e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
Size

1.8MB
MD5

91089900455ec3e75926450a6d353269
SHA1

6003e43dad222221eacbabe7637629435d00fd49
SHA256

e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372
SHA512

6aa6be788f29f34af40c3e69d94fd7a65e2a13c4b3ca9ed8b8f9352e01f0c041a341b54807136540512487ae5f9a53c5d4e09d054073c104828cee7ba4c1b68e
SSDEEP

49152:kx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAOf9Ckt7c20+9qNxUW:kvbjVkjjCAzJRfEkKK90

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 21 IoCs

pid	Process
768	alg.exe
4180	DiagnosticsHub.StandardCollector.Service.exe
4600	fxssvc.exe
4552	elevation_service.exe
2084	elevation_service.exe
1736	maintenanceservice.exe
4888	msdtc.exe
1220	OSE.EXE
3660	PerceptionSimulationService.exe
864	perfhost.exe
1404	locator.exe
4636	SensorDataService.exe
4544	snmptrap.exe
3800	spectrum.exe
684	ssh-agent.exe
220	TieringEngineService.exe
412	AgentService.exe
4600	vds.exe
1160	vssvc.exe
1696	wbengine.exe
5364	WmiApSrv.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 36 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\SensorDataService.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\spectrum.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\AgentService.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\System32\vds.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\wbengine.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\locator.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\38fbe5fec43e60d1.bin	alg.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\vssvc.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\msiexec.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\System32\alg.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\GUM327A.tmp\goopdateres_pt-BR.dll	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File created	C:\Program Files (x86)\Google\Temp\GUM327A.tmp\goopdateres_ur.dll	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File created	C:\Program Files (x86)\Google\Temp\GUM327A.tmp\goopdateres_ru.dll	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM327A.tmp\goopdateres_bn.dll	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File created	C:\Program Files (x86)\Google\Temp\GUM327A.tmp\goopdateres_iw.dll	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_72093\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM327A.tmp\goopdateres_el.dll	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM327A.tmp\GoogleUpdateComRegisterShell64.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM327A.tmp\goopdateres_gu.dll	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM327A.tmp\GoogleUpdateCore.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File created	C:\Program Files (x86)\Google\Temp\GUM327A.tmp\goopdateres_lv.dll	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4180	DiagnosticsHub.StandardCollector.Service.exe
4180	DiagnosticsHub.StandardCollector.Service.exe
4180	DiagnosticsHub.StandardCollector.Service.exe
4180	DiagnosticsHub.StandardCollector.Service.exe
4180	DiagnosticsHub.StandardCollector.Service.exe
4180	DiagnosticsHub.StandardCollector.Service.exe
4180	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1644	e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
Token: SeAuditPrivilege	4600	fxssvc.exe
Token: SeRestorePrivilege	220	TieringEngineService.exe
Token: SeManageVolumePrivilege	220	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	412	AgentService.exe
Token: SeBackupPrivilege	1160	vssvc.exe
Token: SeRestorePrivilege	1160	vssvc.exe
Token: SeAuditPrivilege	1160	vssvc.exe
Token: SeBackupPrivilege	1696	wbengine.exe
Token: SeRestorePrivilege	1696	wbengine.exe
Token: SeSecurityPrivilege	1696	wbengine.exe
Token: SeDebugPrivilege	768	alg.exe
Token: SeDebugPrivilege	768	alg.exe
Token: SeDebugPrivilege	768	alg.exe
Token: SeDebugPrivilege	4180	DiagnosticsHub.StandardCollector.Service.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe
"C:\Users\Admin\AppData\Local\Temp\e089f495149e7794fb03d2dfc27bafcba0711dff912dcbdfb399b48298d05372.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1644

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:768

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4180

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4036

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4600

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2084

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1736

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4888

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1220

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3660

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:864

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1404

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4636

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4544

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3800

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:1244

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:220

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:412

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:4600

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1160

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1696

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:5364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
6ede769be165bbaeda98c61f172ed352

SHA1
ed2a12d6c9856aac8f5be0e8d47a71eb3345d591

SHA256
d0088dd9fe5dd203d6420ab8711ee4b3d7dee78e17ae5e875cc2a6403c0cd99e

SHA512
2b799cfbf4cff88cea572c4b1bbf336d2128a65953eadd99a913b4977261676431ec828ec422918b051a5dfef649ae00a08afb7e02e1e61995bb65e4aa99ee29

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
2323c1925e4c570965b550edb0cf678e

SHA1
8afcb0cf04f1befa40f9236e54a66a7bf7bfa75b

SHA256
1a877b470976bc7d95dfb427787571d96fdd73bbc0081c238eea35eb9b2d34d9

SHA512
a067b359a0e3f171be65becf157959d358e88eee62132a006110fd85ec3220a845faaf0c05ecef24e1bda4966a6f87d0e1c03426d482b6d5ec73baa2fa93ad25

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
df6528de4f8456397eeb7ac0633ff675

SHA1
a733fd85a589497b8b69f0a1f637bee8e6ebd3c3

SHA256
d2e7f56217f380566591d7f25dd439b349adb66ba2d9a481c27b1dddbfff6690

SHA512
7e43a3f3cdd97c3758f2923cb674303631cd4e3c552ba87807b4a6f5734dbd171d6a6bb45b557f33a7b878eb019ed1bb4ce52b0bdc22e9ec8fc885521fa0dadc

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
61393f1e135a1be739d527c908e40394

SHA1
a7550d6b7d9de3f317b67e705c4457cfc9ae5802

SHA256
75e612b16dc141ee3280a8adfeaf99a18396dd3dfc8f86e18cf156d5475ed488

SHA512
d52cb7a39ad5051a5afedae1c8f28bbbb1cf8bc15aaa637ccefec3982eb19b7dc625752905f18299d8b49320cefcdc8475b03f3b33f7b0fd3099c4688df1d234

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
4ea3e5a5d5465fd8544d3fb1fc75b951

SHA1
e08de2948b2dc056905ed71a23334875eaaa3caf

SHA256
9a98b41633ea5cb2927e5019f221eb544bba833742e7bef5b2d24a154186a6bd

SHA512
dcf8f373702110443a4cd247c004704c650e16c28fca903bf57093ca7c724af9375440fc85dc7cd0ace0ca8ba8874d14a8317b5106e7c5ad5b5a6c1d65bb2501

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
118168db60db59ab4fdf62b7986934af

SHA1
d0b11615753e154d30ed14dd2b1027f4e2126338

SHA256
2060faabb4185bcf3bf7da358428e2fe0d0865d8805bea772805e6a741722fee

SHA512
4f7cec73cb4b98ad51c7824cc9b963c78c3092dbae17d01e53cb7ee30f4557ebf04482e3be1ef83331b759f07ab1bf54c578ecc2412e3070bec837ba4c953740

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
f56d80ae42b8d5277404f478590021e4

SHA1
f3e2f7d58356e193e4bb9b29a47dd17bd3e86fcb

SHA256
f86021dec296e19354cba5a12d1b0c88519173da757bca3a60d2af002de032ba

SHA512
cefdccc1534883d244a6e04b534f223f2e6d080eff64bf263c6c4ed1f31fd4bdb20e5103be4dc0ae671008a255f1789f515743b821051af97c4c900e0d52b75d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
0c4ad4ed91c96b80d1dc3e99c9517387

SHA1
99f81548b3e65419d0d774affd4093dfa8a29bf9

SHA256
0edc69b8ff30c4665e8ecdea07e2cc246e714c635524829466be371da08fdbeb

SHA512
5085fcef01dbbead6e6ebb5e9eba024d19afdd0d17d6a61b796d9173701bb28defa08dc6fe8a26e2db0ef050d78690cfb795e08c399a8123355a9a6a951e06cc

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
0c6c2ce31e6764d21695e1e7ecadffd4

SHA1
264d7719854815ebcb877691eae267af73c46006

SHA256
f7c5d3f522a5667d360d5cb2b891da207efb1692bf3eaf1a4d38795b91876207

SHA512
4c6841f7a009dbef9232780553bac5c558b786467573e3463a3ad20eed3ec5e30845f54a43fe4c29737c7bdcf89afe0abb8a447a5998f2b3dfe84b6a78f78ec6

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
5a877f89d9a23d6a69d17664d8d1fb5f

SHA1
a97729f50073a2bce73d4a0880c9740c24b41577

SHA256
8ea1cef25ed2ff4f6aa07ff4edc179ebee62acf83891061089ae2dc005a58730

SHA512
951c5dc3bc3b95a354b4e8e96d07c343ed27ac4b62476eb484f91c2ca00d49b54b032005dbf5a0558a7a05f69bd874f14450dfed92374b0110e3a0cd5c03cbe0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
38a7145235f86f370cd6bffd2db87751

SHA1
1544e97415b1aadd7e1e4a35322804c58b932ecf

SHA256
efb97cb234f8eb06d09244c5e9cfc9b2026577b33f008bebb0b8d5c9aeace4e2

SHA512
94dfee957e270424c82110034bb5ef6d45e2d56ef8d31bffd523b50f6b9b824fcad8427e6da47dd413d544849c4702b6242d9f54dde32061b9f333d4be185deb

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
f64b1959a68a703b06a3488a3798844e

SHA1
1c9fe49f2a611b3a07566a9555a83b3f491371e1

SHA256
98b1b44986903209bd140c508af2b4854a281d1a3470f7f16be5701832729ff5

SHA512
dcc293e99195e86541089ffe10676ac5c1b23d82087f7d7b5c9964a90ee5636fc554b5c4bcd53c2db635bfd184168dc025a9b4d64be14c2353a5963276517d14

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
ce5e7029f260c3a9cb9005cb6e757bc9

SHA1
76c8b34b0743dcb019a5d9998d76f3ff037eac6b

SHA256
b03f06b7f443c0e2ff9da0005cfa436ebfdef165956ee64c52750d2bc7b65925

SHA512
a5a0496ad810fbc71c610839068f450bf3e5062353239dba05beb0128dcb8f5ec52d4d6a7c7c93a522bf3ee1ae928136bd221381090853a7516a2459488813f8

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
b6c5982d30e045bdb344766ecd2f72d1

SHA1
41032925cfde33b7655260e5e437aa1ef064179f

SHA256
67e1b2525660c8835529eb28199e163ab5e7f9ee237ebbaa1df6676e596efa8a

SHA512
74fdb75c360c31033fb0bccb14272d3a335c20670a6f42072f6d238cc51d0df8bdf81b9ad6892921cb97532ef80dc6762e35a3fd6e91841a1fa6864a63d7b94e

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
56bf9661dec2b581051e876db9acf63b

SHA1
0f2e8f59654bb8a052110298f9408c4b9e300d69

SHA256
8fd2aba5a27b75621949c6125a9abf871a2fc71de3d238ef21d3e207ccf83676

SHA512
6ad65491457c294a10b89ccee780135941a69e19e2b255961de5fd2487aac41e97d3e2ea5ada7f652fd258bdc40c83a0f0d737c78d3424f5b34b6d057cacadd2

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
e72e478e2ff52b0991abf3e28cfcf12a

SHA1
9eccabcb34cb55e77bad6b4a79395781d0f3fef7

SHA256
c55f925a812510ad88eefd81c745c47fa794eb2e285938e0c29521fa6f274ca0

SHA512
1774a9bac333c21e7cd6d5aeea86bc57420b6f5cf2ffff9ed9e03ad096a39114794529fa72229cebf7211e52b3a74a918f55c0b99d4e4516efaca0307eee720c

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
ad1e7436fd35ff4bbf28afa3ad8cb325

SHA1
7fb0799c86599e8626d63a6c1f565b1cf3ace508

SHA256
6b07f6102a51b132b3287cf7317ce4a71b4af1a0ba00094fb47e038404206fac

SHA512
84b0c8e12ef0233c19577d8cb2ddcbe8fb6a860b1e327e354eb465efc8cd1a6df260f633f0540e9a439435075273bdbea5e9aabd7fc7c68446ce28c4cc3024b9

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
9d041ac3a9e64ff02b987de27d61936f

SHA1
b1e292c26139c231aa4f91032e7d47966e07f268

SHA256
737c9290f79975aab4896de02e84fb148dddcc15cca9786e9f29510ed094dcb6

SHA512
e0b64000605783f0f1f7acb0a6ebebf258d536716bea924a8d5a1539e00573ce9060c25783712c7dee4ce48d73cdd912f65705c85412b6b22ee579a1ac00eb86

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
6355503fa559c5d7a691b63a07a6bfd3

SHA1
9c83d23bb8c643101e7174ffe65adb0a755e0ada

SHA256
b5f76b03558fc40aa8c6d4fe95267c4a73e73f798da749fb45139b094f40828e

SHA512
f1c3b38541f91c11ac4f441aa474dd81f6c63a784a92fc5a9399598b6c32fd8b9bd482eb40377fd3811133fe1599f819f788adc7b2de7076efd52bdb12d3d212

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
a375bd81d970cb4de1e6d34eb8ac1e7b

SHA1
0bc07a804a37294ee521ee8112001c9a2c5025b7

SHA256
3dc71c5da7abd8b65da5c0add3ab485b33b06027b5bfe8edfa6c610f83612df9

SHA512
e1cde120192e5ace287bf5b0d78f187288526647071a1512b4c076ffa3adebf1b3c0bd084072ba91bfbe354c9734b827a7602c9684733232b89c9fa190bae802

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
424324e3c4c07558565e7066f2d10e28

SHA1
2afb53c14977567b5e164557528842035232d42a

SHA256
fa194dc7fe82a7bbfc207dad8f5e2e375aace4323e0aeb4a65c8cbd1a2952848

SHA512
874cb8aa0a9f9955386d0ab277df2b784f34d5c5bea3f700d4aa267a954b0e0406070b4270134bc6b2074476b84d6e7904d40680dcf02f634ca451d05a0f9022

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
d448700cd39e943712c0b8f109a0b152

SHA1
ccbd4163a9aab8d53c184226dab1f714cd77b988

SHA256
8b72af35704617711efda7efbb5ffb134bbe85a60ff7fb3d77a0333b172faa0f

SHA512
c752835073cbff53ff9f1fe835eb9439e594ab85a0c1c9eafb1f9af3decec4c3f3cbb64bc2a00cecddbb974f5648d56f15d062167f7f7d14744d9fb794c5abb5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
defebe82013ff52b20de5c280fde1b53

SHA1
cdf71665426b87fced3c1c0f74ad5c81727984bf

SHA256
b3928a86282efc8cf7c7d29c25dac1a01f226b630c63ce485b132225d530203b

SHA512
bd9d782d0a0a67e4c933f7b183f069d52a9c8f4bf6f41f99639d3fe3b01f1c7c59f06b5aeb87508564ed16565e3a9cbcf02e286b54ff5499caf824bc72d796ff

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
9459ff688621cec2a92f3639076aeec8

SHA1
7a9783992bb06ed4fb9231e6a0f8af638451bf28

SHA256
c6d8f4da675493ac015790e8cc0bd48b5897b61f19c11f56d0f781383fd46d57

SHA512
d5117602fe053c2f90c6409d78c26736e61312bfb2e72a29a46c14848c4d030ecbf9d42db12bfd758b7795125eea5868a6edfe6a3c5f727e8046c9f9db75600a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
5269831e704dce4c682c4a07567d2760

SHA1
a359316285db40a45db76ce9c570b76cbd078ffa

SHA256
80605f3a93d3f0a0b1e3dfd4997bb651e539877d5d23370584ea632195169d87

SHA512
9c14d72b5f945e14471452971721acaf3c03dd2222294ab75920d207e2a64ab27ec3626958b930c7c8ca710170f4db8df35834df205ed4d92d1ac7181e14a7c0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
b821976dc5af85892c72acf060311e8b

SHA1
1981e6414b3cfac4ad1bd8269db4f165702c8928

SHA256
aefafbe156dda74062f8c0ae751bb6dcc0d9176ee652af668955f174a16a5f3a

SHA512
d433afb4edf75fa70ec6cbdf23a70f0cd13291c7d97055dfbf0aaa25b01a38809573105c132b32f335ffba7bffef763740bc1832962fca631d8ffd535f030705

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
d3c8c1b31877780d0315a76e32097850

SHA1
11568366c61cfb9cdf7e722dfbb747f0e1a490aa

SHA256
17b3b29a0952eb638392fbf9c4bf606e314fa6b2a987416b5900c65c3ae62874

SHA512
a7ffdf888e90abc0ef7f328ce92418043fc2947af70e51d49b570d9c3efaea4b6f7677d91b68bc616715dab6d97da662c22c44f2bd2623e1d69663cd96edf1e4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.4MB

MD5
746be1586fbf1ccc8e8674664a2e7c40

SHA1
9f9b4a478a40806b81871c12876960f00b712665

SHA256
63ddf40809a31fb0972a60d1eb786339cc9588cfaf249cb05c6c49650739b6d7

SHA512
4d10f54fde6724118761a08b45784246f1a4d5fe10ebd6c785f68620cd6c273ae23596e20cda3c270d4746b00945817a56e48688f886532a7891a3fcede390b4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
de4afd10f06f1c70f2c1b63519e7213d

SHA1
12230c5c724bb02eea2b5c648476498446822850

SHA256
32d6a3ff61f8d28eb43b31078ae999d27dbe5748740e20fb8ce26bf017c856a5

SHA512
e3d9ca87494f77934470f9a61dccf13c5f26ba5efff4518746cbd03ac4fb7c759ed67089d65c508310529025844b7f963cba534ae3c9c3c8270ca1e7075a794c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
f2e383ff6ce76564af619e239d75f6fc

SHA1
54183e93726786a233106dd2ad4f04322812936d

SHA256
d9fdd46f4cd6760a778ee6e4a2e52be1bef6192563d37911ef691197079e6df9

SHA512
ddaa703edffbbf53d431eee946ddbce53d71d918c4c2d4a995d764be7ae07093f866eb5f56c6379452fc2f6d93699f6d360e42c1b00f5e61b974c768e5f5de94

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
ad20022af2107c08ddb49bdf841bffbb

SHA1
d089aec7c425c8fcdbdd0b0defe3b179a3d77284

SHA256
e75ff52d078ff381b0c0cf7c958400c01c3e3f4449ee3e068565fb8290527645

SHA512
28c8ceb3cafe6da55cdce170afb5e3d3a824e833adcba313754be2170bd217dbb075b0244c7912846130d26e6ad5235ef63b9694dbece5bfa7cb410d80c2158a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
926657db28cc520b1ad8b73b8144f974

SHA1
a200ff39419b3f9b0dc8ff095a6445fbd307f3a9

SHA256
1917a2a3bf6cc48012f05b629f502a4164905d45c032d17d78a547cc2cf27ad3

SHA512
291953b1fdb3d7f621858382496a211ffd224a7e23d5ea4f9a0194c024311cd040209a8f526c277e8664395281d86f0c2656a7c58bacd3ff7184b213ea51ac51

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
71ec7cbd574f5bd064e0c95b76328f46

SHA1
747336e97b82c977e18cf2ba6c72881510532dea

SHA256
b52e421f6c1982daad9adfcdfb65f216bc8bb2d1a439e8e8277a300d1fff0316

SHA512
e3e522183bc0682e998c96ebc1665176c49444da735bec3b95a92e0ab5cc4c94c175efe07adac940dc87bb6188347aaf2e45d8fef777ec2361b860605b7d8be4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
45d788b83a8f9d3e574bc9328111dc0f

SHA1
0813188d48cb9a80f77a6838b23273225275883b

SHA256
d10cd0e0e6eec050121ccf8a5f612dbcdb23125183a2f99ef4c616bb59582e5d

SHA512
95d855133796ce070931c3198587e556acce8f7e1b010b9bf6d17ca9d126d79dbae523413b0a70ff399e3878bee72927dabd5a88a6bff9a6ba470e3fa426fa6f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
3226b2b51ee40679849ee0062debc052

SHA1
0098396b584d861fc748685f3628cafe7c19a68f

SHA256
08f1aecc7c6ed5927b2c6db0f5efee697f02640525237387a36e9a469427b260

SHA512
bfb80098f435b40fc0d8ddaf3188eabb893e3eda5bbcc02f832a1906de11cb5a3fe2d33481a53599039fa1fa0bfa9e5dc7ffa2814b3ae5ed4116521644db18f5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
93eef852af51d901b662cf343c98d3f0

SHA1
2f2c80aa047840e5a55d7f95abe0b0dc3c0992fd

SHA256
42a12b86bdf56578cec5eb434f697fedcfcb5e711638e0ee73d1e0602b33a25f

SHA512
07c6bd1b75f665af753ebe3bdc06f6e6e9799c6a063052e1f5a2e912cb57af01299ff67e5b7dfd83167bb2133d47e1c6861c90fbae3ab67770c856699c74441e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
c096f2b517cb5358f3dc1f1cff7809b1

SHA1
322b944e802636615f10e759c58ce159a62951a2

SHA256
3ab1d37aa5bbca36373c5af709b2bdc77f5e602d2d8ef61b2ca4dee0b16e2842

SHA512
821e58ca92f71396bee88e99601ec4b8e1ca6edf44e598eb35539e77ebbdf052bd1f42a9f42f620d1b3809fefdb1ab5dd9c258752609bdde2decff80ffbca79f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
317beb4a09b56fe7b385f7fdfcfa737e

SHA1
02ec8371abeb36fa963154be98aec937852378b8

SHA256
d9eda47400324e2d68ae3dc380b0418815d19cf6fc0cf219deefe6ad1d110746

SHA512
01933a32af346868bfe077813e32ac7d38278cdd3039f154cb3fd0d7243cc7d85bcd318032518abd0fb17eac61c560ad685c8e4c558e55470570e79ba55b2006

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
edfeeaf269ca653fd0480b7ff3a4676c

SHA1
cbf8c5717ce9f5d4c20f3e73a4a0f661629ddcf1

SHA256
20361c45e28f407ec79fde5d22e89ab49f6e62dff39950391cd8ed522c2f888d

SHA512
1076eefe111e16804e660d627b03b8efa6342591d737a540558c7e7ceebfe5ee36a51d2d66b8946b1926ad7fc06e1df9f352a32b2ae69f0658928e5c88d72cd6

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
6b01b68a11d8630d07d6e0e9edbb4f89

SHA1
b150b7d9fdb5d9a38ecd8457f3dea2838cf64db0

SHA256
eeccd40fc869b940e8d6d876fede2d8c6571043d39530fae181c29d15b35f127

SHA512
b6234f2ae15dcce0cd773786141adafb20d5f70a5932b63a16613b0ffd34d8c83cd6b19370efc4df424edf96f1d9c4731ef1998e1820c529ff2e4c40915fd4ef

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
bcefca23fb37b7ce19b77166ef30a6ce

SHA1
b67e6983750853a27493cc9c9f8be16f92464b1d

SHA256
1a8c32b9991c559eb3f4fc5bfe1e0f7843c17d6e23e69cb462718dd12ff94daf

SHA512
3259d526ba30a92381584bf8db457259c70582926bfef9ce241d400a818c4a1d21b5ad00bc2ccf1450510dd50b5b4ec78c257b6b07d50e383888d97c6ae525cf

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
92a60d59a2a59f12ee5b4bfefa155d07

SHA1
b299225875bf5f670affce8b3d581899588c181d

SHA256
d5cc8df3f1334c2be4779e12fcad23683f1f945e7e8a9d64f3314fcd4dc02522

SHA512
b0347456e9d1dca9d3fcfc7d8b23ab70186fa91e0665f5097962f51acd00d5769236262fca85e10e672f27312273b088350988251694647d7a26e5a250b23de8

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
4d371729b429296066ca6591c5e5ab9c

SHA1
411e33c1c31cbfba902a4e42d25f0179290b5f58

SHA256
a2076bef83b5a47672b6757e3e471d7e6d0d18d32e94370d79800545ef9dcc57

SHA512
0f0a6e1ae70daea6281c55fca2e6188566c0185e02394bac2102065a435ce63713ef0aae741b196e6ae9917a2b0a9b68fe5b87c4834a2fe1dd4ba57ff785f2de

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
8594d2b64bc8da3814d2adc31ffc06b2

SHA1
03599a5fba74d3432a36a96ad96854f9ccaf31a8

SHA256
eb5aeee92d96926e9b854f1cc64dd69c1ede52801e69ba17f74d05265125a9c9

SHA512
c53c4fd9cb6054f582e8ed6c68c920fada2b48dbaec5d9837cbae72f6a141937ed7d9618cc1a97ed76ebab19c728385c7a687e18a7fbc0300573a8f6d1935886

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
aef32827c65c3bbf8fb7dc4c4474d055

SHA1
ecef8ceca8a7700dda94fe645865f706c9978e53

SHA256
62aa56b3c47097549a5e9d1d085e40203a1347a9f64241e9c25c8f85e932d0f3

SHA512
05c7bf00cb229b418618a7ac16ba7ca8b835305f78cfe5022c299f3744ee5d54bdb4e5c8e25862e39ddcb4b4aa6a52deb88d7351c33c1abd4e1ad412af5d2e02

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
231722a9cd59bd31a37f7160cc94dd7c

SHA1
794cc790d654f3c3dbb9080fb9427777d30b9221

SHA256
fc39bbb784908b8dbd07588a969a121dbc96d37ddb1366120df4f6ad6b70cdb1

SHA512
9a9ee70fa5783b31ce1904e0b3660cc883b374b2e63152f574d4e25c6b4fd00a38c39675455eceb8a7c9dd2cd7dfeca853d22fcb974bd1ca4b39c5c2624a3f96

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
e47a1f0322756da569e90e13b9f0ac65

SHA1
4a288b156b8c543e736bb0de17cfc73c81d9d986

SHA256
e6b2320c21859de1c420444908b2aa49035b85055e6758984031e8360d66d818

SHA512
135d21b294ef8c41427281a5ab17f983197c471d17ecd5f26d528690c47ad06ba31fa8a8dbbafd678a57899ede0462240a2afbc88d43ce269eb106906038102d

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
fc2f72846e9a40657b4622aaa3d66874

SHA1
b8a3f0f97c27b069c803cc4a5bc5b8cff30da202

SHA256
7c3268f86228c37f66c47d49fa9d3c43c490d986b08ec5d99ee192bce3f54b70

SHA512
80968e2af9b12b55d6da86d2855b14c802c5bba42cfd7f82b15336a55f1157cef2bcfec8035d5eaa5463c8100276028b3915453849e56a301852354ade8d042d

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
019938bc87a0a960c4255fa5fc297b8a

SHA1
4d586a3e8f93fc23ec11ec08eac51677ec34447e

SHA256
774d7916eb32b1210cee1e6863883a7ed2dc7d6e9a8ccd2a816eee383a9c27f7

SHA512
87cc527a38f717fd97f1f2d59b20891781808918a4cc392ac62e70c44b708bc7f8095e2d386443bae40d935bac20bc1295f585c12f5246c3d3f939727fcb8dfe

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
9a029ef6c5c350af580ae67b586f4ceb

SHA1
f4e0d00bae847ac05e3d293cded4d4fb72720af3

SHA256
3b421b5a3bcb28ebb8ce2967c481f205e0452f93b9103f950779a8fb8bb6d2d4

SHA512
71fd3b45599882514bae1d2cf62b342ba064f417ca785b6bd41c97039a8fb929a3fad4593b9e7d29be562324cae3f8aea3709bc6d60a5c792a2f397c189e5667

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
0bdec461fe170dcbdba96f8ca1c9f7af

SHA1
d8bc8c00dc06aa75d720956569b15876bf31b15e

SHA256
e4a053d893337cd9190455f508bca5b0cf5e86f30b1e7c099c09cb1f66cf4d5d

SHA512
75017ff247e06352e4bfdfe368215422a0889111e39f22808dc55e5e8d36e9df1930780d632c669864c6b605b8f110f308f47fa105e86edee8c4bae53e84d349

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
de30e8469886860c11b6a445aca90417

SHA1
cf390bd1b27dc45ae54eabd2816409f31b5dea2a

SHA256
14d5131734ef6ec115e2f379341ff511d60f8581883b2b3ed5e3f0dc802ca484

SHA512
5adeb76e602f385e684bb06b64921f3f33b43c8fba811490f90bfba80f27f4e105223fd34d96745acc889b0c4e2ed0decd883c3d04384ad48b78fad76ac365a2

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
3307e629a28fef91d1683b694a40242a

SHA1
230018e36d3459912eb33f54a59f1b680cee4a11

SHA256
c28503a79a2aee62cf9a48f00fbd92019241bd2168f81ef1ae42a05d5967466f

SHA512
4b6ffd3c0e46cc52be1079546e86d383bfd02b42456a44b426c1b41237d355486473b1d7e5e9c165b063de0dd2ae95d8fda7b836542abb4ad1115baebfd5338b

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
af18c2827634d608c68ddefdb10cfdd8

SHA1
fcc7419c2f1cde66e5bbf0276949b9a0ff725a87

SHA256
96fda59aad03cea8ffc99c1ead7bbbf4d4477fcabdf07dead8fe63d46a4ec409

SHA512
b6f516ecb0f83d88f462acfb997e5fcb3a953934ef3c9b4dccc85708ff3839d4283e6d55d54fe54ccc34944e3400d5717f8717d06b60b4ee04cb49a766c9de00

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.4MB

MD5
081ea864a3becb83ad099d254c218af9

SHA1
12f72c47f0895522546d7f11b3c34c2d7438062d

SHA256
74eb12c3c1fdb584edb51a70d72636a3ceecd896213e5f7393f11537eba9b6e3

SHA512
52735f62db6bd63f195989f11ff3d1fc9ef6ae0bb82943095bcf4a4570c5357f95a1c45a88a854157fc369e4ba3afe8775c65366613ed6dd6db9dca52d8f171b

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
6577390f06194d46449f8d4271a4e0e8

SHA1
b529e51def1ca06d6f3eb729aa5db47771cceade

SHA256
0d03535af44a92318946f9f2ea619152ecf98bd572bce25cb337db43f0115e5e

SHA512
3fcb59ab1bc06abfb68edef9f3e273a6262932fd5eeac45d225fe1175135b55fd0b16f722d6061250563a98badb0e38f98599306b72af3b986f7b90564b1e7b5

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
9a99b6f121484017ea9c37a4c2bc9824

SHA1
e52fb0842355e9610578e35bef2fe56e0bef5eb4

SHA256
5f6a0be2d0ee0302e26fe4436c3663eb41affcc3df51a545dd22dc0af78b3bf2

SHA512
865230696f0677300e952676212e427338e2692433651f8d8a32b86f443ce1207627852b64c9f5656a13823201c93ff878245282524035d08092a6230b890489

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.5MB

MD5
9c9f9c2f875207c1c152616c591844b6

SHA1
24d12eff3bdbc3299bd0251355ad466a2ef9b03a

SHA256
550ea47c2b41ca972a19e6d7ab08ca08793de694b410789bb767ea8fb4245239

SHA512
df6238c59b7a2d2299a1560cfd727a2f9eff6968316e283c5894a9d8a30ddbb91ed6114cdff18db32a9b2cf861a1468f7d2f23024bddbfa2c76330dd6254b9e6

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
30bda9c83114db7d4c9305fd3135eb39

SHA1
7a43ab24ba21dfb36b4b6d8b8cc91bd0b29288af

SHA256
fd9a53e4d3d37fdf323ab677bf162199f7ea944c94daaf28e0f1ff967a124cbf

SHA512
4e1064685730831e0fbf36d23fac36037ddcfc8a93701f53338fcd57275ad519650b6888c58550695adb2769da646692d2b4fcf8df4e8f55e09a3a8318d3a322

Download Submit
memory/220-272-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/220-415-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/220-278-0x00000000008B0000-0x0000000000910000-memory.dmp

Filesize
384KB

Download
memory/412-298-0x0000000000600000-0x0000000000660000-memory.dmp

Filesize
384KB

Download
memory/412-296-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/412-291-0x0000000000600000-0x0000000000660000-memory.dmp

Filesize
384KB

Download
memory/412-285-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/684-258-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/684-266-0x0000000000C70000-0x0000000000CD0000-memory.dmp

Filesize
384KB

Download
memory/684-325-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/768-142-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/768-22-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/768-12-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/768-11-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/864-265-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/864-200-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/1160-313-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1160-322-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/1160-590-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/1220-175-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/1220-183-0x00000000008F0000-0x0000000000950000-memory.dmp

Filesize
384KB

Download
memory/1220-237-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/1404-204-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/1404-270-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/1404-212-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/1644-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1644-1-0x0000000000CC0000-0x0000000000D27000-memory.dmp

Filesize
412KB

Download
memory/1644-6-0x0000000000CC0000-0x0000000000D27000-memory.dmp

Filesize
412KB

Download
memory/1644-414-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1644-130-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1696-593-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1696-326-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1696-334-0x0000000000B10000-0x0000000000B70000-memory.dmp

Filesize
384KB

Download
memory/1736-141-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1736-144-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/1736-149-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1736-152-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1736-155-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/2084-199-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2084-129-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2084-131-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2084-137-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3660-189-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/3660-195-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/3660-250-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/3800-252-0x00000000004E0000-0x0000000000540000-memory.dmp

Filesize
384KB

Download
memory/3800-242-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3800-312-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4180-157-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/4180-94-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/4180-93-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/4180-100-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/4544-299-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/4544-230-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/4544-239-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/4552-186-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4552-125-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/4552-115-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4552-116-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/4600-105-0x0000000000900000-0x0000000000960000-memory.dmp

Filesize
384KB

Download
memory/4600-589-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4600-111-0x0000000000900000-0x0000000000960000-memory.dmp

Filesize
384KB

Download
memory/4600-119-0x0000000000900000-0x0000000000960000-memory.dmp

Filesize
384KB

Download
memory/4600-123-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4600-302-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4600-308-0x0000000000B30000-0x0000000000B90000-memory.dmp

Filesize
384KB

Download
memory/4600-104-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4636-282-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4636-587-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4636-588-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/4636-215-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4636-225-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/4888-158-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/4888-159-0x0000000000CE0000-0x0000000000D40000-memory.dmp

Filesize
384KB

Download
memory/4888-167-0x0000000000CE0000-0x0000000000D40000-memory.dmp

Filesize
384KB

Download
memory/4888-224-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/5364-420-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download
memory/5364-436-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/5364-594-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download