70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
Size

1.8MB
MD5

1220abf736176f67bb3d66eb07fe20df
SHA1

70af77fe96808b8e50a996bd3713e1d2b61c0a6d
SHA256

70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5
SHA512

ec0ca7243630b6edc62ba61d5d9e4c5579bd0e1d418e496df07040a2b745db566754d4630ff1cfcd2af33d3e8076b79957a40f6ac4c22266679c1e6f96472911
SSDEEP

49152:Rx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAIkQ/qoLEw:RvbjVkjjCAzJ7qo4w

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 15 IoCs

pid	Process
4268	alg.exe
1844	DiagnosticsHub.StandardCollector.Service.exe
448	fxssvc.exe
224	elevation_service.exe
2964	elevation_service.exe
4904	maintenanceservice.exe
3184	msdtc.exe
4560	OSE.EXE
4584	PerceptionSimulationService.exe
2820	perfhost.exe
3900	locator.exe
4064	SensorDataService.exe
2088	snmptrap.exe
2808	spectrum.exe
2340	ssh-agent.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 28 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\8a80389bb3e2edcd.bin	alg.exe
File opened for modification	C:\Windows\system32\locator.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\system32\msiexec.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\System32\msdtc.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\system32\dllhost.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\system32\spectrum.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\GUMFFDC.tmp\goopdateres_it.dll	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMFFDC.tmp\goopdateres_es.dll	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File created	C:\Program Files (x86)\Google\Temp\GUMFFDC.tmp\goopdateres_gu.dll	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUMFFDC.tmp\goopdateres_ta.dll	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUMFFDC.tmp\GoogleUpdateOnDemand.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMFFDC.tmp\goopdateres_ca.dll	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUMFFDC.tmp\goopdateres_te.dll	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUMFFDC.tmp\goopdateres_lt.dll	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1844	DiagnosticsHub.StandardCollector.Service.exe
1844	DiagnosticsHub.StandardCollector.Service.exe
1844	DiagnosticsHub.StandardCollector.Service.exe
1844	DiagnosticsHub.StandardCollector.Service.exe
1844	DiagnosticsHub.StandardCollector.Service.exe
1844	DiagnosticsHub.StandardCollector.Service.exe
1844	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1496	70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
Token: SeAuditPrivilege	448	fxssvc.exe
Token: SeDebugPrivilege	4268	alg.exe
Token: SeDebugPrivilege	4268	alg.exe
Token: SeDebugPrivilege	4268	alg.exe
Token: SeDebugPrivilege	1844	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe
"C:\Users\Admin\AppData\Local\Temp\70a8c5fc0074df6851e91c57ea48b6924d84bc69c8c2e1a269976cc467ba63e5.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1496

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4268

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1844

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4456

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2964

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4904

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3184

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4560

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4584

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:2820

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3900

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4064

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2088

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2808

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
2.2MB

MD5
ec7e2d4ab964d1e8a4c0db2c052d25c2

SHA1
5561d9186908f859b08737d758d06772c9b91843

SHA256
9721ad4101076001effc492c68ce4bba9abeb57ee8523a2579c036c211055b12

SHA512
ef3a460270bedefb24411456dceaf4c4e6506e3d6b9c3f50a0147a804220c521fbca33449d5080d1de9f1afb5cf02943fbb1ed9bb59c8d2e0c9cc33eb0be028d

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
91947b5ac7ee644e8bf826be048818d4

SHA1
179fa389a34ae021697f6d84b8cddbdd54372057

SHA256
8a8928e45300422055f5c5e7fbc15784995d4b4b24c1fa605948fa920e833504

SHA512
e9061aa07d4e73048dd84c1845d8c3d9d6ee9beb742194a0a992c86da684fdebef3ee25cc2a23a5533485e25f21daaa0509299479ade665e59d204f740976b66

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
fa0d08d0e90cc2b3b7025e16220449cd

SHA1
cd04c483510dc44ad7449dbac8eaeae7ff4b47b4

SHA256
550422f02760bcabdc418f1c4467815610ea84af09a4de22ecd082b81562cd27

SHA512
85444583b2af7997dbca63217417b9e3aa968110cdd0cae4f3681da2f929c606675db463dd2bddc6edfe27e76acb72b0c7b20ddfa82e4d505fde09fe730012f0

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
9107209f772398e55ed8fdb8f75dec49

SHA1
3aab9e716324be45d51633fc793b74d897962ab7

SHA256
49009d3a32a43485472d978233fa73400a49a609ca2664db3f2709eece54e164

SHA512
584238b1b542999d6f412318abff7b208303a45fc21980a6b6505f8d4dc2718c52c65b2b825032cdd90aaafe4be453f1aa39cd68bf7a26250f493e9171d3095a

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
840fa95f2dc3a9f5d2443b2460c0edff

SHA1
b43ba3c81088f204b9ea2d97ff16e0cc51d12e1b

SHA256
110de04c937b0afd70e970e1955abe23a363b6c00032cd938bc6266ef2e9e362

SHA512
c1f6cd3a7222d8f4fd0e292692a9b315e1114cf53828528c4967acfcf5e2c5787f1f86856a0efdb97122f8d0a44af7ff6dc3d51c3b298b1c11e6f9a5b21f992c

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
961c056dd49e28193d268af664289ce1

SHA1
29bb92486ab1ae51901baf0ee9334da6e7b7b58d

SHA256
bfdbbe80af0d0b7a6fbdec98c3b6477c26817b4a8fa8073e0e4491b99af6a164

SHA512
b7eed18c7fd9c1da917bb65cea111cfb0cfe7493f089f0651d909206301ff65502b8c9c31a4b77c8639d80d7beb9a4d4a967bcadc13bad54d8dd67db5fbb81e8

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
8e369f70c931b3671020672561bf03c5

SHA1
54ea6eae6ae4b087713a792bff6b17e177c8a220

SHA256
826290389990f7f82b84fd91a24e14282773048e4dc8dc069e66d6f34c221140

SHA512
eaa8a25d03aa393556b4c3792acd103e2da2b9217ca03a06aa917a46bc6b22b05acabeb35a5a3b50c8ce45b58c8ab7b211357c751a0e7826d3991d8573097bdb

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
53499762652a67ccb7c3727146645c0b

SHA1
f738e3ca51c446ac204412c02675b85a3f55d694

SHA256
55d366664fbe85a93fbe0dfe975d72e22c81deaacd511ece3a5b5ed2b6e84ec9

SHA512
a4ea46a89a12ed7e880e5854b1c0166d6d46fdb62a6e374580cc68fbf878076a117e9da303119738b1e829623df7d8e2c5f15fa445332874c699bf34805d557d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
1f61fedd1f86f49d48e0e322efabac2b

SHA1
0dafe7f5f67952f8ac06f74a1070569ab8986dd0

SHA256
f36034a897215b6cb17f0d85e5c2d978deb7cf60eaf72f42069f6064f66afc4b

SHA512
14c886bc360b0b1e6e0e84376a572e1aa5670d790dd57254422abe071af3c6674be99b43e32a02a13959198afd67ea0179e1e91436112c5eafcbb508c25a6f7b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
f0efafcd9c0f20fab9186b3547329894

SHA1
456169da125ad9611a11e7dc3b43ef95f9559996

SHA256
40e12e15f81dbea3f3f6c55874f0731fbcf2384174cbef1b8e1048baeeb9d2fe

SHA512
1ef17dade0901a4164b4dd3833e7a9257825a23e0ba8669597ee42e2009b44493c5d1b0604df31df1591380c48d21313facd4ab4683faac8a53cdacf18011e1a

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
55aa4bf7eaac83c5fd255055274244bb

SHA1
e15ca1b98ee440385bb470c75d022bbe53c30056

SHA256
1e6996eaa57f7a2ad50c65ecbcba034d84b2992c622c7d003b4a46f6a20dbfe9

SHA512
cc327f53449d06cded6aefa21fc6e6faa342c697f1f606365306877ee8ba50722e164ec3f06ec3b108ddb7175a3f553b69431ffbbdbbadecd71205352bd23b1b

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
1e14b5d0e663a3667aeb9b7a396902a0

SHA1
f3c7df85b24acb349c71a349d1094cb5eba3eb24

SHA256
be983e150c686100041f8d81f82dcebb3cd1a99a078e94f6b9ff5b4d380f97e1

SHA512
7be07bebeaa8268ab28c3e9cc166a61233be572baa4aa1d6f838cb002d1d6e961038502c90e9d18a61331f63c4b7a2c3798be311f3bd4eacdce54090dd60d558

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
5573cd348b85a1a0e230281c6d6d9870

SHA1
8f5d0e8a736f0825fa04126397a2d0213323530c

SHA256
93ca2cd1e140dc8027285ac7879b43d86dfebe2f74a0f1b18f1e6287e614d565

SHA512
af955b3accfc6a083526c366a067bd2ce3930c0710135b4c5b1f2591697e6f33b123f4c71dc3aa13fa135e9757d8a8a25fa8d5d5c2773aa7f69e92d4739476de

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
b97679143ce571f99cc7eb111ac90f10

SHA1
90221445c8ab388f1866ff749d76859076fef160

SHA256
394a06303dd13a5a68215472b0489e6486ff7291e9053b6debd358fd7fa434ca

SHA512
16220238e0222b89b5ec23e9b7b7e04f407b3d1da21436e7eaa5268417db0e3dd5010e49c69b1e12877c4a5cdc81708c0f389a79758fbe1e11925d72f54c8d64

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
3609d111a7944d1dd8c24a88b3d19c96

SHA1
2df032d9408fddd893508309406f916e3b673a03

SHA256
e871dfe4fdbc56b8db900208c2e1557fe0a8dfd612e5a9abe1e16dab591d598e

SHA512
e18321fb2671da28d2164d9528164bfa13abdb1254a8f75130d7cbfd01c9b7bfcb42cb9a7279389b3a3faafe787d880ac450a960156c5cec32026bb6a6ecd7a5

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
5da4af83f3d0175bf896aee077221477

SHA1
41be2f26ba826cd7f750df7f6a348cdafa562afb

SHA256
ff98b567dc8d94320c4c7eaf2a666c222573d6b2365692c332a91211e985b55a

SHA512
1e9e6d160de3fe0b72c289377ed9285b928211b398435ce41184c4f67b2c7302b5d53711e06fac7dd7cf0bb9eb5f1767c46c881bbe85afd2d52d25c125db8184

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
5cbc86fd7e6128d1c6aa6c8ed5e8d7fb

SHA1
43dc184c965cf45808a17e9953c4905d3dccfdbe

SHA256
e45a5a0deb5b06c44bdde75816bc9ac92032ac7695e61b1f4971436bd3520b35

SHA512
b6aa63d5489d586401e67b9b50e26cefdd634316867f107ad863f0dbb03fca358aa01b7def67c2528d0fa66b8f4e7f408f248be5b9ace7c1c88f2f8e9e9e63a2

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
ff51ae978aadf4ec355af90aac425e1b

SHA1
9a5b5d3f872898af5cb865b0952a4fb45d9c7c26

SHA256
c4e4c326a8f1f537b27aaf196e5217192edaf83e6a6cd213901dd015b80d2e94

SHA512
9095b1b8b6e12f083e53fa34f51c5224d490679bfc60d1fc6c91de6f383257f6d9dcfaf63c9c83460f27bf4760637eb992a2832934722110cf777299be2797a8

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
78a14a640d23d3e54d1a1b7c0f9b4415

SHA1
94004ed0b412365940b24c8634fd3ede62ec3036

SHA256
98276653d6b98352341d0923d9c0ace49a710bf748b2594d4e02b0e6bca81ecd

SHA512
289ed7d4958471f0c0865a829003bf2a76410232e85d41034474522ced9d2c0a047b0520b6355b3947b8b0ad47dfdf85b7e459e92ec67ee848d71428fd1b7ed4

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
30627b3cdf4d7a239bd979bd0db9d7a4

SHA1
2f0e3b910376f3d211734119a6daeabfddc0cfaa

SHA256
36cb3ca6259b4b91d8b4b3d41a723b6272bd8e558320c5021898b33955911ace

SHA512
0ca083222650434dc58730e22f4f4cb311992e1c5282a7ec4f798df8c79c160174d24fd5c2990950d9baac692fc8e2f029f97a73dcb592ca2a8c92d63fb79315

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
9d2606385d13a9ae0808e6f5bb8a46f6

SHA1
1bf6b0246624307f6f0890d89063d17b1fa5f9d3

SHA256
9c9bd37a2d0053a3cd8aa9a4957785cdb08731581102d02bb7912dc16b758cda

SHA512
3d3a8a8874b4e2067774cc326e052e9c615ba98176ea141633d24f4b793abae1cbb7b3bf71c80454491d7604e0b8de8d2c7ebabfa02665f8c3305274dfb3994c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
f32120c0149e5adefdac6a245f12d5bb

SHA1
c5e2c02a85044bcfa356789452adbabaa6e1372d

SHA256
f2699d6b5b13090636433ec12bd2a903512bfb05507f34b3a5373c8b8b0e41d7

SHA512
311f5d43e4c6a5c4d3288dddbc4860216d682212f98f9d0cc1519596af6e851510d413e516f6f9ebe5b887e5fab5fe8d551834964fe5c9fef768d52bea50a341

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
63b499f441591de202e38eb9e2ef6c99

SHA1
d4adf9ba2d5c4f3145f1cfe8726f0c91c15364ec

SHA256
6e202ec8c3a2fb03f58ab59365f081474ca4aa8351a802bc46cb114debf64599

SHA512
5f65e4032b30c2763ad18a5fd45eba27b446372cea712e9c2d34f773c2eba53ae55287133706799c7a32d1801d9124253d0f982c5f49c7f126ce32f20efc75fa

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
048a6024fb8fd6d5759a22d0ced6f00d

SHA1
877e1da0ff17c97edb0fd3ad81df2003162a0049

SHA256
fa722428c47e41204eeb8ce1ed732beefa315b88fbebafc53c0c8647494c256a

SHA512
7f25b3a5c2deab1b1aacd44babc34a2ef342ed9ea015ad7de726e53bd470f295fb9dac38f2a515c4dcead3cc777f1504dff738d7b850148c2301892942a17821

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
439079d58367d8b27622ad2b61c9a47a

SHA1
0a3106925935b66f337451025e43fdf27d219f2b

SHA256
fd35703b6cfd2e6c97d78a21b27524c45f3eafaf61dfeb4611931377214c8e29

SHA512
93525c5bab23a7f9a3b910b2956dc0c6d615bb9e918d3b32d262a842ba4fdf08baf0e3405d8e18002bff0234216ea73431215d7c698b58c360c958a33801fa97

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
43ca0afb2de427843b02cf16c535b49a

SHA1
f3e29768654045db8aacc0de95d3c42ff9069342

SHA256
c2a8267a3c441d492feb03a5bce6b991107e0f089b15f7234375923cc10b62b8

SHA512
245be83d3ccf15b501f4263fe7f1c95ece87b1212847108e6115b456af0e4c9467e54ed04574c1f6602cdec66d92db88bef85ceadf39e3d8e6e95774143aee80

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
f3c978cbc8c580ee9f3c16d8e74b7468

SHA1
22fd83190b5cf86efdd49a982a2b27a86152771e

SHA256
6feed3fe1bebd0c643a7e91622f37447457c4b87120c12b18c7553201738413f

SHA512
431585a63062a5ad30b94cc6ed3487aec49d79c459a3a1fa74354affd30ab0e480c30377b8cb3efbd6bd9754ea719c99f0035654adf81f45ff7fb490cb155f3f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
fb3d13e3431371b1906e76a87c2874e8

SHA1
5ecc788e58961f33198f0e0956bddbadbe4b762f

SHA256
358f70d406bfae4995f489ebf3705b6085f09009971a268a137ccab3dd346cd8

SHA512
53d696d21417e932254903a6198d94ec97e6fc120dc7a7f30dc77b58f7a78f4db635792aa59ca0075db74f156e1aee4804ded42ac359b9692d8c3c41249403c8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
fae2a358ccfe0d4974e041249dd3fcb0

SHA1
5214c6b4b726a666a2e9cda13165e241cc32a250

SHA256
847f7b273c91a1d1852f8acd01f3e5f15f999faf7092e0ca5a382292398e7a3c

SHA512
2bca09edd10a42dd48847cee8ba9da45b0746f8018540742491b89d7a622f19d985116c22e9c9ee0408e66b37b98bcddb77b626efa22b9dde0696f9aa261e8b5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
8a77e53bca798f32caa2d2b4dc1bc71a

SHA1
7606063db49819f489aa5e4a5bea445f6aa180de

SHA256
59347137810c074e5fbbf36bb66ccd7068f96c60bc110db93038e87af4052a41

SHA512
61fd6f506d8aba425c18c2a33897b530701c0568e717cd06fe3b699a3f433d388804ce363d3d1e79cfb8b47c686eb39fa4eada36d6db4833feb087f28f5f3d40

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
67965fb346c3fb587119e06f1a4c0968

SHA1
fb7bb01ac9c721b7d06d3de57bafb0143f8e3553

SHA256
e5f0277b5291d3b55126252c0a6595f6c33d175db847ec3875e0a0dd96c4ae64

SHA512
ea5affcb86d5df2ede007b0598d93589aa03db389efae9dd4e80e39d0b37915d215ea4f0ef6c10edc1f87357868f52b23df2b76bfc0f453a4dcc4d18836c573a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
4ed9d4296b5ebf97be6f52e9462605ea

SHA1
e0a9d096d886d5259f14ad30f42ef54c85f6219e

SHA256
aa979f59343b2380c2b34cf00ea55ff304b4d2c0ef39ffc8842bb6bda9526642

SHA512
52368f2d40294d2e714b47f1a23b46407f8c55bbddf21af018c1fed320429bdc4551dbefef34cb1dd3c41d7a8f17caf0d49fc968118443c91a298072515dcb79

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
a7a6dc146987f21aa90f7f4138b5029f

SHA1
9ad35075ed9d53489015b71412c45c4d524075bd

SHA256
9ee11e7530a0e97aaa84a391af9a8daeedf00bcdd8edc782d163bbdfa521a8ea

SHA512
4f5ff238bb193eb4e184b29a889a603bb4db9f60b0319c17a385a58cbc9225834a1b5212cda96f430623776e2f17b63f0d900209b822293c33077fec862be087

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
be8e58d66d2345a97f6e9b316e2a3e65

SHA1
14106fdd959e413d1bbbba27c8b636f2db071735

SHA256
1cc831ec24a92bc27fef4db843f11ff2b3be15567fdbfd10e8b25dc42cba7f8a

SHA512
ffd97906b5e5754ec202b81173432ac56787592bbe1b77c43fbb56d04f95378c6f1fa6b2e87354f67cec563e41940765380a61e63a11256a80786f39b829353a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
a726324b20e31acc4dfd25cfc6575a99

SHA1
48050d19ea99b73908503a33d729fdf5afa81190

SHA256
55c565249c4bb2e84382c38e32a4b3dfb0b922b57d8901f40a11d9e3601875e1

SHA512
c6efb13b66deb568eb19661cdbfc17b2c750018ffc18ba2f03ab32959cbad0041511ba783130a43a8c19c43e7551300c85f56afac9fe29f820d00d16247f4ad2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
ce6aaf85aa04391e25b35a1e6b6526b0

SHA1
6443a0ae08ab54bbe65df2547b7a18887e54b186

SHA256
a794ea241e5b97a250b3c8f0ed7ae32a9c1b2518b66c6fc140a58519c9bd69e2

SHA512
55f54315d9ad61ec3d2453823c99cbc200f5f23a5f9246b2eb31169b224019949f0a234fddec0285b528f2a12d53e8c5354d658b356bbc805e7340205fd50321

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
778471e8f45db11056f766c7434326e0

SHA1
2b8e5736596426d0aabeac8777815ef6364fd985

SHA256
e7d58bfbcf8807d9629318325c1c6573bb154ecbf79d9c2572a4442909585eef

SHA512
d6c21624cbb983dbaa7ec06b1468bfb1c50b8326d0af23e4378996ae760120ab054e88a9ba02403fe444da56abb2f4fb7d3926f8993ce6cc42e2570ff6879a43

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
ec643209b923985c2280af6ddcae06f3

SHA1
d1150fc98823850dcf82fdb5927bf34440e9cc1b

SHA256
8ccc23a967f05fa13513b47ec757b9a6491d7acee07cbe538dc4212e5534bd62

SHA512
cba52a6a002572f84d308dcd7ef9c651c2f4e27539f34366d2b7a204f4a0bfd6358c8c8316f01a2ab8d5cfe5eb9f4ea21c56de005f2392a7e9f29a66d4de9384

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
6c9b561af362fa180206bd2680d6a2cd

SHA1
3f8acc13785d602c03f90c9baa6684c30cd21ebf

SHA256
5829aa512507742fb490186fe69219ee837aa8555abdb9757977d5f4b82e502d

SHA512
8f9c332eaf111ac8d49e891b57bb2ac319315b1814dd7c15abea5c9c6f40398ffa8158de2bc112d2b2e523ae4a5ac331bf3d9755f3fb911f124f8b1616a59439

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
09e29664b59895e9297e8217b987e8cc

SHA1
2f7540d6850bc2cf0c2a039a47a30e3ca73abc87

SHA256
ccc91e27e87959a700daab2c0554ff6b0e9d63dd09a1611c7b63f9e3cdbd3fce

SHA512
98ce0b17e21b4a86ec6025dd781580a7bbf3a2511793b8c52e068365d1d95ea95f3367ab556a27458af7c230fa4495ef08057882aa437cf5bef82700c8fd35f1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
baf73b611efa5e6207bc690ebcb00f8b

SHA1
62f34939fc19cf1f1578f3fb12d2d604db8d0363

SHA256
686ce9d95cec9c7c95ce01e2216fb38e61d0e29c1aad1910213e9b7065d0b530

SHA512
243cfd1d96e30e3099d416376cbe0dd59f69799ca67b634e50c44698de3aa9351df511600f38c90f5b61a4174488f61cb692203a3e7ce91c43fd49a7416292d8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
b93d3f1d8bba9a3d872f81d498646b74

SHA1
b295accbccf2ae1d0b7716961e48956b2ac16c5c

SHA256
fb68b16380f5e20be9b7ef9ce0fd84774f740fa0502c6bbbd5967484a05a6a92

SHA512
24e2558e843e812ea3896315566422ab031a823e9851b14d478361b7b62fd477bd4e0d907ad4454d7790997e1eef3c5453d53c2b044b5f68d5135950fc2647f8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
19ffb8def25096d5e28d4a400c081d52

SHA1
d2906dd2bf5d1048fa9a32329f26e5a3e1d66229

SHA256
5c4f9babf79a7f863e915340f29b51e7834f6294c511dc078ff3e3483293f0cc

SHA512
c7af3634e257fc081f262c471075c1e895f9b466c39d787ba4afb1e586828297f3ae72394ff292879627df089aa71f29b46245a64ad7ff1d88845c8039307c33

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
581KB

MD5
f0c1fa0635ee480a9b9e821a9f258442

SHA1
1b64bd95147864bac8bc402ee1b4dfa4f144f2df

SHA256
6d4d38a546224d845e9dad629455f608e948c27d0d75afd9d27291565e85fa7c

SHA512
b846b4f962527ce659dda888b559cd15627880315af026c112811c1765567680d3ca27e347b6f1dcb0a4cd6bf0229f7cf53a0b1c36b7fd33f05be510342b3270

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
696KB

MD5
74c2915d65d03e7b2b2fc57f049480d1

SHA1
2534b4b7eb82326d67fde83e1e8f8d21fa5bc6b4

SHA256
2dcfa4da07aac39bc9b1bdb6e5a1af7c0a8c2d3fb6e32c9100d50d6e979dabc1

SHA512
2a54158b0b35fbfc8e438892ca709989c054c034b76e69286b62fa6219798e538461e821f377f711050faa9beadd51440a835e064ef634ff2ee059b32d72afe4

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
8dbd6734669dfcf37d750fb70eef12fc

SHA1
77aceecffac1be68f5d1fc00566036984ee27ca3

SHA256
750872c23d87a2b38465d01cd5fc5b4e712be21769b193f477a80e34eabf8f66

SHA512
9e6cbb0dae9c107454fa042050adf5e88f22d84143eb3750314314d3819cdb0217ca2b0aa143dee545308bdaeff655d1e089871c4ae786725b4a7bcba5037873

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
88edcb3c3e661117cd51cf80d22abd70

SHA1
e9f2fe56e86c5a0451993569c4c1f9ad4fbf6aee

SHA256
13b2d23b1263b98d2b79d1675d0801fe14738a8857dc3ee4870fbfe9363e137a

SHA512
b779421ff5b64f6c851085861cf061f84d17953b6f3a53590c68749aaa939b3f0027704bece1276f555137cf0af98a05fb3d69abdd250f8fc648f58212d2b6b7

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
74d72600094bde2f327314e625a0d5f1

SHA1
4a11ccec2ed3c4d7ba052044c5a89dfe30d5af73

SHA256
ee8bc0871059819dacfecfb82c35c4719adeff82231f742671e18a7b08e388bb

SHA512
b1a2118ee05912b5b6d544bd995f36df59e6b9e4fba1a6bed3156398a12d704424251054e4162b3efbb83b0c9e87885165c3bb635580ac5bdd4f3120bf0db24f

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
acd64256b88354e4e4b9595b0c4745ad

SHA1
6560c0bc4b7e4edde9eadd72d6bf8d14eb86bb41

SHA256
3e6f5d19060dec5f0627858834e1ecf16990a702fe464c0fd770b8ef34bdd89f

SHA512
e07cdd42955acae9517098b46b8532402257285ad778ff0d8bdc5eb3cdf96ecb08298abb10baa56ff20275c34234cf19d6115540ab761079d4aae0f33edf8908

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
10b34f3ed573636a34c4417defc44649

SHA1
284714730bf96a47b7c448f5e2dcff4b850c8437

SHA256
f96fa2e97e8e3f54e7ebc194de0c1320dd02382aa818419e9c80765c592e1d98

SHA512
6a210fae57468fdc406a5723f31a6cb8d719cc55808c1ad5b0d39753ea751b0e380e2e7b87fe877d6eedf515c6a8e0123005e14facabc85171733a987e2be73d

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
92c002d76a2a3bc7f5fe921f9bbeb762

SHA1
bd2d10243e6715c1dcc537317684b5da5ac9a523

SHA256
9c7ed95fca237d68532349aa7c03217fa10737e98b86821a4323bf7ce8fafb03

SHA512
bd3ad6f141a758b7d0d891ea0e31bb8c3cfbfd06f1156857ad516638971242aa0bed1825b7a5f9886b52503648b5fc633a1d162ae0ae3923ad87c6d15db3ab4a

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
03d340de7ceebb5b23ce5b6217a31693

SHA1
5e895aaf4c49f0281a99c09a3cc6fda1b565c281

SHA256
1d38a1a3d7d311ecf711d8364e8bd60a6d9032b4a2329c3a665a127bf4663f09

SHA512
c9bbcdff5a62ede16455d0371b10e9e78d8691f30645fea5f8e0b8dd31184ad87604087ee7abb70d5d19058521e8264bddddbe195cb2a99ac86d7eb6f6db10f3

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
69edf1d15f412fe2893686e59386cb92

SHA1
0016f65dfe5346169330d854fb8c68eaee1a30fc

SHA256
c1568f84ed9eb728acc2128ee6a7e8b8d91dc8c7390355a405326414f7caf42c

SHA512
dbc93d121872e31562f8119197a6f0a34fec44e05f0ab02e17868a4e95ea602136bbc73281ce89bc39d446e1083f87cc5ed0655aefb5cada9ac056f36ebb4e03

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
d2fc5a4dd5c25c8d7dbd024238adf0e3

SHA1
07879f616b9522499fd6d21dc26fa51df08cb6cc

SHA256
21bf38f6107023da2fe53b9f35325804c0a0e262e319b238d033e2f93d7db388

SHA512
6fd21f01931cd5fa00b9f65e9304ee36ea71f9cd613e1c1aede58450d16251c00bcd1a86a503f06e406e9a821d31bd9ab45382b23b13dc17a9232639164b9e1e

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
b779077e3c4445dcb5dac18b5df3e68f

SHA1
f5463eae21c89f18d3bca89c1270188cf0afa990

SHA256
af51b8abf856022246d754994f646678a08319fcd872ba83b854d68a83375bba

SHA512
9e70f12356c7e6c01e53d3b44def8003d90e3051146a7fb28214b24784fb63d1aa5573eb07cd38d57574da0921e9b1b4c2c46bdcfcb6bd6d63fa5e685ebc3d6a

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
799b823250e35019c98e0a24480e221a

SHA1
a484e9a6d76d50ec3f3f19e81c6b09bb158ed552

SHA256
e18e7818b7307155d511788f08558165584c59cd41431e54830829b26230fccb

SHA512
bb52a934d4218277fdea2e495227123eaff5384f5d47a951477c69d869aace22548829bb39e43230c8caaf728078b363157947ff76fc0421cb63f931a65ae366

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
22927ee649bfd845af5ceeb0d63aa317

SHA1
6ec7312e237be0fc3cc79fabcf33bfdd54e7e59d

SHA256
14ba5ca6892eba4279d9e52d5304058fc4fe3df3ab2df449c6bce725fd7ade26

SHA512
92ff627a43d14f2fe410a51ced163af0c99f0755bb519082e83dcf3b42032a59d0f3d5bb71b7ad408898dccf1007f135c53c7ed953fa51ea81084b8ea0dee6aa

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
25711e07e17c5cbedbcb0b1a502ceff3

SHA1
5c9db8cfde8e98ab7d26d505cd77fc6e3677a5b9

SHA256
796b9241f6db2e4880688e0506d6a8ee4d4f13e62a9e41f3f1df8cb1a1619c34

SHA512
1b24a15d9f2c306d92d9a0211ea59a07f53c14d5e6ecaf1262f905ba6f739f3100b0ed9531d941894f85a427f6e5b4ac0ba5342dea732b4413b38cd2798a2019

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
b64beb51e077c4398b9d17c81c48804d

SHA1
a7139dd21999d90536f75ff4c625f85eaed68473

SHA256
721902b15eed64ce3c3130a0d7bb6f460b18992bbe0f3d8ac76665027b27eefd

SHA512
df21ba5eb7de9dea043d99dbfc60fed4c6ba65f4038e92e438b111a3598e6542e4cea58ac2ce2e6f89996ea5782c42e6d10ab48ec68651944a514d084d3a6ab0

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
410b0203583485df3ef83e0a0c9cd9b3

SHA1
187b96aba3106f218f82e41329c51d71145029e2

SHA256
8373905baebb1e73d6bc70560dff4e8b78243aa140e5196486b996b7cadac197

SHA512
e3bc614968c0190e91757a4bb0fc960cb61f2e297a704d4cd447309f097b67e1c739ad3b7bb643d70b66cc2f88f413060a0a62af878ffac0eba9376dfa64f1fc

Download Submit
memory/224-240-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/224-125-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/224-126-0x0000000000D60000-0x0000000000DC0000-memory.dmp

Filesize
384KB

Download
memory/224-120-0x0000000000D60000-0x0000000000DC0000-memory.dmp

Filesize
384KB

Download
memory/448-89-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/448-112-0x0000000000EC0000-0x0000000000F20000-memory.dmp

Filesize
384KB

Download
memory/448-106-0x0000000000EC0000-0x0000000000F20000-memory.dmp

Filesize
384KB

Download
memory/448-115-0x0000000000EC0000-0x0000000000F20000-memory.dmp

Filesize
384KB

Download
memory/448-117-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1496-344-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1496-138-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1496-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1496-7-0x0000000002480000-0x00000000024E6000-memory.dmp

Filesize
408KB

Download
memory/1496-6-0x0000000002480000-0x00000000024E6000-memory.dmp

Filesize
408KB

Download
memory/1496-1-0x0000000002480000-0x00000000024E6000-memory.dmp

Filesize
408KB

Download
memory/1844-195-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1844-34-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/1844-26-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/1844-25-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2088-483-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2088-229-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2340-327-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2340-504-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2808-241-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2808-503-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2820-462-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2820-196-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2964-136-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/2964-130-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/2964-323-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/2964-139-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/3184-382-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/3184-157-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/3900-206-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/3900-467-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4064-437-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4064-223-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4268-169-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4268-13-0x0000000000740000-0x00000000007A0000-memory.dmp

Filesize
384KB

Download
memory/4268-19-0x0000000000740000-0x00000000007A0000-memory.dmp

Filesize
384KB

Download
memory/4268-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4560-178-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4560-430-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4584-181-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4584-451-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/4904-155-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/4904-153-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4904-149-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4904-143-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4904-142-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download