fef79355a7671d64f71183b7206a53424453a

SHA512
263ee40c46d8ef1e8a60f638d338574463ca546ca60e556a1470f70d70a3f72645258ee358d4189bdab04201b7fb18952e27e200d4f171b679193a748bc2bff9

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
af78fd60d3c9df8c7dc1c8a82cdaabf9

SHA1
f281a85a31b5599822213a99c50e1cb1e45788c0

SHA256
ba5375990980f924354dca30b16bbbd4386a704d2f7a88635a30a245080025d8

SHA512
36eed195767ff991dd5cfa709f7487c10a03deff0165b55cfe7abae43c7515ea0fafe9dc07b54aa52be88179700611692bfe4d68265e94c65068fbd9072ffe1c

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
6589c07d77d7be3f2ad71857379d7174

SHA1
70cf49efa96fe46fecbf90589737fb76bd83970d

SHA256
3e7ca2c82b638a5274b63a27737eacf3506d3ee56bd2cedab12247d04bcf1901

SHA512
078f93956a729fb5884d2884fda18fa595cb0a2805d8e571fce3a415b743631892f1134242148081a3fff27addcb6195cceca909fe6b3334e9b726e49bef3a63

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
b202a362f17783f2472e29b274b5fe96

SHA1
6067388106ff66f783f64f5056b1e2276c9b6086

SHA256
67a36a0a11e0e1b129bf3d4d4bbf9b4ed47bc2b3b88971cdc92f0fad1120ced5

SHA512
8336982b47889f3854a829db983f8cbec05440a142fe663871c654dc04750926c57157c62fe947f4265d20f10a54cede391bbbfe0175e856931021ba34ec507f

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
c855f5e93adfd41eaf26aa192eae3f83

SHA1
0ad48976b08fc0cc0a4443756361407719bb37df

SHA256
ebf53d87454ac982954a94f556359bc724863629411373b3f0df36f521ebe2d9

SHA512
3143186ea10e1e2721e0f6e69d07769647bcc2a7f7cdb94808e50cf109259d4ce3a7ce70cd66bb714402c1318d3657477c3db4e6e2166451f9627c7955db6cdf

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
8d78c7a89a91e4d92f7cad38e319dc04

SHA1
ef1be875fa9240674403ff7cdaf22326f4a8995a

SHA256
8be635410f7c802e04d59b7a541901fff41308d191571206478e885da35eadfa

SHA512
0b4feba9773f5a9e8db3bd96e895fdf48523c05f9c024b09bcc165f8738425f5324c707a5c7a9c72c54f5d5685ac5f9f2d426c8d2f23ec7f2a4b021c750644fe

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
ac15b91b66f199a2dda5f984025a30a3

SHA1
a05c049f487c21a0a1f4b4569091781bb81a6dff

SHA256
d0c1e6b2b59742ef57b4aaf27e0618c9621f9826a995e202a5a25f89f6ef9fa2

SHA512
cc65a5d54c8bd889aa0369a5a0d08f9da2207ec2e4e004c2206434ca73b84acb45a793958542fe4c617de948609a5f6e01f554628f7b2ba771ac227efd6cbce4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
e2c683b1ac11acd1a51cda78456ccae3

SHA1
369024ec8020b35e23d328c82912af97c50eee39

SHA256
28f9d8f9a3d9faa7d27c10ed7401abe9c6a277301439bc9576f14fb22e7ef01a

SHA512
0d472a66107803ee5e9d590356960511e0d70634e524e51d4123d33aa535df8c6f0f4a111f5d13a157294ba1951c394d78d03fb334f1994069b941d55492f06b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
158e9ffbcebc9de67eefe03d8ab9f0e9

SHA1
7880017b441713baaecfa7c6989fc093a5d73b30

SHA256
2c5cdd32f07d573a1ee34b6d9b72886effb798a8351c400afd1c5daf99e6f08e

SHA512
938f9ca669d8873f339f1ca2f8ba3d439404465bd4ab7dd7bd23108339c9c0fa82e580e5a807014ecc3f0156eb62517b1b17707a2cb6b643e1c2cfcf1350e7a4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
bd76ba5bf424fa4b551dad8202d1765d

SHA1
ae362fe4caba3bc865d172a996e6883bf5acb78c

SHA256
aa335850cbf607ca41d7e3e6225d77e49df6ffb5f28aa0a16c5921d2b7559cb0

SHA512
e7351849f67f541b7846d1c331b5075ebebd379bfaffbebafbe920cbd1dd9ebf45a22129ac78e71a315493f385a48deb391e45105d51c766e1b4a42f865a2d39

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
1310366c1d30fedff4cff6c78b469929

SHA1
91607dc13def2233dcca7ea534f807a4c2d077be

SHA256
348b79f47d42aa83efb6fecadd2b116320f2c528d7de51f2969645df453e99bc

SHA512
e64c19d4de07d85ea1e96d189bcc6ca17eaa9adc840e2e903ddc500af05dba59b119cd102c9dcb033eb5a08d4122dd865b57d5ffe5c389f4bfd417128a53f300

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
43174242fcadf51de5ca799fd6993108

SHA1
f2f18ce53de7011fdf3699419b91823b03443075

SHA256
9ba5f3ef436fde7f21f043c1d71abfed8d60b5377daa2382723ccb4866fde098

SHA512
9d0a9cfb613e12c8c72a77bc2b4681615035d7b74542827088575a8d5efaf342edbca30164a3735f23c8c6bf4efbfb1fb630a88357bc2439c9bee680734e633b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
85fa0f40f7191256d40637bc254c2aa9

SHA1
a1bab70cebe0a22cb292ce665d2af699ac7feef1

SHA256
b3dd1d3c5ccf00c3943ac88439f8e00659d567aca9db609c16892c3e8b680a42

SHA512
b7986ac985d463d06e78a7f7b56bb16da9168b9a462f90ca433564740e25eeac667186813721eb94ab1089552da839691e953ecf62620cce895ab68710596ed7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
c6e06e3767cc22f5e22a2795242b4967

SHA1
e5a7622bd00cd56db1ea48c553a4f5d1a5750738

SHA256
5de1b65ead6ee305dd3929d10ac14a684e9d1999199b87277cf21c0c1716f5b6

SHA512
83ce97a600ebee57964a5655095be7088df3b63491cc31fe357a52f78406265edf81b817efe03c3c0b58ee9a8425d11add8ab385e4597b6a9c580b6bc994488c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
aa745a382e950eb73670d75e8fa9eb96

SHA1
0c15d3c9102da0b6ac85a8781dcc000087d0091c

SHA256
9d281125e4cc0db86eb2436ca6d54eab7830c88c2440003999c540d307d540e7

SHA512
288af6bfa8c6d89ab81d0f95c3882d2a67272ecc2aacb965377ec60d71e87db84a4073600934d5d021fe19f2b6c88dc22245693b11e36be4561cdb9da90a5e44

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
7809cd413d3eb8dde1f467533c6af9b6

SHA1
c4fdf9083626b2f0056874416302d1b907538138

SHA256
799eb4cc9945ce888d67b9b144d23e51b60960cf378fcf03a7f336f3c4d979c6

SHA512
5cf435ecdfd142e0b63428d864dc81d906d204028f2456f3b53ab129cff99459426f969fe984d54967c4e2ec24ced213a30bfa99a02c00b8d6d1fa3f511bb162

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
aaa73128e12d5d63fb1151c232f8725c

SHA1
03ee5d0f47f92f72a1f8aa42b3f9eaad33c21e61

SHA256
f0253107094676da053b05ea71a975af68e98f75a7d688e0af6102a4319cc57b

SHA512
a7000dfcd6bf1c5da79b2f9abe3c540e4fc4256eb823f62466573c7f976f8d3a62b130551e9da3bee95129ea284a2280061f8935f197cf1001e48405e77097e0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
fa1e0ac2f9a4787e397bc388e1f1d181

SHA1
d72f74da707f7de9d38319269b0eedf028e8dcc5

SHA256
499db979e89bc9a224438e50364b04c0789046a6f2f50f7d53daec3d65b668e1

SHA512
87b3c20f2ba7ab3874d7a34556fee04efdfde31bbc290fd41eb3ac879c0465db59a6bf25e7ca4f4b03bd0b8763624396ae9707a5f72a67d93dd66588ddd7bed2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
c3020b8887a25efc54268b319770bcf4

SHA1
74a70da0c4a52b05c494e990144b3a1658dfc4cc

SHA256
78d22edd9f575413096c6d6ff1c8319808a2bc723919bc692fee220b31343971

SHA512
1e52b0dcecca994778305880bbc9af131d0d8726e9e6f3215febf46dc1c54506f1d25dc2b58261588989cce168db9e611b59d30b7058b1df43b8779898f3dfe5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
d97220022bc9643aafb64e5fc9c6dc52

SHA1
ce9085f289e9af417ff7dc9048ec3c2d884ebe40

SHA256
89330a88dad7bde75078d789c4c445a33bc5a6c44172c18ab58a052033e2e242

SHA512
8eddbbd2110594c0837c1e62c6ac86057120b50828e51af8b0b54db5ab23ca431e89eca8661c703ab387f3addd5a51a8260b7483cf5f49db709db22d3e8cb696

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
da54b26cb3aa5104b326c923f1e722ae

SHA1
ccc2b77dbef46c91f57166ddb92d7fecdcfc5e1e

SHA256
0c6a2cb403168bb71c3b71e38814d43120fb75ca45d58614e991aa9cf2ae7243

SHA512
dbbb46e0634e20651d56c2945de37b7f533f2888bc12b7693b1aa89f9cb51d27771a80ed04d66a1a151629aa11c66cb3961760f0ac0d8abb71d0408314c25bd4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
6462dd549c6df99c55d3fb8d42589506

SHA1
0c68de064ad11c46065258733507214adc29f263

SHA256
8e0589ab2917f45eb535d3b30e5f3dafbb6aeef6aa9ee327cf5985bb02f1ac03

SHA512
010c43992073a3c707be0cea36df3c8df106f610436f16218a57abf513ef8e15d3f00412665a7ef86b29176e2e3dcd269201bf1eed850a3dcb110de5e4ac5e88

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
4031a9ebcc6c27b5bce3a368af194b1b

SHA1
5b3d7e78c17dd5fa177e54ac22ee878fc8cd20ee

SHA256
fb8bc86d61674980cbb125e866e740bb96e17d6e92c3321843cb5a425ac06242

SHA512
ec5bce7c7f494b2cb2dc0f80669f65dc4f2efe36aaec4f91c58a4a605ea6cd35e5a4cdfacb2b4e6edb4112cfc1f434e773775e418563b050f42fec937f69e330

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
42d6a3f1aad437cc3028b59562dd96c5

SHA1
248b315af1c71b2b29c732185fd33e87dbd9e945

SHA256
55f0fa4485e4966d9f32435fb2751991a05c4eb921418b15ed2962b1d36b133e

SHA512
e4b2664448ee5d7b865bcbed72e5cb118090c0c981eef90feae18fe9b585a68089d57d5d3963e2c0e8f686601609d078409666b1edbc3ac01692c171d22cea93

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
239bfbfd8d92062e96ffd0b472c409f5

SHA1
201228fff81da25c4ed06883c5f471e2ca6d0a9b

SHA256
d1c79fadac5b411ff113094f5df685da4bb78f1227ccbee56d507808adfdb5ef

SHA512
4ebb61b67df9b2c6fbcb78a08ad1e400a310989396f4614698ffd57967fef3e1683aaef40700e44a59906e92e8c77ce32adf87876d6a167558a12a03c1436b8d

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
6b913be985ce9abe54a5e84a7cf038a6

SHA1
1bcddea234dd1d507982e5178cff75cb3c9e4456

SHA256
e4f07597f88b1fa573ccee1a09e03ade09a4c27ada085ccb48a95924b6ed960f

SHA512
2e17e45b5a492b584b08aa0ebd7c172ae65ce87246773c3e1edc312aca71985f4f2db91ccc297dedef737f70c5a62600f661fa017ea7954eab42231854d782b0

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
5a6906ddd1a06f53610ab90c2c631e5e

SHA1
b18aae6a4825ce4d09ff0c015836521c5eea9459

SHA256
11522df0dc2e4a381b697eba7f3060599fe1b446de80e928107db32844241b6e

SHA512
3752479221b25da39bdf9dff616cb38553c543506264ec40dd11b80d28a02e17bb78dd0a1fd686826edf02afcfba9931156e30aeb90d849f79df399aa92a0e79

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
1019a4fbc28c62e2674b1a20445f2d0a

SHA1
20a1b99d0d3410f7cba66cb8629623bc1ff49afb

SHA256
bc8e5fa10eb1a5945d4281639eaaafed9d9036a5d262494f3209290977a7abe3

SHA512
3534d94e75206e124ca59d26d40242a73fdcf05aaa40608e947d1b5bd59cbf1b5e51b2d856f451eb36fb9e71efe785c1bbbe0909848f3323b3cca4ed92f7c509

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
84dbbe2164264349352ce6b1e8407ebb

SHA1
a6bc17c0e5813e7e7f8b0abac4b35dffe66748ec

SHA256
cf0fd99c36089402e5fcec8079dcb48fa1e3408e8880a9d60a3edf50e6bd56b8

SHA512
3359024c0e700fb8b0316b1db1b27fd27c627888ffd8679e57de14315f2fd14cbce9f65e61ca4ef22e702362fe4bd346b8700fabbe97c9d339c3d73a98ace6d6

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
399c8f555770a61da60536900f2352d1

SHA1
19312d9447356fd418813068b91d8ed60e513001

SHA256
f9dc9631cac5696c375ef4d0caf8b9bbdbcd307a2b74403259c3bfe7b39b7e36

SHA512
5de6ff029ff2110e4be4d3080e86fbe7b7ba585e91ab13fda8e9e5ad9bcb61b8f1c2be1982c56ed890e5d8e42df9f4907bf43f83cff703b4b84c19347c04da60

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
b47299b17ff2c98f2b57c2b5fef25043

SHA1
46f5f1d5de333a2fa7f967dd837d0d371891dab2

SHA256
74f072712a84318e6bece605fab6719becc59a2fa48ce235a38843e03fca51f2

SHA512
2676dd6d8a8e9d25889dd65aa0df784e968fc6cb53aff15021d8e9ed15ab21f3728b7faf709792f8bd15bacb3fec9fe5e0a3b5375b6956937cb2f20ee4a7bf9b

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
a82063c6bb88c87962afc8581ffc988d

SHA1
0a98303009f533fc2d5afe98189d7f3713ad162f

SHA256
38baaaf5eea8aa1611e0494df831ce53748ad23b3f9b791a1c26e63365ed394d

SHA512
ad0d476d4fe78b09c50d2a3d7677cf4038d82e0f3982630cb69dc5ab36c8cdd91dfdda026c148bbc8efd0960dd4ba3de07b168bec759347cb4bbfd187127c055

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
46e18cd2940dc65ce0b1471c0c6eefd5

SHA1
8df3575bdffd03b8e114b41f694b6f67cd52c676

SHA256
20b74a0a4580e7cf9dbc96f93176ef36000821890df2bf98db3ed7b9ee2d3d2e

SHA512
dee21afe45d0f28664cbaa87feb261fd16baefa74eaf7bdbeb07bc32d86ece420d61e09314109ca23bcf9e41c4c5ea7adaf6de93658a846e580c6da95e2c39ae

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
37a6483098bf09591b67044e16cd57b5

SHA1
d3afb672a9786b8ebefa309a08f2d47b596374ff

SHA256
3c857d2337064041f4d4f2df8475abe67f9f68fb029253baff385db72d91811a

SHA512
a68bfcf2e07b9459d7eb8c92c84d63cbb50c4d93a667e7d169e7ce7ffc8aad704cdad2e1cc85dc9cd05fe594f1ce0c7d0ce7faa8fe6f1354f088fb9683d96135

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
bc159aeeb0f24d03304a0af2330046a6

SHA1
9511890bd91db0f3fd90437a5599d8d7888b795c

SHA256
a1f279e3b46d17ab3dd6d0d1c5aa66b7def0c6e0c840e72bc82d25aeb30386e2

SHA512
e3c5ef8564c4a4162ca24331a236e7de4d9b7b8470260dce92395ea72dd01979861200b69d064c38b9980b7e9c6cf001d1e5c29c942b2faa4ffbfb4c19cd5b71

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
a5479894ec6e6a1a436fb636cfad70d1

SHA1
9a11808e8152d565627500c5251d22bd741a4b49

SHA256
37aad273ed906a12147edb8770d452508367bef87f2bda48356e1e3b45d5c3e0

SHA512
75c399f0f05dd976c867b1f0a5b876b8cdb79e238e5024738f5ac90d5790f010eb5cdd407172afb71972c18d8b1ea673c6bff8a47be501dd736fae50df17716b

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
c020f426478fa545962fb8c8961a9eb2

SHA1
889d99a106e78fa4e560c9e3d12f8e4f51f48eaa

SHA256
1ddcc487ed8d248b272949abaf9de73139f9f53f187cf894cde904ad34c9099f

SHA512
3c82811b2712176d25aa44dd0277733163cc61949630de338932f25332abc972bc8b2fa9f6d1567552e6175a04214d61f0f4ab74f1beefe8ef70fc4c6b2fbdd6

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
57a84ccfbf9d97b046c35d2052f4f796

SHA1
1fa19cd080cc2a3fc1261d67f8210c078f19ff03

SHA256
f16b6bebf9cd636f4c99d555200b8d755fd77078524753da25673b6d6c929a19

SHA512
71da759f3f12b635ef200655323475efaf1bca261b47d31810c4e4f9b97c02aa25b6df8aa06ee88d5d7f6dca9efb81ce9636ee308faf3bf026f8089e4f3ced14

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
38fd345e55e7a7db533fa35c88b1c790

SHA1
a061c933d49b2948b820a14a93d2f38d746bfdef

SHA256
c361868098bd4598c2f36ea3b496b5bf91b1b8879b414bbfb3be301b53787c4f

SHA512
8177441bc894cdfb26cc0720a753129176d89ef36f862e89450260945101e58627a8252001c5e9e0e9e7657ff487296c215554ed520fc655e10ee1db235e25bd

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
304b009092ce20a6e839b81387dbc844

SHA1
54bdbec1a685c11a42d0f60556f3a06913a3e48b

SHA256
74444588f98f5ae7c374dd8caee6d6c70cd86d15f669ab3f3144c6cc4da7ad45

SHA512
d3672559a452949a265024d171399f4e10677b16b30e3661c62bc2c0da601c260128c557841397fe49ff2f357d0b9e9f72b16a3a15bd0bd0bd263cf77061f601

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
96e6aca83947bbc22ecf3ac35cf3c21d

SHA1
d7a721d62a7132a3357325fb7954f22270e3288c

SHA256
a1b41b554f0e906aed33a9b55ba18a0fb94d8b6e957707ea6f8b141f3ea2011c

SHA512
c2377f7c8567a5e52d09024215bdb548ce36fc244a30fc5202ababe6160f57baed05f998a59e855cc09d950a11eee22dc3c894dd4572d9cda65ccbe8deddc200

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
7583126f6948edf40ef1d016e2577fc7

SHA1
b9bcce662294de650c79eef85827d16ea78a887a

SHA256
2ca1fc12811bd5ddac4e884dc91eddaade039daf4a6b4e1a546529c61533dcdd

SHA512
454dfae6990e40cc3ec1433547000ffbaf1e2d5d154005f7d14c758521d5a03bdf34762dadfc968f41898ca94f7211d5bed8e3a077f28177c8d6afd41b6fe854

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
df036ca3a05651ad10b132f96c9cc545

SHA1
b817c473f1b9d2d9fbf399fdca8e16589e51306e

SHA256
7acfa9284bbf670de2c1e15e5a98390b6c8be286f29c1248c9f1a2d10a642868

SHA512
4fee2cfa2b21ac74e258a7919292450a696111ae4754eb90e40aa02edf08d6aa24c0d84beb47f93699a645d02f7ac02e083d8327d119d59dd731b8572b400ca5

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
b4f0dc859d2e0ed6e9ccd9e3f78f559f

SHA1
35d1ccc94054c08e2392969a4ffee881928515d3

SHA256
e91adbb4fc0e6d69e5ffc5b80185fdab3f4ee5cf31c229a3d232dc41e4ae9300

SHA512
1865107d5024c58ef6049e3d263986b02d4540c8045c9644785bd4664c0836dc51c649a1f721806508a6f8bf8e4d9a85b597ce2afd1d00bcf0a824f0e792c152

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
87e5202186cc04cb7a0e30a84e46a278

SHA1
f61226b5bdb117ca84ca3583217c68ba7540aed1

SHA256
e462a498697193975b96615aa2dbd96b7fdd64345f2af3747903b3e4a26281bb

SHA512
23773769f4c0bbe7e3ca212f95c34cf557e9910acbaeb4735064f4fea2385da6e337d652664ed655f66ce4a3d6eeb06df2af1b71bee5f457e06c4674fe64b375

Download Submit
memory/472-285-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/472-292-0x0000000000580000-0x00000000005E0000-memory.dmp

Filesize
384KB

Download
memory/472-297-0x0000000000580000-0x00000000005E0000-memory.dmp

Filesize
384KB

Download
memory/472-296-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/536-238-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/536-171-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/536-182-0x00000000008F0000-0x0000000000950000-memory.dmp

Filesize
384KB

Download
memory/668-158-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/668-166-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/668-224-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1436-312-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1436-242-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1436-252-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/1560-119-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/1560-186-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/1560-117-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/1560-125-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/1720-131-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1720-199-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1720-137-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1720-130-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1872-299-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/1872-240-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/1872-230-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2380-215-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2380-576-0x00000000005F0000-0x0000000000650000-memory.dmp

Filesize
384KB

Download
memory/2380-282-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2380-225-0x00000000005F0000-0x0000000000650000-memory.dmp

Filesize
384KB

Download
memory/2380-575-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2800-582-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/2800-398-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/2800-417-0x0000000000BC0000-0x0000000000C20000-memory.dmp

Filesize
384KB

Download
memory/3136-269-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/3136-203-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/3136-211-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/3228-201-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3228-264-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3284-105-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/3284-104-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3284-111-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/3284-118-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3284-114-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/3288-52-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/3288-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/3288-141-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/3288-11-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/3320-256-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/3320-266-0x0000000000550000-0x00000000005B0000-memory.dmp

Filesize
384KB

Download
memory/3320-396-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/3900-157-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/3900-100-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/3900-94-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/3900-93-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/4308-195-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/4308-187-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4308-251-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4500-0-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4500-6-0x0000000002460000-0x00000000024C7000-memory.dmp

Filesize
412KB

Download
memory/4500-406-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4500-1-0x0000000002460000-0x00000000024C7000-memory.dmp

Filesize
412KB

Download
memory/4500-129-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4740-577-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4740-309-0x0000000000A80000-0x0000000000AE0000-memory.dmp

Filesize
384KB

Download
memory/4740-301-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4760-561-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/4760-271-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/4760-279-0x0000000000580000-0x00000000005E0000-memory.dmp

Filesize
384KB

Download
memory/4880-143-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4880-142-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/4880-149-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/4880-153-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/4880-155-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/5056-315-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/5056-320-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/5056-581-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/5056-580-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download