67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3.exe
Size

1.5MB
MD5

4a337d1924bd9d9315f0a9198d340463
SHA1

98a93ad0f02784a6346de8e1a186e3ac9a3e6560
SHA256

67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3
SHA512

0d5c6e13c787805deec271c56231250630cbd93ba3706e6165d96121bf30c416340ac6b5a2a9a1fdd2686e8d4fe8abc048e3a05842cc2f510315326c1c019c81
SSDEEP

12288:w2TTduSZpUdxB30GHrVxGnXQSaWt+DNISOgv3isiyWcIi:9TTduSZpUR0GHrVQ1aW4mSOgv3isi

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
4980	alg.exe
4268	DiagnosticsHub.StandardCollector.Service.exe
2716	fxssvc.exe
1004	elevation_service.exe
5028	elevation_service.exe
2156	maintenanceservice.exe
2964	OSE.EXE
2904	msdtc.exe
988	PerceptionSimulationService.exe
1876	perfhost.exe
1120	locator.exe
5016	SensorDataService.exe
1764	snmptrap.exe
2296	spectrum.exe
716	ssh-agent.exe
4236	TieringEngineService.exe
216	AgentService.exe
3032	vds.exe
2876	vssvc.exe
3816	wbengine.exe
4200	WmiApSrv.exe
4724	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 30 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\b122c36bb3e2edcd.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3.exe
File opened for modification	C:\Windows\system32\dllhost.exe	67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4268	DiagnosticsHub.StandardCollector.Service.exe
4268	DiagnosticsHub.StandardCollector.Service.exe
4268	DiagnosticsHub.StandardCollector.Service.exe
4268	DiagnosticsHub.StandardCollector.Service.exe
4268	DiagnosticsHub.StandardCollector.Service.exe
4268	DiagnosticsHub.StandardCollector.Service.exe
4268	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
680	Process not Found
680	Process not Found

Suspicious use of AdjustPrivilegeToken 39 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1848	67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3.exe
Token: SeAuditPrivilege	2716	fxssvc.exe
Token: SeDebugPrivilege	4268	DiagnosticsHub.StandardCollector.Service.exe
Token: SeTakeOwnershipPrivilege	1004	elevation_service.exe
Token: SeRestorePrivilege	4236	TieringEngineService.exe
Token: SeManageVolumePrivilege	4236	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	216	AgentService.exe
Token: SeBackupPrivilege	2876	vssvc.exe
Token: SeRestorePrivilege	2876	vssvc.exe
Token: SeAuditPrivilege	2876	vssvc.exe
Token: SeBackupPrivilege	3816	wbengine.exe
Token: SeRestorePrivilege	3816	wbengine.exe
Token: SeSecurityPrivilege	3816	wbengine.exe
Token: 33	4724	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	4724	SearchIndexer.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3.exe
"C:\Users\Admin\AppData\Local\Temp\67fd9590f6f751765cf3f2a12c5ff93c568efafd27f97dd7dd457c0364ca8bb3.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1848

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:4980

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4268

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4212

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:5028

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2156

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2268 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:380

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2904

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:988

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:1876

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1120

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:5016

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1764

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2296

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:716

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4236

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:1484

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3032

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2876

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3816

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:4200

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4724
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:4852
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
  2⤵
  PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
2.2MB

MD5
a207f848639b59c374784bd6803bd6c6

SHA1
e66117139c1065335335857a5515cbb04c10f720

SHA256
bbb897fb1f073d8abf5eda30b9be7f1a1c0abab553b06adb99afafdf16ca4daf

SHA512
b0343efbbee109d594b8aa33c317226525d02ee305316acaf194099bb26afe430f2c19f43f7f805268999cf710adcde2a91522e4c80487c65e58a7c34d9027c3

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.6MB

MD5
5ef322145a6529f0deb3c58575c89d09

SHA1
102d2969c511a708ab3d24eeedec8f8dfc8061ab

SHA256
c933e7213313afb557ce47d1e3b528ae1da0790360f6fda4af9e6b6d5f022ca9

SHA512
7afaed8b61f058ed1402162d335cd4ef71ce426d391a3226f77b9a7dd1414088b45a2e28c0b030b4f87d47e89e1a11bf6a4033cb45138072871352e176a35c30

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
2.0MB

MD5
33d9e4291e9232018fee820b95edcf2d

SHA1
3c13ee17450c50eafa1a22c9c4a2a03611570014

SHA256
06971d62deb52b4f1899a5dcbff888a5dbe339dc6580272176d161016f2b8748

SHA512
4e35db4c8c226d4e6ee7ac8bf4b6c9f519ae09a8f892768a73522917d80efbee96dd05d5371cf268e119340b7395c2bd3a2640b7886053dc82ee2ce126cb442f

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
29541477ba983557dffd78e769befdd2

SHA1
caf4d0d39e51e2c1c87664e48430acca32ccf940

SHA256
f12e451d0113c440a4aeb1201784469a4573398a7b290f11b289ea685308afb3

SHA512
ebe2d0a2c542321d2254991acb77c50a176459d0fae50d21e731e89e6149ff83bf9a6530092bea2186be6f5e926f5da9fa1420176bdcad32c0349bdae8a96c00

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
240ea69f82407d2560e83a94b2da5bbd

SHA1
c88c43cbe21e838703f8063ccf21298208bcdd7f

SHA256
92df617885ff8c29f1c4e63ab88042aac6e4c8ce1d55741786ccac51d85f0c70

SHA512
cee3c29e7920480a3a2bbc5fe39e7c152b616b2d6c7b80c59e4cfd91f12e42d55e8c6f6b3e7be9600e58add14e454271c6aec545230f31ed80967fd339997b82

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.4MB

MD5
94e7b40103818de4f9ac87cab5ce2ac1

SHA1
4c0f9ce56d898eb2bdf7cc8d0cb2a59ec2b2c954

SHA256
5314ac9a91ae2a2d2d59a692e1868674754407f55c01df0b419f0cb3d4e8850e

SHA512
db1361270577210e0c670f187d12c1fcbefb61dca06e8213402a5011a9bff7e2d04b6a98d18f116af0a9f855df381c1f6661779f878862ee20453f4f36984a67

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.7MB

MD5
fda2acd296cf89a027e6592cf5c7b5ad

SHA1
152e5f90d506658385609d0829e5e32f2b4ba83f

SHA256
7c051e7bc27d6995c4c9e99b66d6318a38198fd8c04177f544c9df1aaa31b4cb

SHA512
ad34d64d7d80bd5d4aff8703e9c42a20c317db69982cf5f2cbf049e05c9820694af5f5059158de1a111588d6a8770151e767f9b6575f25fc1269f8aa25373ab3

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
68b9538e61a722a2c593318095571a42

SHA1
cd9156e7bda524fda744d197a59fafc1773b55a0

SHA256
f547b58855f996c42dacde1afe29e9668e81bef1222834ea56207f957571e4c0

SHA512
08e51de57cffc87d5d6260cd7b2669ecc2ea279bb0604f4983212c48f1f01721616b84d026f850edcd282fd909768e8571d766c4d63c09c9de7a8f354fd494e1

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.8MB

MD5
d694482dd1dfbd141ab6816228820ad0

SHA1
c9c5ecd7ccac51013b70034ffdc314b580a52d5c

SHA256
ab4ee221afaa5117bf633dc8b657c95b1a1c5f1f600a7eaa6ba9aabf33a0e8a8

SHA512
7d362ab8cc04bab22e072d225767fa3d6fcf67bdfd7cb2fbf51229d0afbba455709e418d94f0de1eec15c17cbf9f3b2334e6a660e7757f960ab51ef4fd4372df

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
f3dac07519c2bbf2b59f606bd7f0682f

SHA1
0d30b6a3db3d936cff920ae4dc960e3e8799ecc2

SHA256
9e4455a301c40890ab48353e89b229ec6ceb8e671378734f101f392d9e1c1475

SHA512
3c1501040bbba25f2bb7eef2f111da101ee8a31592b441044e03dc4c4f4ca200a303bf4421dd70d437a8ea31230797ea6fbafdb9831fb98556b7f1af48d2ed83

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
27f93cfe9c140905e9405523816825b3

SHA1
ab72e089c00819e09460acd62072a6894b59cec4

SHA256
df6fd80478868773c7bd3d03c8ddb5f6d9d868a650195d5fa8d4fbb93efa220e

SHA512
3c5d32304a279b0a880193df443a88f073f41651d792698228d6f1e5456db0461e2bbc06ac72067dbc3be6f729bb94d09d76ab246d8a841bbc59d203382a8ff0

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
5e91c631d15414c3a30e32faff89fb57

SHA1
8b3d89cfe4bb49c8167c2dfca2fbf57825ec63ff

SHA256
62d68a743961a0675c33bd2aed544c060e6be42a9079d78242b6fdaf65645f99

SHA512
18af1b8cd2ee52976620f2059e4c93737445e32007053aa0a98149d08ff887c1b59ab8a6dee164a0f812f929a0abc9977425e476cd7c32f9195f30e5e3116ca7

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.7MB

MD5
1e8572629dd6bbfdf1b82c30e3d79fe2

SHA1
c1ec87d8f388b25611a9922f9164d7d6db803643

SHA256
93d77bfb1b4b21c3cccbdf102e08e81f08018101c00118e77d9550dc503ef795

SHA512
0d7ab5c25464a14a9786e1de399dcdbcc963a4ee16645f526791bbd1d4f93283652e4b3d064badcdee02026a6298b88db6915016bab4f2e1c5e2876bef014f8f

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.5MB

MD5
6fc6bde1d2549de1a1c2e49afa118db3

SHA1
a1c4a5125c2fb0142f1a2c3c0ce94e7a3103731e

SHA256
d03d54d93978938caaf6c2ec47ac37f41eb6073e8f1181e23d0b2d40536c50c9

SHA512
2347e23c5b1ac377f0d8f3ad4c655fbc03dc9ffa52c9e9288d4aa041b6fc74719c2a6eebf7d04e07c024903eb44b6d35e571d55197182c6a26b8e882b8118abb

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
aeff89ed3dfe9c035543e010d07e4a11

SHA1
cd154e2a2e90e417897b2f0f22c19fdf3b16aed2

SHA256
c836701c3591432aa338ba1b99ed1c05259dec06613bed08db01d3b31c49f615

SHA512
c888e8b7d1bf20bb55a20f57fd87bbb32dd5db1c0957a0061dbf7e34d1c95a34e59aa65727acea88d874b991292160cf9f1496c35652618adb684a3ecde59f37

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
64609288e8ebea9bbf11b3adaa71790d

SHA1
79a06fdf8a41dbb0f65b8a821149d7f0e324a9b2

SHA256
1dfedbc9c128d089fa07621dc2c27b4839860550fc176273b2a5102b022bb988

SHA512
fecd03d623303d8d503c73ff15267b771202443412a76a624ff38846d02c9827e2fb7e33984b857432b4eec1d70dd82b67ff008ade1627fb75db6c1279c27178

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
510ea2f8a8d806df0382fb8e75784dc5

SHA1
5526e70a6d94dd5948f1c947226b9397b67501f0

SHA256
3385f49b7b8b702a0ba216d101418ffc59b3c745bdac41dcd17c44a8fb82f20f

SHA512
dc2eb5fb9218417066bd17602bfa8c9b794db8c2c414f7a60b8c15da79d20192d7448e81795a3ece494583562abca49b5f3791adec13899fca1e13462ba70c2f

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
2bba47c794ef94216852d33d78c779df

SHA1
e2be94f0a1127ab5ca02d42dc6f813c60caa570b

SHA256
fbaea882d76f50e522dff4e5077553b602f8755ffb86f850677d3db1b3fc1ff0

SHA512
deb100b07b3138eb67a2722c8ab00d47616c1927e0e4b50aae49d68e9bf8be5827a91d3a22edda22f7540aaacbd5613b9bc9745dedb6a6f7d3e85c898c0a437a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
07f50dc865a35fafb91036fea632629d

SHA1
dd0eb9299d90aeb3efc83a19fafaa61345c80e4a

SHA256
c4eb4475b0a32a16b3fe943e53760a9ff4fabc59e52382c927bd88e63bc70020

SHA512
53540fb05d2c751ec70b32145f2ccbd7da419992cb7d1051b4b513cde8e5bedfb649f1cffa6ff59e2b7c99522bfa3442fc5dfeadc58b5747346d7d781822edbd

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
f255b61b2330915d79135c3051adaaf9

SHA1
3be12b3b44eea2c38ed7d979c6b93d3f465e2948

SHA256
0c1846205e89ec26d5fbdd716aa56c11c61032349c0a8552fcb8ad6ad8bd3cfb

SHA512
5a6ab14c8555b2d42b5724ed3f9fff10835bdc78df69293ef4312a318d5c620c8562ce4fe310135e0baf4e087defb4f8430e2a1062782542b9aaae646ca70a84

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.4MB

MD5
ecd6885f8b9c9157391fad092b33b4c2

SHA1
17adf5c27e293140dcbff0bea059c307f99dcc84

SHA256
0fc95c1c4480b009e2b61102b1496037213c18758226b009c18909edcc53dc43

SHA512
35a3c69fbafdecc53c263aa14eb87ce75ce2c351c7cc389dec38f809f5b4c6dc16f10b34d9e4891228493982c2b64c9592a42788a920a8678885e86459f1cab2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.4MB

MD5
0fb0c8d20dfeee5027810d0b4bb3cd04

SHA1
53f9a08b24f2031250ee5ca3e6f7b51a4ecd502c

SHA256
740258a654b307f570687b73e7c6c9b98bfb7ddf19d1bd97c68efe8d1971c7e6

SHA512
37962f4663ab540877bddbb537d15a94d2766d7a3422c4406067dc59ced4eb7d10d6d0a08cc15ae489de62668a91f884b901c8d4ce528ea6800cf06c7d7083ac

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.4MB

MD5
b4a9f092af4b1712f4b33a86cb8521dc

SHA1
6029cb7b885a66a0384d802c63ff2d4b6221ca6c

SHA256
9b313115edb7a7775e30ca97918c5f6678c041bf24ce467201ee9fd253f2e622

SHA512
99cecd6caff11a6a1c43084b5d53db3e854d9ee271d8ba18c5d6632f145c11344ea89ee12b0487bc3f27f991cfafc3c785a0799017df23e717c1b9b171154ce7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.5MB

MD5
54400604af571bac4743de2737685d88

SHA1
e5acc46dd5e63755f8c84072f5d9ebf559ccd6cb

SHA256
3c06a29f1d3843bcdd4018d706f17da3d981d9f51ced2b955ce509ec778a924f

SHA512
b1d3932ac17b9ceb4cff33916999c3b80f554c42a6eec3188bbcb4d8b088bf1ded2d60d2ef7d431436d94a819f019e10f87a5b91684f33e6e656522fa0d91289

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.4MB

MD5
380bdd351dd6f0f32ac15dcb10a92e18

SHA1
9696f8570769db658bbd3f103d1b38d0d5b4a800

SHA256
6b90f13caf03ded2ce3832a8972bc61881a0e0bee48e15116211c07bf62d107d

SHA512
20e4ce51765ef2ce8bf9fe33c7ff19f1b5bcb8e74bfdc764f8c582cc94f198ebf64b369c2b013008fe4683c0264dc57b317a2b000339975949ec365917075597

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.4MB

MD5
a964502f51d2c08f3a6c16450abd579b

SHA1
79fdd294e2f81ff40a469c284343fb6ba46e67fa

SHA256
18ff3ea9d6589b6a1ecf2715da981dad3f43a71af7a8da8345d3b4487a87635e

SHA512
d433557c2c33aea65917225bdd876a9598961d93e7d3d4b8f5837e4c5e7e2980a1b3d872c0796dca1418aaf09b856e7832dc23dc801517dfb5ca587dcb53eb76

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.4MB

MD5
2a7c0ab62a364d463f5edde599319b59

SHA1
f6ccc28d87afffc6673e5de6f821fdd7096f40b6

SHA256
05e02fbc0574ea4405d9161c991f81c364858eed2089190fd2518e05ae87eaf9

SHA512
3b333eea0f0f5dd651f46342feb380533b3d1021515c7e57b56afc05483f070312dec513419584416025a2a2032778bdb13fb6b025944ea3c2ddefa21897b2a5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.7MB

MD5
01d01e0b43cdd9b33bca5e9561508ce1

SHA1
85a4ac933e6974609cc042df86b4dc8205aa1744

SHA256
117cfa3c4c8ed8f840e53f2f0294542b23716c670e0391fd96a5438975612d05

SHA512
aacab782b6b90949ed9e090259c7631b94d976b8740d2c053bea1c276922c5c0dffe8860412457a19f06326a5f5a7e34d516fcb6f400eeeca31018dd758c0d21

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.4MB

MD5
da1fb26d0934241f24932afd702730f9

SHA1
5e6a48c0088c6e5e7c2311401b95a198860f09ea

SHA256
30163bbe8cc9e3e6b9df132f963d3753079235cf489058379e2344ffdb1a5440

SHA512
046fe33b87532776a4ee8a9fc100cf2538f06ba8621fb862bb1b9326892711ef182ce3428db6bc639f512f2792efee3136b9a174a809b7116f253685a612954c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.4MB

MD5
a3e804d118b352991602ca630eed6dec

SHA1
7260c73acffdab381a4e55e18fabb9bf8953974e

SHA256
d8380a6f75af615ebf9919e484a753fddc5839237e7e10609d6825057219c51c

SHA512
efc898f8de383e5c4f5f11435d7464886139a62b47e4e6767050a65df972c5b4f66f2ff7e0a647126f2356b3a7c8bc813fb4c090d8326da942b85124715f61ae

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.6MB

MD5
3d013735eba380d50d953f20d6b9a3ef

SHA1
ae736849e5ecb0301ba3f49cf72eece0262423c0

SHA256
bef81e741df9c128a2831d405e2a24452428cb5e9af255985548a7ebb9b28a9b

SHA512
8fa2c4f97e1558293ddcfe4e227c3055699e7d54671a870d8d4de13f7d4cfccaaa2471ba84bc92b375b09cc040c10ea307c241c2c0dcb8b0cb8823a61cd5966b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.4MB

MD5
a4e048657a27e80f0bb9c74bb958a5ef

SHA1
cf19881d94c76088ed37edf3b7e9c95d738fadd3

SHA256
79042d8a808d351b936542f3ee24fdd3dc88fbc09b528467030c35b04f290a16

SHA512
d9e001bb46e130654c505e8eb65cec2d5c8e1b59917ee88541433dff71bde78e4e78619b799292d6dc6a893bce06b7ad2adee1b1377293d40abbe657ca4f70ec

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.4MB

MD5
b6e46e17f910b4da0c05de7af1de67df

SHA1
ec4846a14554308b84e2101ee36b3f3e82f3a7de

SHA256
28045eb1000ea55c93909e077af02d97be401c92796ea2354c90601053f4d1e5

SHA512
8410d65aeb1b0c0471dadde28557a185128af4c2a23c5ba0980e56ad561b98216c169e9212f122e464c4725c024419bb8aee32f08f2fe9d6c62f3f46d7724eb7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.6MB

MD5
aa2990ab27e7b29f4394b0f9eb0fade9

SHA1
c1de8432e5ed9a56ad80f18794382c81a1afc457

SHA256
7cc568d87b226f3d00c506d6e02e85f4e2ff26b52338e003111e36e37a922b7c

SHA512
b69b698d56bd38fad830b846a9aa0b31975c1e8bd3b653baae5d049bf1ab0d5cefff08ded17317f5da9bb52488add263008394384d6de2d8d3a2fa3c5b31eb5a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.7MB

MD5
fa37f6587c109e098ede27ebb8a960ee

SHA1
9dd2deebf1ceca00d79aac6a7a44ed85533c60fc

SHA256
2473935d3e20fb3c84eee28d189f0b6879db5d522851c4c163f6023d15aa810f

SHA512
e723343607fe8b574110624905541468846b5c869d1893ca21b34c85ee4e0e4fed2346b52af15eb73228bf2a94eb7a94624e1f7a61d3d23c370b889fc874b1fd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.9MB

MD5
a1965a75443ac8a1e5e36702fb2cab5a

SHA1
26a77c84d7fa854a8c733fc6ede4a0480bc2b3b6

SHA256
f48ea99bc1df3d944b320987a3878bef2da33bc3bd3b9b5403d8d9acbe0c77cd

SHA512
f63908d6359ceda1201df4eeb29efbf6e223c217d4fb1444804a05990f4801a4fdcd97ba12ff43702df35c88e27c5123faeeab106c70cbce2fae1bb958c8ff15

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.4MB

MD5
e46fbfb3a4a7115c993e72727fe34604

SHA1
65a04690d7b38636a25d50d197f9f1bd68955a7e

SHA256
579df66a896c19d330fb64bd9c57916a879f5861ac37e9f7ac3ad58e40c7dae6

SHA512
98b496bc55eb70f2045962c82f5299d6ca058124574159c50cdf1bd176dc1f162e7dbbebaf7c5ef922feb85c5a1e6759a6e20fee059d15c0a95efa3c82750a4b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.4MB

MD5
b0c5c1602150f767f7992ed145804b6b

SHA1
5cb12bff8c32fabd73a8ef08445747e65cc9e261

SHA256
491d84701451ffb9e6f061ef8e6cd4158cb498ac3e2e8d7e34b5d1ce484bbf31

SHA512
f361066a1864eec73b3fc2fcae317bfd97851b190407cb05c5e028da88613c7239c6b9e7a239fe32b5b75c6e6955f02829603ee4c835f841d75c79c96b1f1336

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.4MB

MD5
900790226253cad9b937b4f7c2002b47

SHA1
3992b57c180653d79d74c3c31df801595c354d1d

SHA256
c08ff16aae5174b8e3e0e78f2800765cec423aa4eae7ee67c9ed36f54a286a75

SHA512
a0a7e7bffee4b50ad01f1035d1040c1a97937b86b4ad4ea592df88a820da51c5447e40db0c837af6922e339e28e7e904616ed9491e24f7119385e20affd03535

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.4MB

MD5
de387fe5729f0d5eb7b8888bcbe870c5

SHA1
10c93da139c3368d4b92f5b5a6fe8f7f67917d03

SHA256
166c681d85c26487d8fac381b825f3c2d49d6c65c266351a9ba4f97c2c791e01

SHA512
d135814020bae5b772f432fbb684ad2bfcb3940b3c270824fee6c05fb96ec798b2d214f0862ba900aff6248b21348a840f8174025e14bfa9f44aed2234f1ce8e

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.6MB

MD5
7a72070a4eefd9b0efc2dd8d27f731e8

SHA1
07b3f739ec710721b24cdc7b0bbafb29b34de1e1

SHA256
825a55434fb056a9251f858818007050f39913cce7ac330123e68296be39aed5

SHA512
127f56c1432e6c154dd4f91130519ef927aa8d8b69b8a0d5449fb747bbfe45fb9ca0d2266088962301e837a00c102b5f4b1829a40ff63ecbab37dc787bb6dff6

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.4MB

MD5
5ec18e1f44aba7611b63f875d66dfd85

SHA1
c92305d2e456914956732aded21724170e357ed5

SHA256
a06d7388f00230a3760222be98023648ecc4fddff3be5901208f68e4c45ac4dd

SHA512
537f6af2fa35ed2c579ee9ca9f27ddef5ebdee83d8ed1a1dc5d78e1f52249b8e1a04992feff45d553d46cf57440a7cb6326294ef4602fb5c3c60d479b5d55e29

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
3beec153ea16c5a4b7328c6a5e0ee9d6

SHA1
f8c9674a4d0edc4f35f80b3a405620828bed4bdb

SHA256
a17195bfcffc4ae408d81b32d0cc373a9d4cf251a2e82de1681e13606a6c7170

SHA512
ae1ea23a8b5eef8b11867eaa983cabc90a2150b860daf14cde6e80011ecc4a8c006139d9f80d1c229b63347b96290b24da0b39c6c34048169e80a210c9bf9494

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.5MB

MD5
da1f6092eab7583dc4e6af5a268a4ef6

SHA1
8fea3c7daa0035ed2c8309c76f089e1953b8f83c

SHA256
a5e0963617006b8c25bdde205bdad9abd9e8bf99bb60ea3ae52a1eed2ae34a91

SHA512
3fae32ce51f0d2b98a4cbe0ca6b3a9a53021d01cfb8d4dc9b0f66012943ee15b8abd9f538c39227d29ddef5abd9a48b35408e981a6240d2ffd6e0a7546abcbe0

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
a137f4d40a582c6c47976a951aa84874

SHA1
d9bc81c9d20efb1dd2a9518782c390a59eeb383d

SHA256
f8a4e56ff2bb74d52ece83b3855c35457ebfccf7f6583428724ed062b36615b8

SHA512
e87f4b160edf3fd70ba641720061235f09140ba5222a3bf4f40cd308af1cd8a433980d153960f239a0b46db12c4f2573dc0f7c69a0f1c753f0343d3178f579b4

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.4MB

MD5
e1cd69c8f34cbd3da20ed3579b09e84b

SHA1
ef47b07b19e074a39a9d8eaf54d831b7a454f7d6

SHA256
0de8b8b9b3560441166f923273e8c97afdfb0be4df37c123605a8d2272800a22

SHA512
55c443f1173e0b919b9f06a2c1c14db04494ca29b023734df411df6097a733f5377168e36e9f2e50c41ca5a36faf7da576ffb648f0941aa3c5edfe60024ec746

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.8MB

MD5
53719927de0948ddc1a6cf198806d3f6

SHA1
0c5cec29d1d46096cb46648404603aa2eb2fca43

SHA256
ef19dad4979c1833e6611ea1003e73d629ada9b4d6c1d78c33e7ba9a101957ac

SHA512
57c942d99246ea843d6eeabe8320392dc51427136f731975b6c91afefc5bcaeb03d08229de211598336c5f19afb6f97a2a26269272473f1eacd46ca14840690e

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.5MB

MD5
8a35fde436804f64ae0e50a65bc9a7e9

SHA1
d9b6cfe78223926d788b8721c29b1152fd2bf533

SHA256
7db3a1556e12a7db30c5da1bb5c4f057fedb6e2a1d6dc1ea8627963dc4090d4f

SHA512
08eed1206d6ca57b05d555d1e51fc7a387753e512828460889809d89960d83155fe3ddb9c8739d3173a4c414dcf9b8da58027ae7574ecba11522685f50ba28c0

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
2e6c922c6d6077f956dd6c7cfbf296c8

SHA1
6806b67f8d936b10dea2f98908d47102d6f5c137

SHA256
3de8cd1565521d2299949cdaa9e7874f13e68addce647780bcf071e6cc5f3506

SHA512
ca1152bcf1912265b8568bf168372c316c888f5fd867fce2fce5a269b7a4a0564c17995a54a82511c3f06394ac5f95ae33a374358b628ea9f377d05cf90d3aca

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
c04a420ab74e4ef5e6f78df60c7618c9

SHA1
dbf2e25bf6879f3835c70420c02298eca5d7f33a

SHA256
b67fa2d51b3833ec28edf04f36b6329b1ef55b7ef40a9d7442613014c2ca223c

SHA512
59363b4bc56625cea859be3565851a31f536c63110ed47fd9d4e2393578f2796effca9ce1e33fdabc8756afaeeef57f96170cd4fe1d27d48cf529db4c634b553

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
ad519430e768d18d88da12e451dddbc1

SHA1
a2122ddfea4e6f859313b7a0bcebc490a4c76116

SHA256
8c646ba275704e75de23178a9501e369af79828a4c36769520be94531ddd0dc2

SHA512
ccfa3f1d9cb9fe686b0dd3b91af1c0c76e491791987b599d9f2be5200a33c0e564c1869bc3c469523e32a41d1a84e6b3386f06c30c214846d7568a31404c2bec

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.7MB

MD5
2a922374ff28870b609b06a2cafa28c3

SHA1
bcdb5474b3f0e58ce59e33055e9078eb4479ec67

SHA256
83a7ae68a01ada1408f9935e32b42dd0022a7b63d5a844fca23a2b52f1552b08

SHA512
dee586f7721f1e2b48b77b0695ac6d15a010c6b6e22ba0177b2a00eb18f0d2ae114bef9d20d66f457a3df230d180689c7d6e0d713debd7507adac21e3bd6d577

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
3b5e3cc44610416efb71424a2afaf50d

SHA1
4efad40fc44b2eb982df80f0b0774dfb2911158b

SHA256
d3a629a320a2deed8f9f05d7a542d006befc48a04d248d90977e1c0d9315d37d

SHA512
46388b91ca64191a111a78e29f66ed68c031ad6fb455fb1f21805a8da686c1bc488fb7de8a656cebbe8b87b09111879b7d8e111807145b1f6153396dd6b0104e

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.5MB

MD5
7fb639068950c2a03488dc4984bc2b4f

SHA1
2f365d7727c16258abc9434c247beec53ee054f3

SHA256
66a7fb761d164e6c332904a87574e093dc813f6f79999b9585d7f9f10a36990a

SHA512
c2352ec708423b65a59ec1d6fd10360f986d49553c7731faabc433854f03e5d46bc632eefc97c086355bfec32dd78e857773c9b192c827860c445da0011755fb

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.6MB

MD5
4cb0600b239c738a3b26040c0031d44a

SHA1
cbf64b1ea9fd6444d47969f387c4b5defcb5ef22

SHA256
1c152f3154300e62b36df115f02d06c2b53cdfaeb970b6fcc9317c75cd927f8b

SHA512
68ce994cf18646bedb2efa3067febe956644cde45f57336b9ae479a85ea1c377654d053b2e921c2e87498058a9c10937cf449f4339b0ccc2a4cd899ca1c1ba71

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.4MB

MD5
9f476a24e48016c72a7e449647a4bf15

SHA1
4493f1f14e8b4c72c1029a47f74ca8763b2a0a42

SHA256
2b9a000a6c79cdde3e031778c88df2b820d0e0afc837444c57d03788f5de0e36

SHA512
840b63c7aeb611fdc499a6e86c4eaef2bdbe9ff4b7f2e734cd4121d2094227f9c908a4e021b2479d285d802dc1cbe18a2b33a14d980e29bd7e2cbc14015446bb

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
f5ff2234b5db2f4acea8540d397aef14

SHA1
ec4239df7f674349f8a7802a5041aafe40b25cd1

SHA256
2d4978dfeb1a27f3ae558b0ae8eab0cff00c7a588253196245bd0c8b694bbfae

SHA512
6b4867bdf275984a8c3b364f726754fed14acf55018ceef0d594b1cebf4630b2a438eb0a1097fe70f89c048aa5d7ea1fd3c6fc34855776195a71e89a835d4ea4

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.6MB

MD5
22b56995c1be94e91f46f4b74ba41a7e

SHA1
901b88bba64cd8c2d5a71ff5365e48730ee09dcf

SHA256
3fb6a773be576e970721a0ea322fe3c0ce7fe3db929e182b4e3f32a1e977a6ef

SHA512
244b8f3345bc0ce1464989033d509f84f915dbd92f50ea3c1933028aa7319de0c7238a6532fce09dac5722a32f0b2e8f15599f8157dddbc7421f5e9c9e8b046a

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
3e14c21909ef98112792d50f66ded421

SHA1
f1d74e0fc2a31ca350d22dfd6d5559a02b66ce08

SHA256
4639cc5412a36408ba843501789e37fe5b2bc3f1255569913779d70880b5d825

SHA512
271ce5b7c96851c5d9075b16f93fd6122b71d7d8bd9cb62c4facf7c6a5e05141d5b5a85c9a187ca8791709fec3fe186f75744fc098a0820d34050ae0f728bf22

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
6efe776a6d973afd7df0d74b5ad0ad87

SHA1
a9c01d36f9084bdd5ef81f59f6d76189f2f8aa78

SHA256
a10f751962e0388fcffff7d1b1d26312558a8b5868499aa63b790dc182bd6454

SHA512
2441a36a191614139981aa87fc8d3c0f0cbb4c8666bf983ab503874247f9070ed35345fb0723a9a576acb078048fa28efc7fe4d50a88fd1387ef2586b3ae954d

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
8c95d10fbe65b91e1698bc5c66b4a93d

SHA1
150a2c7c381ec5859285346ffd0e0088ce882af6

SHA256
9fa4399aa60c45dcf431bc8c55f0ee2779290c8578b361c0117cd145eb725982

SHA512
601e53ce1e2b8336d1e888848f063f2a6af25e727115fde5795019203cb3cf84e7fbb46855ec6ed5f2477119a886fe78af5d08c2d4cd2af2d11ff3a07990f54a

Download Submit
memory/216-320-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/216-323-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/716-305-0x0000000140000000-0x00000001402C1000-memory.dmp

Filesize
2.8MB

Download
memory/716-417-0x0000000140000000-0x00000001402C1000-memory.dmp

Filesize
2.8MB

Download
memory/988-260-0x0000000000610000-0x0000000000670000-memory.dmp

Filesize
384KB

Download
memory/988-327-0x0000000140000000-0x000000014026A000-memory.dmp

Filesize
2.4MB

Download
memory/988-266-0x0000000000610000-0x0000000000670000-memory.dmp

Filesize
384KB

Download
memory/988-259-0x0000000140000000-0x000000014026A000-memory.dmp

Filesize
2.4MB

Download
memory/1004-225-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/1004-34-0x0000000000C90000-0x0000000000CF0000-memory.dmp

Filesize
384KB

Download
memory/1004-40-0x0000000000C90000-0x0000000000CF0000-memory.dmp

Filesize
384KB

Download
memory/1004-33-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/1120-335-0x0000000140000000-0x0000000140254000-memory.dmp

Filesize
2.3MB

Download
memory/1120-283-0x0000000140000000-0x0000000140254000-memory.dmp

Filesize
2.3MB

Download
memory/1764-414-0x0000000140000000-0x0000000140255000-memory.dmp

Filesize
2.3MB

Download
memory/1764-290-0x0000000140000000-0x0000000140255000-memory.dmp

Filesize
2.3MB

Download
memory/1848-7-0x00000000009F0000-0x0000000000A57000-memory.dmp

Filesize
412KB

Download
memory/1848-57-0x0000000010000000-0x000000001025E000-memory.dmp

Filesize
2.4MB

Download
memory/1848-1-0x00000000009F0000-0x0000000000A57000-memory.dmp

Filesize
412KB

Download
memory/1848-6-0x00000000009F0000-0x0000000000A57000-memory.dmp

Filesize
412KB

Download
memory/1848-0-0x0000000010000000-0x000000001025E000-memory.dmp

Filesize
2.4MB

Download
memory/1876-273-0x0000000000400000-0x0000000000656000-memory.dmp

Filesize
2.3MB

Download
memory/1876-331-0x0000000000400000-0x0000000000656000-memory.dmp

Filesize
2.3MB

Download
memory/1876-274-0x00000000009D0000-0x0000000000A37000-memory.dmp

Filesize
412KB

Download
memory/2156-68-0x0000000140000000-0x0000000140289000-memory.dmp

Filesize
2.5MB

Download
memory/2156-66-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2156-70-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2156-60-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2156-72-0x0000000140000000-0x0000000140289000-memory.dmp

Filesize
2.5MB

Download
memory/2296-293-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2296-415-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2716-29-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2716-31-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2876-328-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2904-255-0x0000000140000000-0x0000000140278000-memory.dmp

Filesize
2.5MB

Download
memory/2904-319-0x0000000140000000-0x0000000140278000-memory.dmp

Filesize
2.5MB

Download
memory/2964-244-0x0000000140000000-0x000000014028E000-memory.dmp

Filesize
2.6MB

Download
memory/2964-75-0x0000000140000000-0x000000014028E000-memory.dmp

Filesize
2.6MB

Download
memory/2964-82-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/2964-76-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/3032-324-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3816-332-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4200-336-0x0000000140000000-0x0000000140285000-memory.dmp

Filesize
2.5MB

Download
memory/4236-316-0x0000000140000000-0x00000001402A1000-memory.dmp

Filesize
2.6MB

Download
memory/4268-173-0x0000000140000000-0x0000000140268000-memory.dmp

Filesize
2.4MB

Download
memory/4268-22-0x0000000140000000-0x0000000140268000-memory.dmp

Filesize
2.4MB

Download
memory/4268-16-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/4268-25-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/4724-341-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4980-12-0x0000000140000000-0x0000000140269000-memory.dmp

Filesize
2.4MB

Download
memory/4980-172-0x0000000140000000-0x0000000140269000-memory.dmp

Filesize
2.4MB

Download
memory/5016-339-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/5016-286-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/5028-240-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/5028-44-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/5028-50-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/5028-52-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download