b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 06:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
Size

1.8MB
MD5

5c251d0b227238a1dec67505a99d33b7
SHA1

5cf2fd8b4078b9be2539e2fc9f4135651a97d2b7
SHA256

b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f
SHA512

d7a4fbcfd94afddf23d73a8cc26c7955aa60cc89296f50a4119c0d8f1c96e880d29c549c92171f965c3c1ef021f90285cb16a1fbb0ac7f24aa1b8683f79c84c9
SSDEEP

49152:+M9QPdxwfE7WlFwKAfzuTiDFUFkXKPZdD4s9sUUS:+1PdVQFwKZCFgY4t4sWvS

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 19 IoCs

pid	Process
180	alg.exe
2552	DiagnosticsHub.StandardCollector.Service.exe
3884	fxssvc.exe
3132	elevation_service.exe
2688	elevation_service.exe
4364	maintenanceservice.exe
936	msdtc.exe
3612	OSE.EXE
3656	PerceptionSimulationService.exe
3408	perfhost.exe
4580	locator.exe
1048	SensorDataService.exe
3496	snmptrap.exe
4456	spectrum.exe
2748	ssh-agent.exe
1384	TieringEngineService.exe
4760	AgentService.exe
3196	vds.exe
4540	vssvc.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 34 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\snmptrap.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\c8cbcd0bfc7bedf8.bin	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\vssvc.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\msiexec.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\locator.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\System32\vds.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\spectrum.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\System32\msdtc.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\AgentService.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{96FEBE14-784F-4E29-A39D-9545447021D0}\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM48B1.tmp\goopdateres_vi.dll	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM48B1.tmp\goopdateres_de.dll	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM48B1.tmp\goopdateres_ar.dll	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM48B1.tmp\goopdateres_sr.dll	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM48B1.tmp\goopdateres_is.dll	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM48B1.tmp\goopdateres_fi.dll	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM48B1.tmp\goopdateres_da.dll	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM48B1.tmp\goopdateres_et.dll	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM48B1.tmp\goopdateres_id.dll	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM48B1.tmp\GoogleUpdateOnDemand.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM48B1.tmp\goopdateres_fa.dll	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2552	DiagnosticsHub.StandardCollector.Service.exe
2552	DiagnosticsHub.StandardCollector.Service.exe
2552	DiagnosticsHub.StandardCollector.Service.exe
2552	DiagnosticsHub.StandardCollector.Service.exe
2552	DiagnosticsHub.StandardCollector.Service.exe
2552	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1764	b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
Token: SeAuditPrivilege	3884	fxssvc.exe
Token: SeRestorePrivilege	1384	TieringEngineService.exe
Token: SeManageVolumePrivilege	1384	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	4760	AgentService.exe
Token: SeBackupPrivilege	4540	vssvc.exe
Token: SeRestorePrivilege	4540	vssvc.exe
Token: SeAuditPrivilege	4540	vssvc.exe
Token: SeDebugPrivilege	180	alg.exe
Token: SeDebugPrivilege	180	alg.exe
Token: SeDebugPrivilege	180	alg.exe
Token: SeDebugPrivilege	2552	DiagnosticsHub.StandardCollector.Service.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe
"C:\Users\Admin\AppData\Local\Temp\b03dcc2b3d2fabdeca173f7401195bdd41a3a2c2f1484058b62d7c99e672b93f.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1764

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:180

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2552

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3356

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3884

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2688

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4364

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:936

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3612

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3656

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3408

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4580

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1048

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3496

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4456

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2748

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2956

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1384

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4760

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3196

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
ddce7ae2dd7ace57e2762e5371256bf9

SHA1
6ba9f0e27a8cb8bddbbdcc42ede5ec6ca975843d

SHA256
824736fa984d3014493f0ae5b5b6709f560d9b4835f8f4b27fd2aa26aee273ab

SHA512
69490ffbb2c2a0e28b7d11af1a3929ef6f6fee7467a487ec9c91ab682ec132658d46bc01d3300bde35c8e2c33d55f88e870d4e74bd422d602870f22203aabf49

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
fa10a384a2dd3bb2e892842a45b3f293

SHA1
2b4488388fc338572653b72b748ff12ef3d57fc6

SHA256
29361bee34fc60d61796ff2665a9b2aeb2c2b12669d3295552f28b9cacfa8ce7

SHA512
99ec37ac1a4af3fcd552ccc47752d0e638505c51869d7f743588683bd7da39795b4cf0eace11f5206784052fd5369674e96b5b74c3682205cc5f45791a7b3890

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
4684b9a3812d8b67b60c47c5ae305130

SHA1
598c46e515e1f0a6f4e53820451f9e98bf4a2ba1

SHA256
49887682f9d2a57c2cc2cadcd24458fdfc3970b6fbffa520a071ad21f24baa13

SHA512
534c4f2a3eb57ce9fbc71faaae4660283966dcd2d98fe8dba80a1bbbbfba6668b8e97409fe5565bce9f5879137c41128d7d52a193ce8f898b284e04a4135988d

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
83725b20e63252114891dad2f7fecc99

SHA1
f17f7f2c16730288f18cd4bb353c0ac0c94b8055

SHA256
78531abf6558e2386c5e20d30291f9f39a1c65f6a4c2c9b82327347967ccbd4e

SHA512
5b83cc636fee2391e9ac13a1779086fe249da5bcdfe3a2a161176ccabde1c181fe6b9bf2bec6c4b4fb1dc61a504d8080e7594a5abf51d98dad2b5ae36caa2fbb

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
148c9189e47906757b49a85e4fd40972

SHA1
94cbff463ca877f81e9328e6513430ae5e09ff40

SHA256
a9361006e49ec83f2fa19a2c69ca60f981390fa069118572a4a30ce090fab34a

SHA512
ccfe85bfd7a30ea4816947bbf93f6c4abeb35890f4520d8e5b316b20e8cad0b2deceb7b309ea66a6a27be7f623a34354806518bf78d136b470fc441091c5c691

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
aeec8f768bd059c398c5e0543ccc6ec0

SHA1
0982b9f82f23e7526e9e6e04638895fb64164254

SHA256
43888c130c396a783c101a89ea9685c7659b2ee1c43effff72dcf7adaaee4e1e

SHA512
73849c953590d7a555545340b7c3bb8dc695ed652a8bbd56a6efd77849a39c62ab61e792cbb8a33b3eb7069900158212593c22107f5d7cbb983d5e22a7f199e6

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
cb7f72cd792fc8141077a056a0f4edce

SHA1
3f0b00d99cde44ed6e1d16daea092e3995fa3a71

SHA256
06c42db842e2f3e7539b65db50349ecd53e04ff0d133edc99ef7183f0bc0b7dc

SHA512
a87a19934228f02ebfab41d02d71da2f34066857872839629c1582657762eb3df3c97e86f271efba8abb9d816449cbc7b6540bbb1b7e790684a27edc063041e1

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
f88f5d4bf24ecd12a99c3a67755a2bee

SHA1
0359046717623b3eacbd36836ae01a6c8779b940

SHA256
890eed60b9c2b213e59e998f7c7c5c2b40652d7b89c5b7b09bdb4218c28c6632

SHA512
1254c6650ee5bcbfd53c2f02821702aa57aa1f7847accaeb56ade8bde48fbafcf903d23b4633886c4d49c1862588c00191190d12c1ab6b1a11702074514e4296

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
652aab9af8b3d21a2d5bde1935d5577b

SHA1
8fb6e3be4949fb4c8982a2cc4eb0edaf4096f61b

SHA256
91e6dfc05c542086911fe5b3911aa72ea90d20428e87f2990a8c414d92ac4c7d

SHA512
d3b837db769954698bcd749ef7d30cd64fdcbdd7f2d34a95a7c94a524f8b99df91fa6eeeb9890529ab8727927d09a93f96947907e2689ae6d96cc489c82c0b29

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
a5c75d795dae4cf357511fec3ba6dfbd

SHA1
c550e6858c8346830bf06747ea4a9e37e253e7cc

SHA256
0cf6fc52cba5e41e323856c7c8dc9b4b400b9218c4bdc26748a897bee0b881ba

SHA512
da7add2515449c893e053a898411b43b8556f84f1ecb56bd05f5df6f4a9dc89f58b15b6823cbc366b2a6a0bbbd65bd81df9a4e4ae3887bda42435997b76e5b48

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
116607181e7e7aea3f8c418c1423ce50

SHA1
395c05bb356560e28bdc444aabf2a0704a4058f6

SHA256
08ca60e55bf12f12929bf7016477f77b6c2fb704a63b60345216df5dcfb2cda6

SHA512
3ff2546cd687c1f4917a6b96922e5bf16cdb7fe6f5e7b040f74bbbfe2cf894116243186e5138f5f102b17818bf2601ea6d757d47fba5e15c8a48e582225c7595

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
87cc0f2f8d43edb1146f65e2c820d73c

SHA1
47b4736864a8b7aa74d154db60331c05d5ef2023

SHA256
f6b1536d77ca4c139c7ddf8682291f801837ab949ae9d76fbaa374e5eaf1f05a

SHA512
4cc1ecf57a98ee76557ab6d2926cc55714991510dcddc247dc5620620fb47eaffc877135e19f69120a98d527f2bc96eab9bdd02fd0fce49cf3f99d9d52bc9bf1

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
4e2e036fb0c745e13785081e09d71863

SHA1
4168933edd80c84b2fedfa4edabfcf6791f87be0

SHA256
fd40fd7cff9ca5b2f0c5482465cb3f266925c19dc5bcad25b61b118a3f262c25

SHA512
bfeff1f2bf2cc8d53e6d6c53322b48b515eb4545b347c4deafdaedda5a45a4c0e3dfdaedcbacb5ecba141ae7dcd3d565b76054c41aaaf4d2d4ab5c16ec5076aa

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
4fd293e570bc4335df26811f05474621

SHA1
390f9ae10d574cba08bf100f8ad3ef0ae0662907

SHA256
81a019043b44b7fbe7a89196e1cd8c5cc7bd506d321d74a137763b4304f51f63

SHA512
612fb89ab74dd8c26315f4054c191bca4b464e527b9cb3337eb686cb1ace3b04a89ebda0d12aee4396738d4730763b4c68bc4a9ef40e6f19094e0568605cabf0

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
7a9a874b2b6164255c98e42df5a95929

SHA1
93a44ce96c2c078f4ef6257842d54fffc9fb5d23

SHA256
2f2bf17512c5ad6b11b254e1f8cddc61717520f1aadab5f91e7c02ee3b11f8e9

SHA512
6579b69bd8d85124249fa2d5bd10d82eb19865d908c2cea21c795da51a48a7d248e6a2aeae693261f255ee6264a7783b9e0cece26760769bd351b22f9f94178b

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
01bead2fb6480cf87c39208f0ff8a9b1

SHA1
7a8f013e8af1f2303f3f0d07d34ff77b57579f50

SHA256
57c8201a9c91bf7bab557028798551f4ecceca4b99e0b15a303fa21cdb66c9a5

SHA512
81782965427ef09ac8e17637a015bf15addfed960c59f351bfba46c065ce405f36c573bddd9af59dbd1a82728ca6bd63ee1c4f2997bebae67fc9563422fc7438

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
56e80194df63bf81ac5d686c204273ef

SHA1
7af9170bf890cd2ebd10913511184fea6106041e

SHA256
2cbfbcfba4e82319e985e9b4f1b78e618058c11f6092adb97eb9f601c01c0a4b

SHA512
7ff059cbdbe5df004f93cdcbac201cf91e7c89fad1dd364d576f55436dca6a8f16fd02c010b52fafbce1b569c0a00c2c7da344c9cc0328b1fdb10106c928d77d

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
fd91f25c386cc2c041142bc0a7b862a8

SHA1
73e76bd3f9c48cee1ee88e174890d1903077da7d

SHA256
db0b444bf77b8b8407407a8df5cfc05135866696f23bdae2586fb4e511fb1555

SHA512
f8bedd621c2a7dc355f51db96f64b7bca9bda97f126d6137a996279f870b48e1a3c9451e65d0a1490bc70df0869d866a21323635b807ef1ac0a91dfb44dc0d30

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
6db0ef52117337f1be22c84581d78f18

SHA1
0a14b7219294d77887f12dc0d4a3185754f642d6

SHA256
28f1030e682f2b98d7161b785a8f0a4b9d06b7923c48d62087dcc9876c37ed0c

SHA512
4d3379d7deee024d5d839f2685eeb77cfbb1b038a881053b8cda3d72d42117113823682cc0acdf8e9e4046e65b2d3617518bc4ae0b9cf54354a67fa1e6ee630b

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
fb591bb32cfe8e0d93bc2182b4c72d5f

SHA1
a6e85afe2d079c592c878b33f2ad1e4023304977

SHA256
fa074937f07db011c41baf10864d56d857601ba1af139c2fc9bab43ea607d429

SHA512
4ac67f66bf4d6e8ad000dd22db36e1aa01217aaf2c1a10687ca15dd5750f4e151068eb2ca2ee082ea47a089222d8317e6e6725d3d2951505bee14293befd6240

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
b1500506012320fed5f31dafef985e56

SHA1
ea42d29fd97757ee3a0a082dfa1865060a10154e

SHA256
fc3c488694bcc395fa366c05dd7bd70b5095688eb01e83d24d646e9bcd60c597

SHA512
b4738968e83ebe9cd3da67fb7105751729572eb45e5441a809e90ce852f06e3da52d727fd32958e7a76cc818ee0abf8e05e940dbb22ea46f5fd17060ada23858

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
88adbed034a5d11a0c3e311773c9fab6

SHA1
99a8a3ffbd19d3dd330d2d29218bcb6d6386a61f

SHA256
5b79fe8ebe9bd5ecf8b21887e6ba396191d71dd59b9249694d824de240701727

SHA512
8939860d9e42021afab91a051c824ee077724db977b8e4ee0b1a10cc6e50ec8fa3dee43efba52033a8a1143c9651220fa76215d59099b712148278c541dd8bdb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
d9157c3d93f936c05863fae954e6cc8e

SHA1
4a6d0bfda5bf213c0603d08fe66cb6ba5f045948

SHA256
800a1a8c184d0bdab52aac6f71527cdf706137f63d2b85854c9bd939a5a8db1d

SHA512
a98619c40ac93b1d5764925462a773d566248b7734a562b626d505c8d46b1da3a6c853b420624d878f120174f2fbb76125c405d5fb9945871c4f8ebdd236b863

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
6f0b6a6e9f0f2292d3d7ce2cd8448525

SHA1
747070e2c0d755f956035c25ae1d69ded65405b0

SHA256
1e97252c6394d922a6188496e79ba7abe7bd8b2fbb6147219018fae87f24ba37

SHA512
b0985cc113789be0ece32bf31044cf02d6b77c7e654fd0b97b9037354f440fd114bdcd793b1583ee2db37b958194c3e11ffc91762b0e66e4c388c8ac2bce0c0c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
d4acbc6e13267a581c74471bb62697cd

SHA1
bab9f3892a6a8081ce2fd1041e9418a18e2181bd

SHA256
e69887e049cb2db607c47bcc371a5d1deb2bc04c5cfbc6d4a9dd5f5eb718d656

SHA512
b0b0835000773a65d1cec49bce5c86109e468776c28796d69c70039972ff4e6b38bc5151c3807035ffcd5834b1d0ce489850f7ba7c59bba564bafa33f80dae2c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
012449e133729b5c45420d4ceff44994

SHA1
d84721603f090060b1e7e0243a405ef3bedf5962

SHA256
b157e8ce02e3d2b926877fb0fb8e711f6fa000bb8d99d4b821ceccac13fdc235

SHA512
36646bcd84c9d5daa92b8ccc051be82c91af74e589992b3e013be8924d39494a6940a2f960f22b0d6748e10da16cfdc472fe2b5d5ea548f18e6cbb591219b891

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
a809400898e49ac6e9a85409a0592ba9

SHA1
76eab8f62b0670adf83f18b70003e916ae8c4748

SHA256
a56f5211b919a884dce2c5ca150be43da3e05c00bbfe30d46da6e7d7849ad42f

SHA512
85077b5bdb208802eaa65ed619037c5c17e11061d73ed3424f8e752096a961a906119b7c1547a7aa376899b43f79417d98ef72d4e73ea8ed3787abb4776fe024

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
e9473c60e2317eee951af56b529148a4

SHA1
d45a49b98598d117efd62b3e17d900ea7ecd7ecd

SHA256
8397d2a0931b31ace57e463e795a952add7a25dc7139920fcf272c2a84a8c4b6

SHA512
6b618b8432e9b88925b3c8f30203126709cee8ad867a3e195d70c9c3c7efd096ddef58ed6ec6635430763820ac5ca8502a543474bbc080032ea08f975be20b77

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
1961b65c8562d59e8967164e5fbd53db

SHA1
2b6c29fde3d6fa99329259399a326dce0066610e

SHA256
0df6926c34d1b7eae453d8fa5e4dec3ab5cbf79748a0faa4c3358b20ec4abbd3

SHA512
bb1593ce830808eba19b9f6003abaf849ddbf55391411955b0bb68040d315b69a9b48306e162941700dc64e81e21a555b3db142e23b25350d2106b16c5efa6a3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
6d7b9f87eff54886c0cf619ed9e383fd

SHA1
1909541c022ea3fafbde1000e7e05fb1617ad0bd

SHA256
04860eb54b2c5d1fbaf6db385811da95c8037cd037584cf6b4d43d2fc9b66731

SHA512
59b5c65b2720ec7b06d9408896beb12fbfdc31efa7acae33ca52bd74d49c1f6a365d9f07caf01dcf6a01da47b2ef586165a6ef676c437ccd2a8463f2b76bb179

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
7689447e445ba45db8befefb14d4318a

SHA1
fa9064d656340223b5f53c59e299a419d213898b

SHA256
1b9824b8ecfe16e1ab86043c41278f4b838c69ba68f936b7334a98d0f28d910b

SHA512
0e02ec5b949eb509f98046817a032f60f970508875368c5913114a374f49e5a9e4be479ca462dfdbe67976bf7bd6d1a02925a76dbb382b71d1524be61d1728c7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
ba5ef040ce599853d6153cb59b3f30a2

SHA1
be8b3395b31b27340f7863c5711361effcbc9732

SHA256
fb474e564e632419d2ba8653571a3bbaa717a139b9e4cbca279d76555aa7e6e3

SHA512
19e94c97d51aad8e5dfb5e9353c2c1b695fdd2d59ca8ec06ff6504eac4df6d60ba188839bb85b9de962e38aaead4ee1b444a26cfd340da78194e641534bb950f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
cc15c8b9c14db24a51289922427687d2

SHA1
03fca4c498baa9ccccf03b11d17cef266b9db662

SHA256
4a1a87a4f198a08bfb74a4d3bf706016510c0595eb342fbc451d9e427d117848

SHA512
74cf3714684a215e73f1bcf945eeff6cbecc8e5c3dec550889985276b3a6923975317d4d40f9319f1a70b55d050738436e1ecc01573d146d3d0a888ed0f89346

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
52693ef920950dd891d95b049b8655bd

SHA1
60b89cca7588a5486efcc8f46a5bb625019d95ad

SHA256
f1716584b8c9ffac5c9cf64b1e6b57ac52e3dee305a3c37ee746516623c15126

SHA512
16111d15a080aa8136f199dc0ec5b42f3d081fe9ef39b87a047efb55fdb6f38d94ec439265ba617d79ac991a809f97ae1334bd7be653c8eb3d370c3395ef9a6e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
7edfff63273f4c706d83cb069b530d09

SHA1
acc6278d208567a481ac2a59c186e5c0bc80fea8

SHA256
270b8456944516ae19b8a5f6b9f09a2708f85efcfff0503a537756690ad0f4e4

SHA512
9f1fd4038158e907e37834c1df8cc0c87b5dfb272a8c18c28abcf6dbe88ae551cf8e8e7f7302d82c9590a01a5ec9d81d0877802fb413d1d05e538ac25f4141b8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
b0c1fcb867db2be75870dc2bd674801d

SHA1
2c9f81fe4631d235ef9297baabb67f6eb3283de7

SHA256
7e5c9032fdfae69dba1483f86054883eeb653e107f5cdf70e5682e2c400859c5

SHA512
af4a29d38aee099e239ea34ed554f5d7e0491fdd2b0cbd33b60d980cca6d9de5e27abb5a3a40da88cd47ff4b1da0d2aed0ad9213d4c8251cc819711badcad640

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
af326409bae513a134ff0c4be68df4f9

SHA1
78678e96a4448116ec87965b932419301985b696

SHA256
5df24288728b748375ed257769172152ba1c5327c2175c35ac36ea211c8ee925

SHA512
e255dba1997ea09c8219c6869db0c670a7958a0bcf7d66bc5324b10738e7ee6882aaa9b84b8f806ad23aa36495a4eed31cf61b38f39924f3557382dceedbb221

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
555d216810a09a426cc2c3c5c0196561

SHA1
997784b63e37ffa08ef3b4de72bedaffca58f876

SHA256
3d3bec7764151d117bdea750d785e525399c11f446e2c72a09a0f6275b734c44

SHA512
24855abf49ccad2aa7db116da678f1213237cf5f0f6b9e18b396757a7ecab7c65c37e700cef48af2b2b020d47222a3ef1528acbdba7819a8f3a39ad43b728ff3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
0c3a17be71e48bab5827473ef98db048

SHA1
6a8fd4a889deed9651539133c2248dc666efc0c7

SHA256
378eea577087ba8b7e60b313392a40249d9d3bc475ea88728141cada2e06d85e

SHA512
9ff8db757f807fb0fc25b82ff93d9075fa989ce75e3f9cd270cbaab87c28e4482b0a8adf00ec532dad18fbf4519b4825b50ca44abb392e913275b3c1bac2bfa8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
5531fd750b97f4751e58b22173dfb306

SHA1
446ac375b55e38ae1a3a17c62f85ce2c6270c6ab

SHA256
8f6bf5ca06b17b3fbe63d40a4f9a44d1907c0eb161d80f128efc83848b834484

SHA512
1f5792254a6fad2b573bb561c106c80952a52fab2b705c01472b822b9dd094ddc81fc0705564645c7648d696fde01e9dcf0652a218938e2fce8468d2e0e666e6

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
8827b60ef8430d83ca0bbfaaba12661f

SHA1
08903933d72b6b28836ae2fd118985d10eedf800

SHA256
3630c9844881bc627478ac9f64a9519819f0ffbb245f4d65586c74dc9d0612ae

SHA512
74f34fcfb95761f971d6927b0e48c36b768840ad40937695343a613377cfe815b5c168e445b495eb2e48f6c560d006b11a9cb3c9991f2627944a8b44c48ccc54

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
7719dcf8c56396b2b0b04feaf7b4ea43

SHA1
4463331c43def6792211f2f19fb59ef56697adc9

SHA256
f30bebe310326c46ad2083a53f5636c4bd3eca814f555a5af9c1723bcab90b10

SHA512
24b3392d17c105a1b1dba6b823d87ead1fa718ee4e13d70d84f37bca2f893e3216066f235fe1c971f5ce3901c72da2e81c54899c52fcc4050cf9e97ad11106b7

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
fa17d6edb76b5f9be2619b30b57fb7d2

SHA1
0c9a06217e22cd9faa64ee784e4e515700a649cf

SHA256
27e78a36e86f78bafe140ce1e402cccd407639769afdc0d6f14ebdcd0b2b2aaf

SHA512
211ffb968e92a77169aec0b9bc62afcdf9ca952321d66d36ddcc2cbbedea9044137320400dd449a1a1c145fddc1b954b3b020732343259289dcaf4a135f7ab6a

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
4c7e0f6eba3ae8bdd4238086ea5d9a3c

SHA1
b3ca4ae7fbf4400a1ebc0a6b42b34a1f3113af41

SHA256
e642ed5f125762e085eae06029b8de39282c8dd9ffa941ededa9a92616eaf55a

SHA512
f119113e6ef4a0f3096dca7d83527fcbe25a4103198c4e3ddfc3f92e4816e990cf5c10f4fed6ef708678f7dcc563bbdf981cac30c2c22f95335ec1d68f174c20

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
4f160a801c35ce9a6567e4d3e05477db

SHA1
ebeb2d1644a4b932811fb60c982191e4f7a0f65e

SHA256
616dd86f22e3b7d261502e0bf1abd6ac3935ad9465a3d48b9e7c10da2069404f

SHA512
24f3568a92ef59c60852c3a827a553ad7ea25ea01f02d9db15112f4af5cdedce8baba371f8f3ca27eec6d93228494298b1e40cd2f2bb0de967c6afb7a7ba18e4

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
efa53dce098fa0ebc5f8aad9c07e69ba

SHA1
530570b1a51f7e66f5fa7bec71bf4c1255707d7c

SHA256
eafae45dc56c9efad9fc2a896eab26ab1bf6aa5efffafd95f10c50cd1de68137

SHA512
808f3e286020778283f1cdb65fb22383fbcca270ba8957d8e9e17a96f31fce533d6c261a5e2ecca06554f1dfea943572f4fa569cd93ed4862fec689b14216687

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
12ba71e360d525688a720583e5109507

SHA1
429e9d8fa72ed4939769a066615ed037bf526de7

SHA256
111de02ad1a4795d0a31ce9c624c2c9a1ab5cb3903a701619fb42b0960456d44

SHA512
aa36a61720f4b3a65582bbbca8fbbcd49a9a46d925a1209601c8b034b8c8490dc277ca85593dadd8d16c2394ee894cc6816e885d6291b4f1d00d95b7cb9be3fe

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
03dcf5ca2f2da005683280c0734b1916

SHA1
33e793a2cedfeeb5b803d29962d2fc6b5cebf56d

SHA256
057555cc5ea1fab168198c90557f42cf791977469059e04607957eba012371f6

SHA512
7f2f70fca93a9207eefd7bd648a187b398e95655f4bfde5a5afeca07e4c9ac5b049fe60a54b20f61abc015af0dcf64ceb2c55ad3f692c93fa30629176682afa3

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
3143a1d5cf788ae4578240f0f424219e

SHA1
e994661529566ab9818be578abc7b89d2735f69c

SHA256
54b8f391666c83e6e08292d6b89eac6e2f538e800f7587b60dc3ad95fd565350

SHA512
34b574f0cb4b2477b3d8431f8253f2f4bbc4b7f871e4bc8507c35da7b95c9128ee2b5aad409b439f6db39a5451084b05f74f2f6b44c03b448772f99bf401a2ca

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
93c2283894519f7c423c40878ccee521

SHA1
579a38cac4020ddf93e5ba0941149d7203f6703b

SHA256
b8cd7ac6a5d632e8a3cadb9ef06c59c328e718cc9a66e3d3870aadcd936fc194

SHA512
fa789f38ad8f76307ff170c1962eda2a8e8438986963b2c2f992aac7751ad53b6107c33331b763acd3f10be05e4a913e319e10b6ab8f526d13160e3ff825a952

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
c34eb9e6ae9986d8ef7e8833d5e844c3

SHA1
3bb7ef402db59f8a7177fb20f3d52ffdb2318732

SHA256
d1303f2a78d48d70b79a090384bfcd8a81589877b2c909f7e59470964c2b12e8

SHA512
1c896959ee98c39573a5e31fdd24dcd6903cfd802aaa7b7c412af7e26bbf19f9ae2827c7bba2c030b68379af68d111695ca7ff658ce25d327e2598448f77acdd

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
47f5fba8aa2db71cf1c21ea47ed42f2f

SHA1
a9e55592c6619a3c235e22af7519f55046b958ca

SHA256
eb8d12f927eb40a31b4f8ced80eb50e7e044e609262968c67ec1b7cad15cb239

SHA512
e647fb421668101bf4e929e4147d2cd2227cfb3cb10b79672691319dd4c362f7927d20b07c929e30b6f1e2456b6210ad96dbe7730430f137d065259b4ea9d3e0

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
0de49bf0e3bad93be3de0417d4892376

SHA1
8f8dfc7e50ea87a99bf10b58dbcb2a2368b2e33e

SHA256
0dbc1956b42a3853c284f5ac865267ba6740af5c886df5fae8689a66060590af

SHA512
d52b065918ae1c4b22195366dc41fa73a3d9eda3ce6e96a7d25628d73254eaa0dda80abd483f919f565369ee3bb949ec19085854a80739a0852e46a84b8b6d86

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
94409aaba8b829e63660e92f4468375b

SHA1
ca3e13205d734b75334692ca5a0a7bb22a5fb8c5

SHA256
175dfbe02af6ef027dce38f2d8f0e90e1de1df878393306ad5ff5426496d06b9

SHA512
16f6dfeb3ec8d3ed916a5b861f0edbd53dcd1b5d7c8f7b7a5ecd234901dcd6c223a6c6ba0ac03bb5d5eefd830a4a8160e07d29ed1100bc7354ae6934972fc814

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
ad4a3404506bc47431bcce1f94445451

SHA1
1aae7837d8a0cebca85fe5cf986c31a2e0a1a638

SHA256
b59dd2cae6e1390e997fc7f606cde602d8568d25c33f57784bafd8441f689f7a

SHA512
7264531c255cec40c70214c8e14d76d69ed126b100b79ef41762136f91a577065fecb81378d4b96063d4a74fa27956068b20a91c65a0860b66da2d2facf86c10

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
c91569b0ff84990ad8749fb358799006

SHA1
35f12de8d7675289f5f6fbf7350a3900a80334f6

SHA256
2eb9206b2ea0880430d4d2158ef7e4bd35903cf378353c456969e84d5d0e32de

SHA512
afde69a079152528f4f247f213589864463df1b3274f2bdd25201ba906d0482f23ecdf49851721dc6a255805de975ae7ca9d505f8c5eef3b5109380c8f827855

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
98a4422076da8d0ea0e9073c027de678

SHA1
9c1c87c2479249c1b0fe52f672b052d5b1ae3143

SHA256
696047718fdad1307a6cdf8c2c0d4b37af018a4c019b6498d03425673bb53c70

SHA512
74a512c13f8e234e2dc2cf98a029092e785beee0c1a35392f17708f177ef7a1c89843659e6012b5c18dc37b7a7c358f07d9bdbfb6c5b88f0258bff1a03d77ce2

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
69e9c3a49465bd29bdb037ff8e100939

SHA1
2ed4e9710538b364d0b5d67692843e82796b20db

SHA256
7198d060eef2e750c06d020f6aa2a81a411152faec86dcafcf27f9540e2625e4

SHA512
a97452aed6ba69bade56ce63295915bb1d5e218453b29c5918866c4040fa75b7e86c44fd51507443c9a69e7fc1da45d74c4f14d11b7b05713cf3917854d2c7c2

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
90d07e2b6da456fd0a5c1f0f3e664661

SHA1
d67e7d580d38f5c24b08efa86483f57798eba66c

SHA256
7a6a410cf4f8ed9b6d7869ed2489b51ab4b61a95881f64dbf11e8b7a40f88f04

SHA512
ba5bc0e7a577274e209b493f3018eb03f1ea5ca35b4cba983d864c667cb8e431b876003b9faa7065d16d3d5b1a0b88fea575182881d2dd3d749d40f384598b8d

Download Submit
memory/180-13-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/180-142-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/180-88-0x0000000000620000-0x0000000000680000-memory.dmp

Filesize
384KB

Download
memory/180-12-0x0000000000620000-0x0000000000680000-memory.dmp

Filesize
384KB

Download
memory/936-168-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/936-159-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/936-224-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/936-160-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1048-225-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1048-572-0x00000000005E0000-0x0000000000640000-memory.dmp

Filesize
384KB

Download
memory/1048-571-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1048-235-0x00000000005E0000-0x0000000000640000-memory.dmp

Filesize
384KB

Download
memory/1048-291-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1384-288-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/1384-281-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/1384-573-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/1764-1-0x0000000000C80000-0x0000000000CE6000-memory.dmp

Filesize
408KB

Download
memory/1764-6-0x0000000000C80000-0x0000000000CE6000-memory.dmp

Filesize
408KB

Download
memory/1764-410-0x0000000000400000-0x00000000005CD000-memory.dmp

Filesize
1.8MB

Download
memory/1764-0-0x0000000000400000-0x00000000005CD000-memory.dmp

Filesize
1.8MB

Download
memory/1764-131-0x0000000000400000-0x00000000005CD000-memory.dmp

Filesize
1.8MB

Download
memory/1764-7-0x0000000000C80000-0x0000000000CE6000-memory.dmp

Filesize
408KB

Download
memory/2552-158-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2552-101-0x0000000000580000-0x00000000005E0000-memory.dmp

Filesize
384KB

Download
memory/2552-95-0x0000000000580000-0x00000000005E0000-memory.dmp

Filesize
384KB

Download
memory/2552-94-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2688-138-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2688-133-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2688-130-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2688-201-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2748-268-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2748-275-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/2748-544-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/3132-187-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/3132-126-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/3132-118-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/3132-119-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/3196-310-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3196-318-0x0000000000B00000-0x0000000000B60000-memory.dmp

Filesize
384KB

Download
memory/3196-576-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3408-209-0x0000000000670000-0x00000000006D6000-memory.dmp

Filesize
408KB

Download
memory/3408-203-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3408-265-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3496-308-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/3496-239-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/3496-248-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/3612-238-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3612-184-0x00000000008C0000-0x0000000000920000-memory.dmp

Filesize
384KB

Download
memory/3612-172-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3656-196-0x0000000000B30000-0x0000000000B90000-memory.dmp

Filesize
384KB

Download
memory/3656-190-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/3656-251-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/3884-120-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3884-105-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3884-106-0x0000000000EB0000-0x0000000000F10000-memory.dmp

Filesize
384KB

Download
memory/3884-116-0x0000000000EB0000-0x0000000000F10000-memory.dmp

Filesize
384KB

Download
memory/3884-112-0x0000000000EB0000-0x0000000000F10000-memory.dmp

Filesize
384KB

Download
memory/4364-153-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/4364-156-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4364-150-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/4364-143-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4364-144-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/4456-253-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4456-261-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4456-321-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4540-578-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/4540-322-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4540-399-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/4540-577-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4580-278-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4580-213-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4580-221-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/4760-305-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4760-306-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/4760-300-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/4760-294-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download