c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
Size

1.8MB
MD5

3c15109d6f84e3ea18adc427da642f65
SHA1

88ccb7ccfa628bb3e20fb18dff574f66d6bf9e42
SHA256

c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905
SHA512

4bccd6f53f3fbb20bc4a64e5e1d1d7919a8bed57dd3a8bfc6321895b0741e0440c698befc1f252d221a9e93cd45b7f71e0e9dbe8b52106eb9d826c4d51be6e87
SSDEEP

49152:5x5SUW/cxUitIGLsF0nb+tJVYleAMz77+WABf9Ckt7c20+9qNxUW:5vbjVkjjCAzJSfEkKK90

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 15 IoCs

pid	Process
968	alg.exe
2852	DiagnosticsHub.StandardCollector.Service.exe
1440	fxssvc.exe
3644	elevation_service.exe
4076	elevation_service.exe
3616	maintenanceservice.exe
812	msdtc.exe
4760	OSE.EXE
4488	PerceptionSimulationService.exe
4788	perfhost.exe
3028	locator.exe
4128	SensorDataService.exe
1956	snmptrap.exe
5092	spectrum.exe
1440	ssh-agent.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 31 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\locator.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\942193b0fc7bedf8.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	alg.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\spectrum.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\psmachine_64.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_kn.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_vi.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_te.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\GoogleUpdateCore.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\psmachine.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_es-419.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_el.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_sr.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_hi.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_it.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_tr.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_id.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_ro.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM5D33.tmp\goopdateres_lv.dll	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2852	DiagnosticsHub.StandardCollector.Service.exe
2852	DiagnosticsHub.StandardCollector.Service.exe
2852	DiagnosticsHub.StandardCollector.Service.exe
2852	DiagnosticsHub.StandardCollector.Service.exe
2852	DiagnosticsHub.StandardCollector.Service.exe
2852	DiagnosticsHub.StandardCollector.Service.exe
2852	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4968	c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
Token: SeAuditPrivilege	1440	fxssvc.exe
Token: SeDebugPrivilege	968	alg.exe
Token: SeDebugPrivilege	968	alg.exe
Token: SeDebugPrivilege	968	alg.exe
Token: SeDebugPrivilege	2852	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe
"C:\Users\Admin\AppData\Local\Temp\c791af34dd29b232e14e5ca96d8769de441c2a2b3044ac3fd6d40cedd166f905.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4968

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:968

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2852

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4820

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1440

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4076

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3616

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:812

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4760

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4488

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4788

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3028

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4128

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1956

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:5092

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:1440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
6b40143eb3a124a1928c2a485ad1b5fd

SHA1
108a0061fde8ef930332bd6503c908c274f5fc68

SHA256
07c9098c1f41e77bf1ecb14a086c96b9bee428c9df651e43ecf9a363beea246b

SHA512
bdf4bff09d2bb22f7446edfeacbf83abf67b4e54c740665ff52fed7418c4a2117d5e217cf36e47198a287948748d01f031708cf6be5d93d3421e7abf99d81259

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
97462972f118466bab6b05cd654bc380

SHA1
c31002e1c5991a211821a804ad9a5eb3e0ae6e97

SHA256
49027b15f7db727bde899b464de4e02f76cb009b7ddd44690d85557ab986cb1e

SHA512
12b12ee6f362aac731f1668a84f1d41217d6db52213205018b70fbb8ca6ecee6fe390ec7a52400ad50fd21d521e804d0f447d210930eb72fa69b2b712b22188b

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
c311cb94e9d3f00a3217e21db700e44b

SHA1
edb9c01ea50ef097952082ac037018f720e0332c

SHA256
b7aed1702a89ddfa8ae813e647882be32eb1019a590cb4988683e0c09b46bf56

SHA512
5108f14ab9e7dcd179fcfb26d223a7217db5462c4c5d09107e89d82bdca14bed59e70368a65c1a8038b572cb68efc0e88d3090ef942ee1c2d34ea24038ba3124

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
71b1c03e93f7a97938dd2a1e74930eee

SHA1
05dc19c500c96752ca6994ab1201a2fa4349a297

SHA256
2cbd18f8ac00bf133e44b08e6330df545500144f587702ad88683e73ec7cf901

SHA512
ffba7175c9b6eda31f26334f84e046369f1b5367a7cd897186c9953be0a674d7e22b75bb303452453b17f627ca00fe9cf026e15c5bc04eb1fd599307032e2091

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
676ae9c928c0e4a846a64daf30496df4

SHA1
ef03642a3e32c5ae12aedb378c3e5533cdd76520

SHA256
c1fc56dc291dc0e4a8f178cbc9c611e4d9cd83a4bb3d18b9cf610cea40a69d41

SHA512
7c08c15fcdd1ddb6678326cc135a6ed96fdfcd7d0e4bf548c69fc26c57a740aa909a926e34b7fb84214d599692fbc38a58e160b2f7edcca2550ba20ca439064d

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
37b0d05c35dd4755cb97ddf76d7f1e3d

SHA1
d19cc5a849c53ac60ef16aa3c46e8e9ecca426d3

SHA256
e293e0c376caaa075867cd41ff7656aeda72d7c13354563489f4a9b4be48a348

SHA512
147a5846c6d7ba57eb858693ff548e224c3649b78c417b2f01f008943e1ee6fd4d9aeed1abdd54e68ccd6d9213d039b48ee99e588452054be9f6fff6be445cf2

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
7b13ee16714bd9a2fcde6b88b535d8e8

SHA1
c31f716f616ac09a38fb8e88fa6aef375370b39d

SHA256
f695c1e95657536c1fd6fdde15dfa0ae5841ebf5404eff063e66fc182c43661e

SHA512
fec1d1ba6a09f506807b3087d82da197f750f8b93c7f8603e53766e83a2e6e234c02ddade577a22a7e47c212d773f2575c1e605b4c5d75d2f4f0a914a6c88c08

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
7ad33f2efc288f4dffbd0a5046584051

SHA1
78ce8540cf309f9afec735a2dbce90a4b340c056

SHA256
57b6c050423e6d0db1a48733d1671a154b8e3b3ce15d26f62866ef45478f0971

SHA512
d02fbd48dddec884d07df6a037c5e6941b0c4c2e475ba24b8498bdb147389397b131104b4855caa7b0da730abb393a3798f77d8000e3c88cfddbeb1d5f8955b7

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
70318670cc54ab6d7225eeac2a51933a

SHA1
d83beae4a3552f22dffdee84465aded2812a695d

SHA256
e49b8eeb38a04f0ad37f9cb076487759367b0783565083c5ef6158c381e6b37e

SHA512
8483bb5c06b5e9daf44cff7d990ca20f25cb0226ab5464d2962764ee37015d55b14c5a9144791266ccbf1a78225f538ac9bb4cbd60fcd87445d0e6c87e534972

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
c8e207a05cbca0e142ffcfa8f43ea883

SHA1
64ab4f26ff2c13e5b90a8d320ca7c6b75b1e99c2

SHA256
850ffab29fb4db9d34f9c55c0f3f4199ec1104155272e09a4700c57bb4f556ef

SHA512
b1c0fde21bf112f2171ca20a527cc06bc9d0fde8d3f94cc570d5fe8c90c54d6a49e7d20b984134754999f55fcab31c850c97435296b9f25df27edd28477fd34d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
3608a6e8ea519773352632ae2a3840b2

SHA1
2782872bd318e16a25a8015deacc46ab35a9f944

SHA256
fc716eb0a4750d3b7ceeb1263736ec38cb168240a4a50184b38997158e281ba5

SHA512
d39aa9e0d42ec986c8238c072dfd833604e7f5fb065570ea7ae9e62f191a93fb704ba22a013d153f25648b91c1052db9809bcb75ad0c44ab85c12d2fa0eaf49d

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
c07e1ec1961248cbbd0d8bf0d8907475

SHA1
5ef871134b98ba082402fc5925e9a739d5074261

SHA256
38ff25c543177d05794a1a4976c33f1500df181a75dc9f946f53ba70582b6c90

SHA512
6d04434cb00f0073e54d18c1b11e2294671c0e24c64d62e9c2c19721b7459e3e74d1671966c94132e184feae2ba2bfa18ad5c13886bec622de81296aa3c3aefc

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
0f559a70b8e6378894f87f464b735e9e

SHA1
8e3f8b9168b55b6106775d277d6f29f40e00b2c0

SHA256
c0983d8c045c0b91af402f70ebcb3357b53eb6332f35b1cd4c87739071322d85

SHA512
1f758fc2d3899977cc392a01a8216a3fab63c7fba359811eecf10da0ff022c0016c16c4b7c7ead7b3437730457993ca92edf0a7b62a7646149cacf08aedc10a0

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
e052913dede29a46a6e3c80d0d6599aa

SHA1
3703d21385504bb63715cf9a44b9c99c77d0e822

SHA256
b3be91a7ebd3a1dc612ece318887e936894028566aabf1c4cfa59d6a8956c908

SHA512
1013a2e265fc2b034c86f1204a02c81532757d0cd2e089ebb48cea064bafdb3854455f660086f7eb84ae7432991406aa0d510e45e1b235e85231b910f65dce27

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
77a4dbf57a00df1087de78c99b4b7f55

SHA1
68ecfc40f0aa20d9ab674ce97c77c0a52ee457bd

SHA256
6fa0592561e40f6ae5e61416fc827b40a9448f6dcdb39f8b27f0159f6a524e13

SHA512
6d6d8c85fc3db86e6bdf2852b2445eb3295801de35f7f4d7da6044475bfc08f3f43f0ecdac06047333ff6d5bf96cacf53e4ce3c4ac424fe853bead9d54980a70

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
0acabbdcc0441a20849fa98ebcd2e5d1

SHA1
7a6e605555d969fa3da94310a94da516a6ab4647

SHA256
b2f57fc0a99d01d10fe657d2dd9f63188037ba6ebfe2467e05d885bac82915c8

SHA512
25e1127a8cb2c4811ba2d0f88a9103a564c9e215850e505d6226a4cb49391e1c2da13c2c821163b3fed11d25e92aa2d919f79ea3f4a6ebe596649133db01791d

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
30badd72401f53a57fb6315eb122a1c2

SHA1
d090afcc42e92e769624ba79aa0a8aa11c0ab6e3

SHA256
9827b0eca0c5a62b4b706436c22659c37c959ce13734693f2483ecb706400290

SHA512
0508c49c151b1ef51354259e5c5e27b795cb90071f18a29d12b323d460f88146f8d109f969e81dbbd37862d123e48221e0eeab716ba7e1ac65ce9f32897773d1

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
955caf189488fae3c6ed80f9bdaf03b7

SHA1
e6b42b6c21e513e0dc6e7a5ddcb5608d1326db28

SHA256
488089e1e33bdc3d0a312d85c7efeab20770d166a260e12e4dd70b91d1273230

SHA512
4ae2d76c0b4f6fd61faa19197d0f53dd577d970738caa39a4976caee02d31907fde3c5fd8cb7d870d54297c74d9d8b4dc3763ee438e0c7b9abf7981f41c5d48b

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
f3851a5e2cd4015fbf912dc7e971a49d

SHA1
ce56fe192ec263c11267bb50ade84e21d207a67a

SHA256
e531b7079dd2edefc5b534d653bc52bc25af64f65585b612418d18a67e744be0

SHA512
c287a03eaebfeba640a5d5477212bdf32957c3df23946a784df8440de4e88de3c1922dfc737bdab5f255a1e3234aab37ea5dd9b7043efb572200e8251e738b1f

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
40cc349cf180d75a2c0da50a17276337

SHA1
b6fe9fdbbdc2a6c4c16bad5382273b3d79411886

SHA256
7126d218884126463b9c71544ee817b426d070a978fbd4e0a58211dcb05d8c0f

SHA512
70e5d730bc773555da2c58cef7b1608a2107ff92bff8d161dfde6c5f0d3dfd4e3115641b7363ff500d1cb73540578e68b73f038b1c63d037978a745d47651de7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
ebe80b53146a6f70ecd68eea66cffdb6

SHA1
0797c71fb09f6f5bf361aa10323e08b4f5d30686

SHA256
1d21583c5e612dc08fa7ab94828e8e6ae736488cae1d2872addcfe6dbcc2d26f

SHA512
5824278bad1538c213965e13c1b3860344acf9a3c074aaf78ba02a84b22f1c4d56f428580507c88e22f2e9eb5fa3d327dfe77f1251af9640780be48900a1b984

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
6a886f74be48eef66fc13d6c939577d9

SHA1
86e3dfe4442fbc28d1f8db3152ffac9250b884c1

SHA256
c90f079070cdbab281f2c43e1410fb0fc1fdceae410b99b0f413954806bacf3e

SHA512
a3144527a4c11b8c01e6912a7e9cbf019f70a3934df71bebe6ecdf39602eb0e7aa6788f2745432fef97fe906069e34036636362c1610a281be1cc4aa9bf13fe4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
25c006df10444b447476b46a35053174

SHA1
3a43f601ac65a3e231ad0e79e886461d59862566

SHA256
5b988b9ca682c67f60063da8adcc825cdf1d2b58ea20d6e4b22a6c63372fffb6

SHA512
1ecd97d1c9a6dd3990199e4f0aef8a5d0e7a5d544c8b2fdb26a53ca4e105646cca02b709f3e711d614cf5ba61f04451ae7797919290ed42e70124f108c2b6be3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
de1b1d2630fa7313e20f006c4a340822

SHA1
5cce11e653113ac3677e2de476e22688257266e2

SHA256
dc08c56bf13961760df92e2613da7d7e0218d5b97253efdfe508355e94144cea

SHA512
36563271e75bd81914eb06799b5989ab24d7307d3fd5d24362e5661c0a7a8d384aca22881c8e0ebb1ec7bc8455b102315890339ec5c0ccf74f0f7c1b453b5950

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
e9fe3293f86e11139a5aba1b5c82323b

SHA1
f1da5c1d1137b96539919d28f88fdf729def0c05

SHA256
3be70457ab16e8a0c5cedec52cf7d69ee863703effe54dc3c24425cacb8fb20a

SHA512
611e010c4a77a52ccaa4cbadedf7f2ce047b33e18f97d186239d485bc0242ec8b24cbb5a531acd15fef799f53801af3a9ee70574d1a9cbc73bad7f859b04ac9e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
e5fc1fa4814d71544fb0e4c34285e11e

SHA1
c870601dbcb2efcf0a0d07df9e817d82dc9be4f8

SHA256
c521b72235a9a4943b949bff5331be9ac578ff5353be191b49bcc849aa163cb6

SHA512
b92a9977648c3a556b0d4120c86851636251e9ad0298c28d9d0c3a7f9a159da87c4aa3469638d0e63ddd8b39275e89bdabb115214bcd87cad2adfd6a18668159

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
205f13d03da923858903136f810856e0

SHA1
5a046fb4abdf7879b61a0a8231a86fc415d7a674

SHA256
9c1c45002cc17e5cbf7f44c06917c8527ad1cef2cf85b5cd8089653ddaaf5daf

SHA512
c9826253a188bef498e879ab123dbb6c8d947e8339ed2be734438fa00842cfdd6fe38c09fb382b10738ca6454a14189df17ce6394fd8cbd36707cc6d16a1a05f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.4MB

MD5
89644ef9bf9cb1d0ba9e0a1a49ffa070

SHA1
9cac2ec90ce4a4340fab719ebb75918ab2b182bd

SHA256
5b439d999628c8d61565ca7c3eb5d2e740e41087e186c0bb2509c7a8cf2eb537

SHA512
8324f1302af61d0868ea86166c3b0ca1a2d61a908b54c9837d497dcda8c0ae6037cfd92ce0a645e1c7da4e322e2dd1bf2052f3e3f9393ceddcac632e11a299f5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
70babd1c8aa131ef9349a9ef19294dbf

SHA1
300df1face190909a2c0ea83bec92ec0ff61c4fc

SHA256
691598c0c1efa5176cd05820f724e8de06586ce707ce5366386e7eb9666ab613

SHA512
1ff171d323faa868f91c3b57e6532512edb85ef9f63aba3e3a561f6eaef0cb41b728db0ca3df048ca5cf15c39e83c2bc4968f9d603d8fdfe02b0a88fc80b8674

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
225bcdd9b1e6eabff66c18e3633494d3

SHA1
892fe574f82fb9bda2aa8f2047d7b0ad20fbe638

SHA256
71d17fafc5e7162223021f1cfc150f0207eecb69a25b06cf5c25e7396256dcb4

SHA512
b4defd0091d4facc9990a6a29ca4b36c8802f9d43d0593b42276dd2a00567894c97572d3e784cf73fc1f9163e03db48aa293b5a754400cf9318d170c29537e5a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
9fc03c93a69e65cd245b3d6f5d04d51b

SHA1
13d52b22f5e5daad3b166457df4ca126b27b05ac

SHA256
3646a521e1851ca1698e3cb74495fb20bf7f0091179b25308f85cf4d925e55ed

SHA512
233c018fdad1f5caa769d60069a79c303dc3b8b14ddc5e40c920d7c33b51c715512b2dce34fafa00f6c04ec12500fe7630f6b2bc23c85ef541b91c9c9895d296

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
3703cbe01d03a515046e37f43c702c1c

SHA1
03272ade563c3b1b10714764c4be40e70b894576

SHA256
6267845bcb1b4b77c6e3c1bf2507ba562ed7bd33cb0913a2e28f18382f260a7a

SHA512
f30befac51b3e67fc10363e305a4870b114811f31e36fbecc610ebe3866a8dcf9b76e6ae17b3cdb8cb3b2d807951a4d7cd4ccf58abe6aca75e027c25b8fa032b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
5f5a5710764122af397a06deaf013891

SHA1
a56b5401cb72fb7721101cbe9d0e1930434a31d4

SHA256
ced21378e7f4a4339c55ad741e19b25a02c209f4aaffadd45e2ead9e8a1e0b8f

SHA512
65236be22bd7ccdec7f238a0a96597bd3d2996f266ae62401a3d646272d56eeccd3fd3ef4f58f1010bb41630386c0e7f317b40e430eda7a946822d52289bcc36

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
2076130948d464ccfafc731a742b6a4c

SHA1
513add1f0521449dd48e538a2b1d1787f8699688

SHA256
afc3a198aaea3e7491253fe07abd21b03764915a17cc113bbbdf1836c748d3cf

SHA512
cf723807e214f759f8b1e2f981192664f8d5d771592a8ba2c6b7160c683f195203de3b80a99ed420fb5ef8c5bf8671623a993094787614473a5aa7cbcfe23b83

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
d9526a6cfe9dec740dfee13cb03d18d1

SHA1
a8f0cb9ee4b9b57a1a6ed981e83ba8bbfee0d6db

SHA256
af8b62afc1ecc0648b45caa00e69e22c2df6515873761aed3b36fe9612d9e4e6

SHA512
7913268459adf07c6980bf33184e78674524fd06dc32485c054d2376caeee483ac6435573914d4ab94c854fd037fa564e145b7c52ef40b573788a8c570d7ca52

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
82129c33f56d98bcd6d9333a66d29097

SHA1
f97c42832ee49d84f31c6bcbec76733830133db7

SHA256
418abc568bf8f02ef75ce9c636dbad2db597d8a3f70fed9172b52cc1e6616f9e

SHA512
6e225884150084ca167922e5e767b750f7be67dbc132a19527adc798f715f7a71db6b4f713076ef636a0326ac5b6c78bcef8e1391ca9f0ba5fc311ce438c89ed

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
013a0b0de48fe62f91be75c8c963dec8

SHA1
955d071b7dccb7c5544859700555a3f0e79e2d81

SHA256
b5b09def37d2bf0c7a1c5d190b251827c259646bb887d4142f4c7e78883597e3

SHA512
365d680d999c4308522b4d4b7d9317424847ba61d73a4cc5b41526da941715bb571bcae74fb8e6116b4f5b8807386c3ba91803447895722a057c92e83ce2529a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
3e0f0746c91b62cc89a3b18ca32ec7a3

SHA1
2aa4921f6f4afd3c0cce8409484574f744d05d5b

SHA256
d144e02cff9694029ca72d86b4997306b881fc5a591948c7a090028b7d4ca413

SHA512
c6039e5ce2cf64e7eaac878415ca2499fea0bbedb72d966c2bf93840fddf587b2cf9b86e9bc6f46080890a4914e14a436350200ec8173caaac55da59debc7b9b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
007ef64b564021d7885c6453e867e2ef

SHA1
28b8221fdabbf546c2f660266d139dd4ac6e6612

SHA256
3f13e368ea33cc47ed2fe4b5b36e2e76fb56dcad4a69813525ff8a2d4a8fad47

SHA512
2ec522f8b30007b0450964f94a0511b049f1dc7a4f1d94eb5301aabcd9121f1758290e5cc5045b3442d95bef06ad658f9a9d685e92d70b059a6350d718b1d679

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
64cc5bcde5f59b563260f804de8625fd

SHA1
5a40d6f19193de95d683e69cfddf25c81f21066e

SHA256
e0f7944a355ceffa59ea4e3629c00a6612956edf4a06fbda23bff9d2257d3968

SHA512
48537cf653510b8da71470fd4e4ea20f074d61679e50b40c2ee23f18fbac19d3ef4984482084675bc8a0d8db57a12b386fac13eb6159dd5f06e2e4fc43be2edd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
9d0a030c9b47f5ad55e4d1ac9c51066a

SHA1
26a8c5ac8bf4935496865398716557bdea9070fa

SHA256
ebb2b400514b6aa6b1c52efa6bf228feeb5dbc8cd97636e61d8c549a41815202

SHA512
800fa6018b1939940ca3e762695c0abe1c30ce080dbdefff10e89abe65ef396e9c0ef66a27d4dccb12733785a15ebc84c18db7b7d88130874103a45c47a4b35e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
0635a4e4bcc28ca302fe3b25e0ba833a

SHA1
6783cbc23ff67fd32a482084c315be06df133343

SHA256
d9375efe2756f5faad49c132eb75877932a7f2290cb3cff904501b3550e157a4

SHA512
0aa5a76d418b6e2e6893e63808c0afd445af29701b557e8185a98c992966a4d04b09f973e7d833ac14cabba611ac3ed770b1a7a462cdd98c6d659cea28d6c078

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.2MB

MD5
3cc369730b8eaea8cc02ac1b42a4e0c1

SHA1
419ddae0a6d3b5e15768f57798bf370b42d7dfa7

SHA256
417bddadfc079279e0f0861961a341d696ccd380c9eb50533c005aad4025a938

SHA512
2bd83395f8601e49195556cdd4953ab162ecf103ca548915b5e021d2352ed9b31a46935d5a4ceca07f67fe075faea0076631d67cf86cf503c36505c914fd31d2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
1.2MB

MD5
68d5ebbf23a1befcd2bdc9682f81aac7

SHA1
7e1c12f74ae5885d944e8c8b63af5af4abd6ca2e

SHA256
ef6b9ad66a05add7d70974d9c61ae723fa9187ed147e4a55f894bcc2f2825a17

SHA512
18d230c49fe78502c2343b182bb75225cbc3447d7c437c50d8287183f3ffa8268e506707182d82dd1d2e56d57b4a6fc70cf752512a78c987742f075921f84556

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
115fbb0bcb5cf033b67afc6999ea31b8

SHA1
4a9c343c472b7aad46849e39792c0baec27048cb

SHA256
e2fd8d227b6457e3fcffad94d6873ef13d46bd0c03573761eda7c3fbc3ffc225

SHA512
bb110086c60b72f33e7a07f22cfcc678f02d382d91b6e50922715a186f549fa3290d6ab5dc92d0086ee8de2fb379f18b06e3b53ebe1ac1066a1548c12d723f0f

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
1061ce36015c4145dd310c4e5a471ee6

SHA1
9ef91d9ce313b2ceb37fd6b6da79f17db9dfdfca

SHA256
5d50d144de1c9b4cecc986d14b625c2747ec97abd210191ec8f1c1d8bd250b21

SHA512
747aee95a934b5ca5afcc091e7b5c73170e4c3789136fc289de18e4982428226311ab8744c1270e1852f7823b8968e312b8d3ac9cef42f1303f5f1d4d98ee9ff

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
e7c3e9ad00fdf577904eb5c8f1cde58c

SHA1
4746c0dd4dede1334ff90fb71efc7aaeb450e998

SHA256
7fc7ba65f48a7d3b17adeaf90ed84c6fb957de667f2405fbed08c2e253f797e7

SHA512
7b138d3e57b81b3070a2a4f0c92d62a8afa5b8c6fc503d0d2c5c43bef8054f20cc85ac1f1d92883ea1d4e0ec4d5082770e88a4bf0756b22a2a283b70f9debb1f

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
1a42fd6d3a51ec180d3ae9cfc2363d10

SHA1
d1e548d4c57d9d2da6140ceee24b779567f0bda8

SHA256
182ef8fd54b4dac7c03874fdeaf049322c8c719d6c4344212564635411693832

SHA512
c51bcd9649412510f2dd8437a3d2912b0f52e657cc9f1cb9bf3a2fe19029fbb0c526d6d070afbae3f65f37c0929d78762affa6938c095d0d9ee2f378b2210566

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
d12bcd5b5708399bd965af70f04ee43b

SHA1
1b6db4042c7257eae17a88d88f26a2a5f3347ebf

SHA256
4f2914e277eaacabbb162febf432655444a97915d56a8c45a824d665d3521028

SHA512
b75e5a90dbc5c69a7870ab05c5a823da16044763b38200b31c92f20f7321aad273cf545654e93481ba67c518d6d2c599ad1993d15d961db7076d5b22ec4cae19

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
cf2e211232dad3c6a9c0f6f2ccd651a0

SHA1
caa705b166c4b8dce40a1d2c7815b9417619c617

SHA256
2048ef46fcb1cce388d65111c174cb40076b13fb8c3da5a173eea08265ca93c8

SHA512
5de3fa498eca58ff7e136eb386c8d5d113a24a1e1735d6581577f2ac7a0d2d5423078656ec95b63a5c960a7647f38ddf46c8e5491914b04582f52695c38008d1

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
7840a1fd3bd7c3e8c5957b5d70538d71

SHA1
0c21d199e67b29679f7397ed166d5608fd76384f

SHA256
d0f0fb33c2a6e5697bf28c3e25692248fea43cdb2be78d31147abbacbeec5cfc

SHA512
1581a8738b1a5512c38bddd2a8d4598b02ac0921836c1243d35ea5331cc94a10fd61d1fa15b82d9ea6b9b94076ca651036ed3e1031da8d88cda605362e8dd736

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
ec5f477a43f33f60584f1debc090d9a3

SHA1
3d4c6c028647fd54e7a82c0e04920eda91a318a3

SHA256
3052038358143b790b85d7f280a55b173ceb7e34f6a3420375933189f266e001

SHA512
e2f35567f20021cfc221389dff577a83b7b7f534f6ee618d59f966de1761c3a1eb12b6d49aa1e6f6a175557b0fd1efd7f3095b3c97d9f9315340ec28de64d591

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
3c6bb3212f4e8ea3fbc262038ceca017

SHA1
02d7577dbdf161d50c84022f008964e9121ad1c7

SHA256
ae5743e8f771e01e4ccf1a03f38e2719286afd5c8f3649b71ed54beb2d21f199

SHA512
d36a5a13cc7ef09b14e4358fbaa0f7ad0a5486adba797e470456ad78b6fe91e4850877c8712e346f5b6b6b406a974305c891ee48e8cef304c233fa5fe7188731

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
bb246a9ccf08da17d02a2b4b7b89af59

SHA1
875bbb04656d03412da0db2cd1ca130ebfad344e

SHA256
4a8248a02071e2f7238e216ab97fc0894f456263763aed7f0eb8a3fa7f363de3

SHA512
b4ece25d65dda5bdc8af75dac80caae6b5c9366898af0ca43f3d6c86dc2b86d3825c2d1f6122ca2c4005d5ad358e0ba6a41fe973914d9a8400cc113cab0c2699

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
120a3009cb82eb5320a5194c384ce5f2

SHA1
054ed0b3e3ca4e11f77b5568dd73613411913e53

SHA256
7ea0eec85c20e978d3fc7e5b4f3de9f7049631d79a1cfbde1a6cefb3e4543ee1

SHA512
a0caa161a15f5fde0513e0beaa552075d5a69a12de843045a00b01d7269dfd84aabce8ec931eeab6e410eb1034d7cbc8716fa8052c8b0e4c5e433cd603234374

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
3c39cd12200e99b7ae93d11b5de6e6c1

SHA1
2f6cf83c17fa15e2542acbaf7e9cdbb19d396878

SHA256
b58495626878b98c49131ba575635dd8860e1c63e4ea99691c13691468109990

SHA512
9dfdfd9d5b7f7241f121bde65bf05733384f8c4658d82db7c87407474e600ce5093121de0e6fef9f2eedf8760df1282dd14cc686137d57247c87b7edec4fd7cf

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
f632dc88d35b7d97a6ddd572fc73316c

SHA1
630d58377d0541d009b4b8a711e3497cb9b7d74f

SHA256
1c2a0d17392f5d48319e83e37952f8f335dd4ebd40fee4c4f5241b2182b686e7

SHA512
a5024c454dd210e13db2ffc1f9dde00c50aab3ec950a21ec42b8fb607e14b0c249c0f3b3659d44f42b5a0dd9c3275c43548edfe89ed9e7103581092513d418bd

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.5MB

MD5
1451584583ef8f5ea90658ccf60be6d1

SHA1
16a31b4b6974c8e33f39c29b57268d063689ca29

SHA256
702bb381d6c6d5c5558e82b1d8655ba6d7b2f37d515914663b1402314c7b6f8f

SHA512
ca64cf551782d838e0a1636ecc97e552541e16d9c80fe3e2f987b427b780ccc581e3464ec635ef0fabf0999ec378ed98dbd0cf10a94956c7a0ec9a498ef048ae

Download Submit
C:\Windows\system32\TieringEngineService.exe

Filesize
1.5MB

MD5
a869800d9d4eeb1872393401c84577d1

SHA1
2c36cc2a579b270576bf86f040a01f32ec288008

SHA256
c4249782261ed3e20c0ec74c31234879ed774f4d56cf7dca11619e5986436802

SHA512
af07f586be146a91be5c39db8adf5a17e28109e138945d240fc5ac90aff06a262f1e809a313c649dd09ff618dca5b15e855602b606bea6e7ba5f541076b4a9c5

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
c96a2a14596b23d77fffe0ddb043d6da

SHA1
e3a37dc52555876e12a96c5b739f4009e6f8ba36

SHA256
a33f5f9b2a1c155aa60d0145a5eb8643b3fafbfeec6dd6460c6e6d81d18ce033

SHA512
9fa386983014017f9063c100f6e8da98e3689dfa89db2ab869ccd53159bc676c7181993fd5501eea47ca03f2233c5e3b88a920b15a6b11acb9b6b066edd9f841

Download Submit
memory/812-163-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/812-171-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/812-162-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/812-228-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/968-81-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/968-13-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/968-12-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/968-144-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/1440-340-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/1440-118-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/1440-113-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/1440-107-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/1440-106-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1440-122-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1440-261-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/1440-517-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/1956-243-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/1956-234-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/1956-513-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/2852-94-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/2852-95-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/2852-102-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/2852-161-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/3028-208-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/3028-483-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/3028-215-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/3616-156-0x0000000002270000-0x00000000022D0000-memory.dmp

Filesize
384KB

Download
memory/3616-145-0x0000000002270000-0x00000000022D0000-memory.dmp

Filesize
384KB

Download
memory/3616-152-0x0000000002270000-0x00000000022D0000-memory.dmp

Filesize
384KB

Download
memory/3616-146-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/3616-159-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/3644-190-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/3644-128-0x0000000000C70000-0x0000000000CD0000-memory.dmp

Filesize
384KB

Download
memory/3644-120-0x0000000000C70000-0x0000000000CD0000-memory.dmp

Filesize
384KB

Download
memory/3644-117-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4076-134-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4076-203-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4076-133-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4076-140-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4128-219-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4128-229-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4128-512-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4128-511-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4128-508-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4488-255-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/4488-192-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/4488-199-0x0000000000B80000-0x0000000000BE0000-memory.dmp

Filesize
384KB

Download
memory/4760-179-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4760-241-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4760-186-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/4788-269-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4788-204-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4968-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/4968-349-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/4968-132-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/4968-7-0x0000000000C80000-0x0000000000CE7000-memory.dmp

Filesize
412KB

Download
memory/4968-6-0x0000000000C80000-0x0000000000CE7000-memory.dmp

Filesize
412KB

Download
memory/4968-1-0x0000000000C80000-0x0000000000CE7000-memory.dmp

Filesize
412KB

Download
memory/5092-256-0x00000000004E0000-0x0000000000540000-memory.dmp

Filesize
384KB

Download
memory/5092-248-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/5092-516-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download