b7d2be24f556f65254f483d13bb1af4acd142c3a1b2fdd3fe784f3614768aaa3

Analysis

max time kernel
150s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 23:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
Size

1.3MB
MD5

35236ffdac7b94f642954c6e14d60df0
SHA1

2a5f556bf12177d6d1c44901e918968e7d6ce843
SHA256

b7d2be24f556f65254f483d13bb1af4acd142c3a1b2fdd3fe784f3614768aaa3
SHA512

88274c46d626211ca43068737cf47668c7affc3d01ee04e47ddefd4c0452859a1028da455a4de197c88d9a7449b626058bb9c57a968e1fe1d4e8c3435a6d87ae
SSDEEP

24576:Ez2DWj1N3RUDHNmdPCAaq8Nozgi/rE0TOj:q8HNUPCAaq8Wdo0

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 14 IoCs

pid	Process
4520	alg.exe
2360	DiagnosticsHub.StandardCollector.Service.exe
4816	fxssvc.exe
4364	elevation_service.exe
3908	elevation_service.exe
3816	maintenanceservice.exe
832	msdtc.exe
4772	OSE.EXE
2500	PerceptionSimulationService.exe
3984	perfhost.exe
4896	locator.exe
2568	SensorDataService.exe
3876	snmptrap.exe
4480	spectrum.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 27 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\73fb6b1ae703f493.bin	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\System32\msdtc.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\spectrum.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\locator.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\msiexec.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\dllhost.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_110750\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_110750\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2360	DiagnosticsHub.StandardCollector.Service.exe
2360	DiagnosticsHub.StandardCollector.Service.exe
2360	DiagnosticsHub.StandardCollector.Service.exe
2360	DiagnosticsHub.StandardCollector.Service.exe
2360	DiagnosticsHub.StandardCollector.Service.exe
2360	DiagnosticsHub.StandardCollector.Service.exe
2360	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3740	35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
Token: SeAuditPrivilege	4816	fxssvc.exe
Token: SeDebugPrivilege	4520	alg.exe
Token: SeDebugPrivilege	4520	alg.exe
Token: SeDebugPrivilege	4520	alg.exe
Token: SeDebugPrivilege	2360	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35236ffdac7b94f642954c6e14d60df0_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3740

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4520

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2360

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2676

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4816

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3908

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3816

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:832

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4772

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2500

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3984

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4896

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2568

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3876

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
ef0360a38b2c70b752a84bdff6a55262

SHA1
320233af746d7b24e99849149d5e80416d13731a

SHA256
419542cbd81bc6374f038614d68117d87fef643979c2885abe396845c41cf5e6

SHA512
ef2e4aeaf01c02edaa70a9c1c661dfa5af45e2ab775e4dd87123b5b8a8da043aa4c8af239eebc2f7a4ce6718e9817179d5be69b7331fa6b6960b18960523867f

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
642f79a77f0e5d1e3710c473e6dcc223

SHA1
2c8fd973a2fe0df71bae4b10caa0152d83c5d01f

SHA256
36d2ab6fd63ca793f8611d843cc1af0bce67b0110e1fbc226f3dbb8be3a5ca45

SHA512
16d8dd9bc82db3be484a9640fa77e4492fc1050069b66144f375b297bcc68c12864098c2cc3a06da4ebf45b214feda8cd4fc8e9a41a1d92bcbbac73655d90674

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
b0782ae98fbd4165350c8065c2a4399b

SHA1
6dec6c1f93fbc3c4f0e71809dc0374e2e17ee9ff

SHA256
43146479314e5918c1e634c7d8cec50b7de11c955e6e410d7649d7414ba8d01e

SHA512
711d630bf9530a0f7d244ba1223892bf62f3d3ed827feeeb1b6b8d79bd79df81af2f559f90cab144f93bb6882029123b6ab2a222060fec95cc7f0cae00f1f2eb

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
1b521af609008c4968aa586855b9db84

SHA1
e1cfe1b7f463af426f11fe4af1ece844b3ac8a74

SHA256
8db1867ebd2c8fcf3d91cd3f4cef88e396d096a9f572dec48ddbc84e90a58476

SHA512
7f0b2b42d401d07318f9479ced0898c4ac82dcb9f1e78c8837f515d164623a980b92fd8dab4a49836ab0f953b1a70575bf81798673288f3b06625d831eabc9f5

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
122817613f920a84e1bab56b922d6f65

SHA1
ccef75811d0334269f3882c9abbe31c9926cfe35

SHA256
fbe2f0dbd86fead552d43280842e0ad5decff7b134fa516e42be3deb56c79202

SHA512
45259a7e4da5b5efb745a9a7cb062e01aaafa736c2b5d0d8928f51e2f1e5d3e5959072f03bf236fc6ba89dfb44fd9128dec6fdefab6ad9525fcf41a82b95237c

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
38e75548300155dd04bba1b71e45cece

SHA1
93b3f8dfb463f8214419f4c3613218e81cdba60d

SHA256
fae67f50bf62fa22d7a43268ab3743ffac0c387663cac53964ba0e6609c1db54

SHA512
2381d34f478df01d6126ebe2511fb8c0941c0e922037eb16d4c193e15bfe446a4b0e4d26617d827ce7b6fbc9e170ec5c3d782a3112dc179496854ad69a21cdda

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
0992b3695b67c57f0c48cd4c3df21225

SHA1
78c53ead72e2472a4e3d301bb5fc7353dc377f0b

SHA256
0e44a5680c66401f486830f869f132e36b63337b699304ad626128c0dbd8683f

SHA512
d0400520252f9bd1f021e46c3f2335bb3bbe8de05c6bdeafa3920dfdbddf0d04bb795ac791a3e9d254f48f195dbb6567c13f9881d6df3894112d9950397b1405

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
3.8MB

MD5
ec12bbbd1715e296e31f44d0637cf104

SHA1
05e64526b2d6c208533e2afb8574293f5aba0068

SHA256
508e0e2ab14d32ddc0072eb8f1e45bf8c48d3be387ec9c723267d2af32c1f98f

SHA512
5158fcc76ccb05e313d587e7e7122d8543bf70e2c1f93f834f1e4776b175b3690f4e3e926fd6345198796da55420ea4ccb07e5e89564e4cd613b6613238f257a

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
578cec188aaeb0a1fb4bf6ff0c302e94

SHA1
d8c295befa6010bc3fc4d6b7659308445994ce7d

SHA256
6f28f8a601ea04c084bd4bbd2ba07d14de96062ac1f07a69280fde33e88ffbd4

SHA512
9b8f761b4d685c008b797e8cf6b662ffac4a4a4034816f64101859defe240b5ac0144e770a292b9c75f4a205766c187a0177e6ea79e232afd3465805693b6f0b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
3.9MB

MD5
df5fa2849054559bb06d179a4d3614ce

SHA1
91cb302c3c8d7c0d4c75d6a80fd8df95b9d67bc8

SHA256
13d59a6517fbb7cef64a7c7a369356055f34d9cc3496582b00ac5a8a5667a8f0

SHA512
0cdea7ced23ae908cd0a2a70a238f252e07eaf42189d8b4226bf417c8174a75d0f6635e0cb07f7519d1f43f75176ab13c9a0a7b4bb971edbb2c8f1565bdae830

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
94a06bd3b0018618a4695e1b73213190

SHA1
3ba8733b61233fb85de754fb9bd39c1099b5804d

SHA256
480503d186cde473d5863943a885821832033c430d70c60a2eb58eab26127da0

SHA512
6ec33f04f15733f79d8bca28ef5b6db60e78a47df01ac0320804fb280286b79a4c60117527d3923c6a552530588e96fef643811434d0dfdb0cfdd9bae77bc8fe

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
6337bd239893f80bd3b8009d1c82c6e1

SHA1
ded2e401a52e4a1dba6df44e79e834405325f12d

SHA256
c1b392ea888aac470dbf3eb0420b831232228990cabae0020a20ba4c2518229f

SHA512
4052fec4761f81c464d3a1c28586a25e20b3c2b4ef8f224768edaed4826c281be1c685bbd7f533c0a301a8ecada3aaae25d8db2eb82952a2890863060baefe75

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
699fa6130a606de70020e8fffba96049

SHA1
b03b27f9e63ac955984600cf35227afc4c574069

SHA256
fdf14fb8949df4a1cf93caca1a6fb25c85b9cc3bdd5bc20d4efb18d9c13bc151

SHA512
64569ec51ff4c00a6a6428b7ba3fc4df107016c71c8ec9c5567711744c61db1cefa3abf4143b2011750f477e8d5f78f9c20f66eedf425fa43b13e90009b33cca

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
8dda0b759b9854a3dd4ef2e954814bf6

SHA1
889587e713e88535594cd8126578ecd61179657e

SHA256
c17e4c03adfa0e1b055ca7201fb50683f1874c9d29fd9740ad88f562642791d0

SHA512
435e9fa1b61cf7d143da934b83a9737700aeed8d00922fbf1aced5285453b3c97d702c04e3d70a181632ed8790077e4a0f2d9a89d8bb783a61b6090055a89174

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
7d9f23e6d4c437c3bda7cb2fa4d6b088

SHA1
89bff43aa0c3946406cc1f355ada5c02664a0ee9

SHA256
84c929d3547399a91304c90c01570371201b8f81029227866bb104d877d3a16b

SHA512
c8b2c051e27cc8a9ef58c505b74826e0e3f66849c7efe6a452baaa41dca0c5e9849595636f1c0f06148be8d3df75390e73c6f260c9c53d78b126fca0f62f327f

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.1MB

MD5
aa67e5991a8a4628a3f4d15c93c21333

SHA1
11fd7246b2a1f43e2017f9f56143ddb34266cadf

SHA256
fc5edbe8115424b3f924f0451155efa0d1141842963076d2559b098131e8afd1

SHA512
b52b1e6168d5318bbd8467e1701abfa6471d5809dae4b3db18d00c5457dc7a31f006b9d1332040cd8b444aef16c59ca023992a6fbf398e99af76011d914f3eb4

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
f87ad7474aec9e868a7889335a30ee5c

SHA1
c4656540c363904b8d29ae293b343cc2abbc41dc

SHA256
e5ba55b6da23e53bb945d43c894ad9a76b74135d480797a7c7a9170e015f2708

SHA512
2b5dcf529d57e9d4de6e3721d742c873ef17823b298e7bfb1ba69bb367243b93739543f0acbad1129406199865bd2cd76acb29ee39660e4b46870a8b1edacada

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
89272f0fb3e3412e8f3817239d87783b

SHA1
55367123b7ddef837369528c56f0251d75508034

SHA256
156ce431c467b84528a66691dd8904ba291a0cd5df265b0c27f99320eb5b9997

SHA512
64117c5d56dc73d3bc704610b6ac63da15e5d3ebb40d0952bb77aa5591a9c16f9bc264e0efa1c783877182fd5f215dcf3b2404d5e22bea0817a5bc046c421470

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
532509f452be7dffac89715efa6c9c93

SHA1
ceafec8d3d03a1a276d069c344a0337a127366c6

SHA256
a5ff308fa62cb1045f7d92574ede9c6e5f90000798f78e9a17f2dcfb0c68a4d2

SHA512
b64278aa27a7b9e4e203c08126998e0000202a9a4dd4634590b87237f12b893fb286615bdf49180bf104c8620838bd89a0d87b4a90b2d0ea8c5607ddc0936f3c

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
38a573f610feef7a456718691f01ffc5

SHA1
b88a2d6a8046b62ff44ebf1facf415c65410bc86

SHA256
173c4191af459f4c1b330007b51a4062b660bbecd5374d22d2a7fc3d02468cb1

SHA512
5d56bacb244814a296d42ee11b0f2019bbae195b4d69132d2be27a8c9068b77c2af70869357ad73f1238e9ceae1671a0dc623123ed270f7d1504216d394cff18

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
ae6be7843191ba18cd93f09cd45bf546

SHA1
91a99e0c08af1154333f3e073a33f0aaf1dc796d

SHA256
5ea48c69bb6cd455de467bd5f70b37bca5207aede3643f08d68c18ad0e58def5

SHA512
c8339b8bc37daf72da36c1c0af2608d2d98dfebd5cc16b49b05f140415736f2f033f8e23221e0ed6dbdf63c7a5afb7db3cdd8a399d176bb1853177d5ef13051f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
f5ea1cd7de06b72cac0a391c10eea5d7

SHA1
3101fd4b811c0fcfa78dde9c7f4faa4137a8bc3b

SHA256
48347cb66cc17444509d7dafd8d964bb9eefd1f0f2fbc632acace5353d7b2c1f

SHA512
e21c65fbdb1e599617bd4a66b2cbf8898b69558bb71c9fa01e590c60b49c368f3cf8fca3e31bdb72553f0b335a3a2610c9f7dbe8f96972a811df29b4dd7794a8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
22d233e7a6937323be8b6df68aa03b81

SHA1
737b75f8d7fb6455c49749584be336ebfafedacf

SHA256
2f17b19c42d51415190db205f403cdf3d3513a81f5cce5a61abe0243e43fa256

SHA512
482e9f9e292ec29b4769a28d1ba840ba6901424120cf1c3c5b0dd6132d505afdb28df791b99156d538f9246befdf3de33ab14039bae51f849fdf19ee35e811a1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
5a066abf0f3c598b5650faef77cfa418

SHA1
131c7449230e1a615ad50f91102f84ef200e6da5

SHA256
e7c163737d7071789b531b8e6ee5f1a6953c023eab234ceeb1633a19f8d81a4e

SHA512
72e620368cdb6089fc884e62f4cbe840b92b5fb9301f55570403b953533f8e2f0d03dd5a857c6d68d447a879d7ad21e8d18facd5a5e56fb4c5f8b18187da94f9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
a4c68bc9d85c9b3e5dd759672641d372

SHA1
ead30b68c3e7d96deb3f5382d4f124198a4dbd64

SHA256
cd7a10108279ecce43be0e41fcb9eb6c3c7a88ec75419ca7e36a131ab5686a9e

SHA512
39a544198732dc910a32e4c7995a9f8503412ac6dfe9ab09bcd123c27a5dc3907b1bcaead01abf9155df8af67cbfd6b7f891059c97dcab5a1b23f0889303d7f6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
208047ef452ff6c3b75b3347063b1690

SHA1
59cc05742f656d1b97cbcbd536da4ad768296843

SHA256
8e82fbf08538008f226dcc7fb9dded1dfe63811956152c12a5d8cf34540b8e9e

SHA512
41fb70a8711508a6e17107350cdf6579a293f3697a4528efa33ce854b9c51d91f979e6ed0eb0a9314235bc43e3ec0f6eb236971d77ef512731a5aac71e8b8978

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
97a812e2316736ad66b633ccb5f1f1a3

SHA1
90a06c792f5030e3b96b39d366e84527f6b65377

SHA256
25afd31aecc5ebd900957b5dd29687422cb04838ebd3fad6f6934cdc4ec7cdc9

SHA512
1bddabc3f1b6955fb3e9d6d2a4dfea33d3afcd39a23bccb0a17f1b05ec9c486620f24af2926ed5169b34c8fdfe69e651f53d608723d93738af6fbe78dbf6391f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.4MB

MD5
a38ff882f5ecf9af897b0a40ba2d00e0

SHA1
a6396e7c954777872b5bfea69dd81b5bf289d03c

SHA256
87fb3c9119ff0b4147c2678ba29280ce2920ecc969cb0ca29c8ab5cb470d2989

SHA512
f0f52391172ea82975296acdea994b486d1537454b66fbfd32433a872f5aa48b9d1dd5da7e5160a74c4ea4d4333803aa7357fc4f13a881e1dab9c3bafc745604

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
6c6eb0b75f13c5342230f8cadaf7a2d9

SHA1
a34ead9063e37957bf841f97ac3793131f70882c

SHA256
71506abeb49d083326652ac87f92702439270baa32cd935fbc6537a11166f407

SHA512
90e382c8f86165148b7a7e90afa58e9182986f39d7e23b97e84351c40514f83dd32ec4622fc5b2a61a8faf2ef652cf5c60e3b5e2b100d72775a5a7b3d4e6c1f9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
437d95fe316d5799294afbe62d62cc2e

SHA1
696db52e60e22274b9e9f7074c798cd98224398c

SHA256
9de30f91d5f2132ef7bff8b27b97c5333c0e8512940a52a3dbe835f64baf104f

SHA512
d7f0c5303221341e2f2feedf7cda83b3aa4b48a3b5a914ceeb45ef89367193f60ff8ff1ce79bcced0a70f7b7e36549ce38290a0a678837182e424228f012b334

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
f41ec6df4095f770247f71b9fff9d1a5

SHA1
69a36b9b481b08b3d3021449d8e903c53b37e355

SHA256
57725b5cacceb0e8401dff4e018b6979a417b495ed84311c830895592387f6a8

SHA512
431271aec45c48af83e69ee832c444b6d6191e215f91efffaba96f94d6d25b12b9d5eaa87f83f8e5e89773fe373bb239df563834f6ddc01f265eb067212ac46a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
eb5d76785ed998acbc572e2f95f19810

SHA1
d99b1ca9ac2f3988befa19fe3385f8f9d1c780af

SHA256
2294d51e981be986756a66741006a9227718a9d141843ca7603c2158d32f47f3

SHA512
70a0262ffbe447075f7e7837385dde69d162e46dde024d4931e9942df3c75ad13749c34f044e367e782c3c0cba58bee5c4be67c54b526956e5383f9d70a58408

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
b70ab0af96f2e6fbffeb21add77e58ed

SHA1
e2d08093697f69eeb25a261262192c6d927fc0ad

SHA256
1f999f7934cacabd29ef4d66627c1e8f7c99e151ba01ac2d3e5fb8b08e1e7393

SHA512
d78c640cb998be1187abbc226aaeaa1d946e055040c229bceadae33025e90f4e86341b3a1b0639e173f0cc014cd75e684578ee94ac55d7f6ea6505299d18b6d6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
6153bd44561affcdef72e794fcdac647

SHA1
7ce6c09c735383fede0439f009a409595d900112

SHA256
a708e9f58dd2ccfe08619d2eb6ed858af6bc2addfdd92ca2c2cc8ef9d52c98f9

SHA512
caeebc8da40e8cb89e2f1982bfb803d06621749bdc97ff4184b61cf2e2020e40532ed17e9db35023d3fcc555495923bc5933087939b5262d927c38606b8b58f6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
bb6eb7d333bd52b132dcdf0329a73042

SHA1
587d4faf94d94f4aaef9e31d00d5acca7cb0c048

SHA256
aa8fc7c9341fc45d780d9fcefd84d4d7b4440b33915285f1b45f434c72810479

SHA512
85fc3aa1004144bf30f5553bf3e5369db4ac5e41b6a0dffa6285b78de3378c2100f2b5e8cb487e51eeaec80e58dc25b76629f863ade9663115225ea28031cf5f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
bd6f8ee1fbc11d52e325190a6fe2708d

SHA1
71839385977bfbc59efffaa5c593900407b302ec

SHA256
9aef4253d164e81120fadbe15062318b43a9fff4ee2c76d5c302c147fdb4b9bc

SHA512
78f1e01f4fdb39b1359014a03d59253463f83dad35f1a54edc650dab59df0d8ada447f61fc9cfb2e7e082ee4f89f55ac9125babc08944708c6ccd944500347b9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
098df60b1fa76d8a5e09a7d9731d3a52

SHA1
ddaca2d18eedf4b048bf2cd9da7478a3225b3865

SHA256
b6d112cceee1581e775fc5c4d1a6e53612abd4debc0a99689b6c351a51da803b

SHA512
dafff92d17d015e99fe4748e9b97aa991c00329947190579f5e8d4e90e4f6ff27e82414602c40282ac5a785afbf2049895c4dd8d9d09ad458223a05fba56adc9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
a0b74298111c5b3538c8f4a4df90d896

SHA1
1b4d932d507bcd30d7c6b04fa8ce6131ba1bff30

SHA256
31f0cddda83604aedcc22b8e51ee34eaeeeb0bf7be42017ab725227cb369d0c7

SHA512
0311e49c8f69c336984b5fe5676676131e7c57671e3a8ab8947c4662a961c50e9f9dbb0745c5166d46f2f50ef0f49b1231edf3740abe0028c9c153bf9fb6857d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
d912a14829d32a5062ebf16ca272ba03

SHA1
d475f810c3bfdf754b6bd4d6bbb53ea277cebdc7

SHA256
357b76eeddefcffdde6d1ded598200195cfb422540523c1633f0414f8309fb3b

SHA512
338694fd953b7f29f21dcd148726880479e7d5b7e8694faa919b7ea6efc464a0221db86e39e803e0e24d422ca350b6aa23dcf8114a11e6501103d75a26544c12

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
b2862e1ebcd092eae16f11d5120ee26f

SHA1
08e9085b83987e43c3bfe2c1a879ee3ac555cd50

SHA256
9949f6562f047b185b1049272041105ea553ba1617a9d73766b60a10894828f4

SHA512
39431650b2fa9aa1107afcd8cdfaebe118db1c9e553dd3f907ae822aef7d38e3a70a7b1ccf8f693c2aa5157b2c1e39954054ac409486d7bb8a69a8140589b3cc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
a7a4e0d6f06a817e1e815b065463d4b4

SHA1
2a633827edc656f7c1c1b7966cd7edb1e77d4e64

SHA256
f6a95786a2926232cdb3f33065000b26691f81f03bed28c35d832b04352cda3e

SHA512
46161dce9785fd4134c348d68b3a113f713e71b6cece0a194c8c977523b841404cf6836148cebed11311af4e06be05cd586371691e8c67a7295361bc2c19c97f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
d7828062d29d0fb6c57efe306b6ff2a6

SHA1
9d6653de888381a3f59ae2446a4aafccd067175b

SHA256
800d8bb839958e83d262641bd471e77dd01818d123f93026761e8b29a437472a

SHA512
1e9d6af308f57e0f472f774c1757c857a10b5e9633812b31850748b45db9c9c5ea4e78a10fcded16215b7b2ae10b1caf89ba78014547d8be599a5a24ab7f8673

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.2MB

MD5
51d026ff7273dde68f539fd390294510

SHA1
777a7ce2a7ccfbd81cd2b64b25e080eeaad68888

SHA256
8ea437f95f99195ca0e15c1608debb57adf63580b689219adfc53c9c54105342

SHA512
fe3f3124502353454b64f4307e8eb2d31ba40cf861f4ab95b4413bbc7a3b1212f79192fb606b5502f623eaa1ed26d6d41fc439c4b9a7d430c4f0144ec2cc3b92

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
1.2MB

MD5
ccf5eafd47267f3b82a38c5fc087012b

SHA1
2f12e9c0b621e78724e88b083ba06d57fce15838

SHA256
9a4416b474679d6a4136e933de0a7a1cafbac8fa335948d4e8885fdb34143b5a

SHA512
7b8e0fd9bd000a2a920abd0fd40edd2632dfc05cf7eb229b5e2a9a1e6481f4821643fda393c099b53e8e880fb24ce38f7d109c48a6a6c18824a316d2a2bbbfe5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
1.2MB

MD5
28247b6e1980e446d1cc0b44722f5e9e

SHA1
fd074bcfe74043f90245b91bb56f75360ee6243e

SHA256
127ba4cc05b6f629ef8a51a74e56b4945a8480b06ebcbe2d93a1f3faa4eea82a

SHA512
4af65164b4a55ee76b804ed3bb85037e3adf60fe037690c1abbbfe75adcc038e61c316ef3e5c6a79061cf83eb4f756a74afc06d3fc40ecfdfa8eb7f10fa4764e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
1.2MB

MD5
e530bd265c7f13d20c42e99179390def

SHA1
01f8294a960daa9d227de08e72a93794ffd67528

SHA256
db6e05c6d6309d6a242fa27bd501d0cc7c257fc923daee182b55d284d054b610

SHA512
fdd31d7a810e2188279f069e3a1ef0ab7ed7fe42c3af7e7676d8af235cd74138b7ecba1fb1d11597facc18935eb338e1325c0aee9f3c34416c3164b857154edd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
1.2MB

MD5
6d0e1f6f077adb77e1a6cf2386fb9f4a

SHA1
ea10e64b84a8194acbdad8425651838ba0b53ac2

SHA256
59a17e2a7f623a7e776d0fdbd39b5b9f8f87010587d7ef1e41d314a1a3a032a1

SHA512
dd9466c69c82d1d8fc301cb181bd5315fc3d14cdf383b4b39470718265a501a33f7ee52de0241945036ca596f9f7506d83a4f5209db7b4e75f68adf5873e9177

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
348744690deb28891e719b3e476c08e4

SHA1
97428865413adefe9b9aed29097fce8fba59e621

SHA256
f5581bda0ec348fc78462db5b47c8ff39cd18ee19ad8de5e7db101e74f5a2dee

SHA512
48f95b1a03c1ef27f4c970c4724db31b59ca7443d35cef47c475ca79116b78343f0993fe134ec5951aa8d3239911be46decdf5426a7df33305a02062fe6796d3

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
d659db8971e2ed9282f8c680a2154dd2

SHA1
8b3c8cbdab6f48f167a02298a7e4d67dab65fe38

SHA256
aaec118b48e43b51817e635c14991a6bd997d54ff2a7d302f348cc281a0bf27c

SHA512
0c22ebd20321dad83d17e900cbfdac3248e568081bfd5f66a4d2fdb20e0485653fa4e060836ffdb0c68abd576647e72609eef61f47935f8b75cb9f4dace7f295

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
b0de62d13251c1457476f250b8a6b94c

SHA1
d63126be0408edfb469ed22803eb4e6f7637d70c

SHA256
bce52ac341177c886684b3b5aba7ed55d079e6d65db722a54d4daf41a2657d18

SHA512
c23cb91d0c1524750da2ff062b89535239e9b6f6a8466e5572440cc791e4c2f56098032ddd9a1b3a8e255c771f7ac1d9febc05fc79c4cc7d2e0901b91f0e66cc

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
cf555e456e9de6ba4fdffafbfb1c5303

SHA1
5687f4d597fbf33b48d7c9554624d5997ddbfcbd

SHA256
8043c81711845e34061951e275e0b58ec48c689780ae53124838e474098890b8

SHA512
3462e8aebbb5df627063523ffbea50a09db892a371057d495355362ac0aa368c337f240a63e5e01d6604e0c9afda393b15288047a5bd260d97b19c7b25aae767

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
c705ca3bdbc376ea066a14563dae29ac

SHA1
40b137704ddd1a0b1bb6a3c27772a5c435f57dc7

SHA256
ea4b4cc8a659cef05d4d454dd0d19222289f6384433407ca89fa73bd6895ad14

SHA512
8517c39d3a9ac253997df93753a36040c2c414672c11d08f32e5eb7a61d6d9e1ce0017a40639d90b828a74b2bed61a2e25e17d9828a92bcde95326cecd6e380f

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
ab48bea04653b2e0c77428069bc4fcac

SHA1
779ab79627f70ad1575d750e085a4f371085094f

SHA256
a4a909ce16978c9c0df713e426c1dfc573d36796fdd783bb3c9e6a6b411601ae

SHA512
fc5db258fd52b26901c7c6f9f6ba8f40b05371f116e7a93ff88e19034021a5283e30e9096896830c370f9da0a119972c8cf7589d994e8971628ed86391c86418

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
fe0943d0890f82d3e58daced93465196

SHA1
587bd23213ea7a4696604e0b45544c72650d6f9e

SHA256
ae66e21ab9f7b94d95c8ecdf93e716a4653da25358d315cb34333306216de668

SHA512
af2157b2b50c9cad90caa61836de92008f3713d515dd200acfab5947011e1a8aaa13bdd259a837d45671652eb29248b8cabde8594127711988f7d7aad7044293

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
5a4051ae5c06a10704407e8208a74a30

SHA1
6a769ceb165017ded9b6c61fb7b67d3c9f5832b3

SHA256
0801c45971be02b8bb3a358001eb71b0f8ce14136f73ac67671dc32d1e7377f6

SHA512
a451401086fa4b95e8a59b2d8d9ed58b2cf6cd0749fb6d08d2215d3ff413501221f4b6d4412f2c8ba10018a8b27afb76c18ef014b5d423cef707ccd0076e87c2

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
bf53d5dbad2f808a079c2603c329c98c

SHA1
67b8490812c7930e7d5200c1cd94ffae0f805665

SHA256
c084b50bad6ff84f67f88c7d35b18a737cdc77a0405d8be1423cd63573ee6b90

SHA512
15f5688c43993deab82789e1bbbb78986dc1658ca8510cb432ab14a828671861e659e063dded8ce7f0341db291281d4fc9e9b4af5945c8ec0b360cdd9cf4f5e4

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
48994c60543efa6c7b79ef11e4c552f1

SHA1
c46c6f94f4b03843c57cdfd20ba5ae93782d81b9

SHA256
f91086b36f743bb9aef0e863dda5f65ccaf5d725abf828d23c43a924f2e5f7b1

SHA512
708edd24102c76f1ffcc8d9ba867fea38dae4fd71b7090804759e2505ff840531d5c92a7ec324a29df261a5b7776fc40a06c161fe3c899fd92b7427210019896

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
12239e7f5e5d8dcaf7db20f99616dc60

SHA1
fbba7037f2f42333b56976d56a87e45486d83647

SHA256
0f25ba5fc736e2d30680b6c3f9009e4c72f6f3f0f3e7180f21e6817ac48796ef

SHA512
c25a33668e9d6fcdf46b8ea081441e22d114b5bd99597d822ce84ca209fdb5b5a32ec733c5970d3f3c8bb0b219b4f9dea11d05ec66b68d3c49d96d6ddb0021e3

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
6b2fb3a5db49649532f823c0886e816f

SHA1
3569408af356c823ac2b420a62966b7358084f87

SHA256
cd305824c365212566480ee0928c04978cea14bef5b547c095fc863a1827ed55

SHA512
bd88103d28c5685102ec170f6da197fbd49d053512028ea12fd53c006f59dfc9da22cc7cb3c8a6915b81b5c59472d1aee0c1e242f03baf60b8bd02a74e2478df

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.5MB

MD5
3249e5165e4dc026ab3c3b2f73ee3dce

SHA1
49282b601a9f35b357ccdaebca67cef8f2bc173b

SHA256
76e5a986182654ff2d6887af8aee06d278c46bcc3a06bbbdeb8410864e76e018

SHA512
0cce17a2dacb5f4037dc0c78fe27d2958c60b5c651322715b8f3c594e6f78e12ee5277c4b70e5070eae3734ba891bfb4b8748dced3d359e4e4c5fa2f97aa0a8b

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
048dc6b7a8eb8844449e67d02385c5ca

SHA1
4ad025396a5b7a6c3619e28f94e7b6846cf04fd9

SHA256
13d121ce17297bc06a3b7a30ac7a59f62c046cf9f9a430e3999f5b7ba3255ebb

SHA512
5b5acaebc6dfd317bac67d123b4d72ebb1579785ff7d12a1b3d3b8926e70706e658cb186f9c75a05cacc276c1b06747a0fc9e10515ee53f9ba3dc5077eb04450

Download Submit
memory/832-89-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/832-90-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/832-350-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/2360-26-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/2360-168-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/2360-34-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/2360-32-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/2500-141-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/2568-169-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2568-310-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3740-0-0x0000000010000000-0x00000000101E6000-memory.dmp

Filesize
1.9MB

Download
memory/3740-177-0x00000000022A0000-0x0000000002300000-memory.dmp

Filesize
384KB

Download
memory/3740-73-0x0000000010000000-0x00000000101E6000-memory.dmp

Filesize
1.9MB

Download
memory/3740-176-0x0000000010000000-0x00000000101E6000-memory.dmp

Filesize
1.9MB

Download
memory/3740-1-0x00000000022A0000-0x0000000002300000-memory.dmp

Filesize
384KB

Download
memory/3740-9-0x00000000022A0000-0x0000000002300000-memory.dmp

Filesize
384KB

Download
memory/3816-85-0x0000000001A70000-0x0000000001AD0000-memory.dmp

Filesize
384KB

Download
memory/3816-74-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/3816-75-0x0000000001A70000-0x0000000001AD0000-memory.dmp

Filesize
384KB

Download
memory/3816-81-0x0000000001A70000-0x0000000001AD0000-memory.dmp

Filesize
384KB

Download
memory/3816-87-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/3876-170-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/3876-353-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/3908-346-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3908-70-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3908-62-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3908-68-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3984-142-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4364-58-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/4364-51-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/4364-57-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4364-344-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4480-189-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4480-354-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4520-13-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/4520-20-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/4520-14-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/4520-139-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/4772-140-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4816-47-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/4816-37-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4816-38-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/4816-44-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/4816-49-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4896-143-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download