0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 15:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
Size

4.5MB
MD5

8057c71723a0652722db2d1016e56841
SHA1

3bd80573bd35c78dbb1a8b9ac117ee3e5d67a032
SHA256

0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5
SHA512

9be223ae2315ab54ac14c09d50d92e6c8590fd72912918e1867e9a6c2848d8677cd4dd5152aa4dedd0accdb5d13e956dce5ff895541961b0fd6bee6b3d1f9cc5
SSDEEP

98304:oh1UtjmXoyd1ZoTttJBZw4zq0FLOAkGkzdnEVomFHKnPBo8D527BWG:M6jmYtt7FLOyomFHKnPzVQBWG

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 16 IoCs

pid	Process
3320	alg.exe
4144	DiagnosticsHub.StandardCollector.Service.exe
4732	fxssvc.exe
2136	elevation_service.exe
3752	elevation_service.exe
960	maintenanceservice.exe
4128	msdtc.exe
3276	OSE.EXE
4884	PerceptionSimulationService.exe
4168	perfhost.exe
1392	locator.exe
3380	SensorDataService.exe
3976	snmptrap.exe
2396	spectrum.exe
4088	ssh-agent.exe
3612	TieringEngineService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 32 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\System32\msdtc.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\AgentService.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\dllhost.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\msiexec.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\System32\alg.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\locator.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\spectrum.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\bdb9830dd590e271.bin	alg.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_95296\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_95296\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4144	DiagnosticsHub.StandardCollector.Service.exe
4144	DiagnosticsHub.StandardCollector.Service.exe
4144	DiagnosticsHub.StandardCollector.Service.exe
4144	DiagnosticsHub.StandardCollector.Service.exe
4144	DiagnosticsHub.StandardCollector.Service.exe
4144	DiagnosticsHub.StandardCollector.Service.exe
4144	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1616	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
Token: SeAuditPrivilege	4732	fxssvc.exe
Token: SeRestorePrivilege	3612	TieringEngineService.exe
Token: SeManageVolumePrivilege	3612	TieringEngineService.exe
Token: SeDebugPrivilege	3320	alg.exe
Token: SeDebugPrivilege	3320	alg.exe
Token: SeDebugPrivilege	3320	alg.exe
Token: SeDebugPrivilege	4144	DiagnosticsHub.StandardCollector.Service.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1616	0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe

C:\Users\Admin\AppData\Local\Temp\0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe
"C:\Users\Admin\AppData\Local\Temp\0dffd9f535595efdb1d1340d0971b1f7394f777324c003166250c58057d426e5.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3320

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4144

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:5004

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4732

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3752

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:960

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4128

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3276

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4884

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4168

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1392

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3380

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3976

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2396

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:4088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2768

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
1.2MB

MD5
e461a5aa42bb33fe2d03713de9940a9a

SHA1
dee4f21785b22c93d8f5868d29f145ca51a61fb0

SHA256
8fc531bc3de61931b904663bb244ec3be98d83f914875248fd2ddc4949c9c845

SHA512
8abf6d4abc8f6780937ecf509f988efa05060596e3515e35514222b42c2771afe8d09e7cb9bef31d86f4e2c15e285b0487825e7dd5f70ec1a55ebb7942a41b7e

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
310c8992cb84e577e29b0d57240f4c83

SHA1
1d9e2adbcd77a80d4a91d71cc4fe4b97a83396e9

SHA256
bafeca38643c04b9b8e4f82944b0ebf018d57f2b3bccfa04b44198250ea870d9

SHA512
7dd4761d04048f0989771971d53cdcd04c15d07c0138877f9ff5ddeeaf60694a85eca4c7dc5ebac70f9c0eeeb472bbdaf09bb96fd5404f630a70b955251f5400

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
03e81c937a8a53dc15d9a6e0d9dbea6e

SHA1
b7c814003e676c4fe82df91b0e50d5f5f617a2cf

SHA256
4779b047b8e7e499cd337394dec692c8c020ed60f9b0b9f305c484255c046ddb

SHA512
8a30dcbf66e3ca34292199dcdf331fb9b2778d1a5edbd8194285e0db71a9a9885a53077909bc48a91aae6d7b8400e5806388e4e1e4db888d10c8d908195851d1

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
9d81bb2e3117e87f8c1e596b5e689565

SHA1
37f6bfa9f326ad89c410677b05d7b30fc6797463

SHA256
640d85bbf040bd5614656cf46de5876f1b8afeec28be8cf08a3719ba5eddb133

SHA512
c19e21a59a07621270d69c25cafd20c82cde0eb0d649a49470b5e9f3c15ce251b36cd1871e24fda9804b4d615a0472193fdfaea951f74fdfb95c643b3395592e

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
78d35e92409772a7fa0dd25b19065d83

SHA1
70c56789048ebb2096955e367a475184b3b8ab48

SHA256
4f8bfd58d9d6058390a9efdc7b90a84e1a52f128143d2c314ca4d8862c276dd7

SHA512
d2141a849cc54cc8aae7e6033eda80c9b93d075bc9cd3c125b3f89a5f912bce0c9e4c5171470bc7f70040583a66280e322db137f6c52a0e271bfa932323fdfb5

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
103a2b862359adb2ee030300e3be6ea0

SHA1
ce6e88b00a78fdfba678069a011d978987406507

SHA256
277ca4f981998f37cc84d6d29f005701c7d0e7e66e55082b945697cab8feabe4

SHA512
1610ad132b4ac77d44d39700f99f0c15988f9123ecd34532be23ea0338f1abc3e6cdefde8b3d56f88903ff1cc7f4ba54c7a89beee60644330bbcbcf2df2218fc

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
4c4bc46e6975f586f794ad7c0c29e160

SHA1
2c360f7a6f1b58d3f7db488a6b02b84c5895e382

SHA256
994abb136b19373e79120202ecc1430745bb6f927be106def2b9f6c5ebdd6168

SHA512
3da49ed9be9732c113bf921eb1ee58d43ba8c7abfcece15a8b66365ff7c2db4addbc484deb8203a5cc8f975ce666f2c40d7982757f5497ace1e531e0c2d5644b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
b4de4851a27bda3d80737e453d1fd84c

SHA1
1905570326c63d8ddf64447cb32f1f66459c91fa

SHA256
5a0425bce6ff0b0080826e8a09dc02262c06298df2207cc42d6d20d7422b7893

SHA512
8b572e76705129c28d942e72c744e23b736cdebe12cc9f9882b65ef21f1f71a6bd6183088d90d25250f7c94f49e07db053325ef710d21d3f7242bb6d8b22997c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
3edc84fd38b81fbd0306e2876c2efbea

SHA1
6c9ab850a70ed35e1c3486884d208871f9f043e3

SHA256
0b06bb55a275dac6140c8c53fe42cf94a5425c3f09f96b039e463ffd2da34034

SHA512
56626f3a62fdf58a73ebb1466bfb56855c7c602b221c637129324d8d1a92b9d09a8b412a630a5b3df4cac7e06c1e1e41bea15af5ffb49bfc82740740a4427dc5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
69f8f460e0469387aafe1ca4d05a05f8

SHA1
1171574165caf8a2d23b44ae217848da180f790a

SHA256
f833705931916be687aef57988cedd2d75ed6384bfc6097c9fd39298d28dc5ce

SHA512
5ada02a58e2e227bfa20973c74bf2f15e065f4025d38b4b93005bed1725f12838add57e4d5ba1af9bcf076e81ea32a935cc3497c7e806485c874890e0c5aceae

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
36b5b5c1ad9397603cfb860d4a1e16bf

SHA1
d52511faa357cedb0af1e12d0b86d1ee998a077a

SHA256
25c21faecb472636ef675841b26efec3875a6b939cd7db194f4c3be58532f52f

SHA512
afb66039b5a3ac899e5dba2b516363c984ec1771674c3fc7b4e295bcf8b93ec021694bf34381dacb338afb338eefdd15b3725593d0778599d435fc99b87a5fed

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
c482b5ae87df43a8b7a880c1a83853aa

SHA1
2f279141ff62c6f748672f15e71b313c934adf9c

SHA256
6427134b200f51c566c4d37d7c7d8a2cc666b2e5d7445fb93d35c9cbff1cf68f

SHA512
03317d4f6050f8dc59097870f10a3b54f1323c0e4f3b1b46e824f2acf4993b04849af359409de5aabfb5ba2d80541b4039aad6c643eeec4eabb74b357599b0fd

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
722d4326c1f54549b5b52fb03e9ba56d

SHA1
e4f54495819b63ec882a407a9bbcc958c3b7c3f9

SHA256
dcca07d26d8da01169cd90cc6de20896f6af3ac1f5cef0f16e90b1a681b1215b

SHA512
f1c817f1cc08f18a843fbd2451c75dc4bd1ef7694e463ea91161649994689d2f902d62d5d1b721128bf167160a9a0153728c7130edae8b59977e82f70526a79e

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
87d47fceb2fa6f5c686d4e14439887ab

SHA1
77b378bb078a9b4738ad1da43a7bf9373d2faee3

SHA256
f7e1645cdb71fbc21fbf5bcd2d5119f01d636b78137ba8b9b26f23880ac41266

SHA512
614ad72765e587577d0cefb3648196064fb81275a48b5f622fd9e963116cea8719856346d45b388958263e0e55f48d626e69875016e244e221acca6d75db6898

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
7be75343af97edf98a36ba8058c394f9

SHA1
790d5c10857d667f920a3b9188b42b37f1ee806e

SHA256
099b1b6ca342ada84509a75ff3e4c391db984eb72ae9e1c34267a37cc950b5c6

SHA512
9972b065f01c45d9c13f5287a06ef04ded69578fee31d66cfc28c794c8dfed1fd124b2ccf24f3044ba3a6214675c881572c7e65d252cf19655a5998fd0978de4

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
aeacb864a00c0f4f2f09e600f6ecf3ce

SHA1
765b0190bd0e2e6d999d99a2f88a4f3eab81c2c2

SHA256
eba3bb77ac96125b79470f8707d644a06fa66c64ad11b9483cb427030e7bdec7

SHA512
759eb124d03fc2f6d6954b2da97131f2865f386f3d5e561e305d8f22e6650291842194aec6fe35e69f9b0aedaf06e6c5774f18e92b3f4f4aa5027570c9cf9111

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
09dd98518f93f4eb340d0965acb9bad3

SHA1
16591dd8c48b30a902c9cf6872fa13465b8114ee

SHA256
99a6efe4ae01fb40a76b6704b593b094bebde8c520adedf616a1692d824b146e

SHA512
c979144b979798cecfe689147d9c6e015d2a4b5164efd738742b5388b33a9022d833258358addb72108778f196215edbe217e6eb46d87cab96091e8fa4ae796d

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
83d7949db7e9872d81d4af8024b7027a

SHA1
1865467a8a6d1e4bd2304097e88e2e6e7071e122

SHA256
c35169b8342f207224d69538cc68747e571aed5b16a1dcf47d65662b9d63abbb

SHA512
68b2e92b6ff0d2e71f156d7d921e21186c6cada637624ed5ab7846908430fb066af48be797914e7f2e66e792a9184c070156aaf9bcf436e80657de8b4e41f6c4

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
94c5cb98f229767a71a7bbcdfa4ba2f4

SHA1
e775145ae74042493a99207e57127a0f18ab677c

SHA256
f0f48abef41c8f6ef35737f4ab1db2bf8c98614059c34f78ebb8aa25ee3d0ece

SHA512
d01ee4a35dea1496bc4e1e32514d9c2e91432cc588566ac4ab28cc21f05749c52b7a8fc08c6e714a1cc607614c06f01274ed865502aac907a1fee41c57fa2c4a

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
9f3fb2b8597adb712cdde0e5393d7256

SHA1
b13d056cd07f4659b7704ec0fb8ad1697c5d949a

SHA256
f6dad2cf94bdbd474e15833d5de6736cc6f4c0b49c7cabc692cc88dda5c4bcb6

SHA512
a2329c319fc23c15ff30a8bafdd84f1d67767f6a9975494315ff8b9f701708be01bc62036bc4f460fdd7e4029e2dda8822e89127a322e01eb3e939f8461944bc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
d71c6415c3d6a6ce0b9c2553bfb31339

SHA1
210704c9133daea940912afd3d51426a572a037d

SHA256
a57b0989cf417bcc1bbe34d44c22c52a4de247d29e0228fffb21475f9671710e

SHA512
72f6e2ede451e52ed9bc16b53825f781011cb5a376f773fe9f49142a7d6403504fdabd13e1178c22b3467903241050d612c244cd3036713120bef63757f0ce44

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
8d323f29419cdbe34ab75e98b7515d29

SHA1
d90c7ac1db6f5a02925dba741dddc46997b778dd

SHA256
67246d3670093c26735402cb1924936a76680ea063a6471904eb8c6792d31e4e

SHA512
c854b479ef2a456b7f94a3bc49c34489feb0f8cdee28fec60964c0411ba4d2fdbff279831178ac5ce99a7cbf685260ed448bdaef57346560b5c581f837964be4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
624f10b9c975edd657ecc28f03cc434c

SHA1
1fa0ca84b1cdb98eed5cab2c5c61788b24241c96

SHA256
2d1dbf8eb4083fa6843476305020c8d55c4cfc13d59f294db4dd7829db92c619

SHA512
e435734a5f01d9078df76edb912f591893fe51f155c804237420979b6b2d70695fda3f84b27bf23d6e7e9acc75d91f1a600bfa27737a54999e5e3ee0ffe8fc7d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
3c25965f4ef874ecf0c7af15d28eddc0

SHA1
83846d54ed8544d8c813ab63e61087c9b4b65ea6

SHA256
f298b8beaccb472e029e7fbd16b3dcc2c3a253309db54243ae5b76de79bbc5d2

SHA512
c202064cf32ac7f1abf7a250e330a5ca0a178caa9dbf49fe27cc774530134da90953e5d1288ca4289e07ed9401ebf9d5faaf0acf38599e48599d40cd1ffa0f89

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
66fee1a49b170627a6530ff8f7b3b4dc

SHA1
61845e1612d6b8fb38e56f46a58569f821cd65b7

SHA256
1dafd133912ae2ae31db96f3e07e84de935679d80343a757880b27fdbe63ed21

SHA512
40a365511a1ae21ef84577df333315e39c8b59739fe6f4c60f81491655d7706931428909ea4ffba22d7e4efabbac7d8e049a6258390d5c9d518bc789b30cc2fa

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
ffa60d0500f4571cc4d52f5c6c094e7c

SHA1
51d074deecba9fa876b5bbf586a4a01e7a52e06b

SHA256
ad3f18bd77511e7bbc231c3b710edde51f22be8efc27ff3a4f21c5eb84e780d8

SHA512
147c8dc0dd5351c0c10fbecedf55316b72ab0e97c9ab0b2bc3211c90108ddc07aed1458281865cf63624a2cb3b7de616bbf7b9f3d943bc89a81995bd87add2dd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
610ddb68a6751ddee8b5afa4704c8779

SHA1
b8deaee4405cfbe9957b7b88f01cd32695152da6

SHA256
33d1adfb2209363296656b346850bd809d964690a8559d50fd6bac06fb84518d

SHA512
93ccf24e30443355b68bd6202c7f01e44e0149279ae870b2e9b1bab44ac4d1718f46e261b648e7f0104d50d209ea60aa9ef2adc1800945eb31d3b407b4a14737

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.4MB

MD5
d4cc55c6e8b3c01fd082a2ae93736119

SHA1
fbf4d320974ee7fc2301f2bc8b686911d0f92e30

SHA256
6ecfd3e7dd57389dc752ece1327e1e1047c7bf3be9deb201363c36e165326219

SHA512
9da32ebef4c0934752c17a378a5ef9e28555d3f7ca697784b1d48181c5bbeff97df2b3d58482b7a031b9bdab9d38ccaeccbbd3bb050aff8ab8ce5caec9c02452

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
f00d5d373a88419feef7aae1c5743c09

SHA1
215a52c7ad982072acb7abf416a611db30e3b827

SHA256
cca231e66888ca2038d54450be1fdeb48b412c47d97d67222f6ca8956c972454

SHA512
9a26b2dde4c642debac7cb5d433aaebf41bbf21bb2825517b3474acee77da3f1e9a037ebf7fe65449e569f4d72f3af0b078d2f9fcaba4b39c3d2cff97e059002

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
dab1b381f1df72c1653cce9098902b61

SHA1
f27ab0b21e8ebe13e717902598026e28139aa030

SHA256
559a4269342c790c768f4db8dd0beca337858fcee2e84df225c2b9a604159ed9

SHA512
8e625efbdf567f33e051f38e317a7b5c6a02814c2634a0299862f7e048b5f3be6a429167a2361afb701a3780b96e12142c27bfbaa0325de77abe8b0a4db5300a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
4d833d9d5e33bf05f2b13e0b5658eecc

SHA1
e7829669a246bf89270447f911960e95282f1466

SHA256
7d9ee2a2d66fbe627fbd35e56a0fd3c30bd2f56f63ff366fd62fcc8fb37103d8

SHA512
def10c8b2cf9313706f7c44b8f8f7434a0a2106fba1041c3715b7183bb4724a10924ff225a4d15363dfc9cc28d47e2c2663f49f8e7d56d46585b13c39e6b4916

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
0d65a1160d8086014675bb9867ae2302

SHA1
f2de0ab1135f3ca152a602a223c4035dde5d8f66

SHA256
5f0a4f2aa6fd0029d3d0ff0ad885cf6641e71cb51e82025d9da8471fd77c7fc4

SHA512
021f7314cd83091a77ffcf21c0554b68d13d9af0a09daff6e47bdd730c464124ef141d648a49f98dc3085b0e8acb6b07d5a6ea77c8c7906a11f966b6e1bd9734

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
815ff8d505605326f5a15323a03b84e3

SHA1
b31c30cb000f3abf5939b585091b815d27d27465

SHA256
32433595449233ffe38d756da345f254460686fbea4050fc8b9b8570689541e6

SHA512
ea1db4b3ef41aa7d1bac97f3e3420c0763e112c8ca0f2af1a85e07575ca56e75434b10d4282d38a21245f91b058aefb7dfc9d47a86cf4e427d47fdea8c68256d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
26fb38abfed7092d10b87c6001da20ab

SHA1
db85948fcbdd1674ce49b87430d9a3dc12d939eb

SHA256
c28ce75470e1305175648be9bd4f72631e501129e14cf176cd21586ddce8cc0a

SHA512
33b74fa0c34f23f10008e8a970c65fb65fe628589105e113da8927d870f34bdddad78656c2e30035c8238b511524aff30053ca17dbb73653949421f8e0de6b2a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
d6c421ac0a6e56bf23345d588b3b6ca6

SHA1
844ece63e64ec23890399a0923be0914462dc926

SHA256
c8f241e28b2dda1301607417637f30bec319cbdd397114a6d914f3e84df27a1b

SHA512
f5b263a2e84be7091064defeb2b07845e007961e77c76d8dd59c2f3a469b09b8ceee446fd0e6906e96d811e67fc0867541df954d582b608185431f6a387bee1f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
3a4efcce3877701e1db4932bc4b0a6bc

SHA1
0a6b2852d7fcf8056ea1dc11568c1a7da8d07f41

SHA256
d596dd37053b1973dbe7a1484a4d61637dccf7d19bd429c7e05ef638ba53cb6a

SHA512
ba743140fb4a37f1b16ffe5984395034ea6e7eb0d84b6d853d61177db573267c51803736b22fee5b36d701a9d044042ae50a8d8172f267d0357a79787528a340

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
27cfb8d5a49392d2e926eed74c336639

SHA1
275b48334a143b260ea1cd202c5d44479b116715

SHA256
227cc038942ad44789001ce7106724fa79752b36b6fa5a1f64dcba997bf9306a

SHA512
2d20d6ac732cc8e545e9f12afc0440b442ab7b1290841327d8d35c70e5be7574040b215fa2dac098428d9656d93a59e2d9bdb1ece1bd0deeebea296d480646a9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
461229880c1a4a9c65de6dbfded77180

SHA1
8cc4f577a5d75286987026e51443d21cb4324425

SHA256
57626f897ff8d51bbe2db018be73717e7081bbdf7631d111b253c58ae61be922

SHA512
c89ed7a90079845ecf17ddfdf950ccde7aed5d5d4600f30443ae7aee68f364d2e900db4a0774b9fac13c542f5c895ba0e261d4f596bfd923c43a4fcafbba9998

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
6c93080d45cd56817ef83c20fe4c3a7c

SHA1
15ba26320228171daa55786684c9de421e23525e

SHA256
27d2bcf74a6b5ff7b9192946546ff8f7f93eba83142c5512b0fcfe9f5a8992a5

SHA512
4497e5077ccbcef003d7494ff45461d36b1c0bf10014ed87b677ca2bed98f01ea3147c170a5802227d7d6c79323b298874c90eafe082f2d69c1a5d0cd5623ae5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
28d5c1687add6a7758c07e9eb50e1f6c

SHA1
d4891b4dcd11e8c3967d3bf35d1974943d6a0497

SHA256
8e4bbb9021236365869fd1364c2c24b43460f0f97060f0c4d778b5bdcebc7552

SHA512
a87e6038d0ff87c79e12e4c97a1cc0e436d3a308d5aee4187bcac0794622308a3aa016722ecc76558c497d8f9f76a51534950100dae36c0771dd8b1795584add

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
771c1ed3c186fd016ee6e15a1881ede8

SHA1
8074e4f20ae7a84eeac3ba1e910c746c2abb04e4

SHA256
b32166d919687659c2b06506c9b18fb0e70a78a92b3aeafe2df988312c53fc92

SHA512
4338720b9c324e4f374c6688c11e674f9d510fce80044e71c9a3c2171dd8386d9109089a50104424dbcea3eeba80bbeb8aec9824f12281e888b29667aa6f7035

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
7843bd6c4cdd93de12fd29c1a6c88692

SHA1
8e3d846a1206cad79389da7b6c26b665102cdaad

SHA256
08a7e5b48a0281556c4ebe5d3cb6ca514edad2b3129a082d98bb765be701bb37

SHA512
0bed9190b741ee8eabc60ae46a059463429eaea67a00846c3c51a27b28cb61b82bf3be920f60255dfc218675d66ca1033819795221d2620a37c1b84b41b5dded

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.2MB

MD5
18e302b13e4c79d85e61933fdc3d495e

SHA1
b3fed050d590cbd08c81355f2a88094b4c58717c

SHA256
2fed10e8e414f03536da11832d2da6df4b642e5c7cb37c609f70f3ac31d8ffbf

SHA512
765b45e6ee975868b1ee3defb5f73e5043a8e8c9ca36991d2e282292f7ed51ab5ff23740cfd29296682c346816913833ef0999dea3de9cd9c3b4a869464efb21

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
b940fb1732e42eb352ceccbf5380a30e

SHA1
53ec2dbc56102dc04df318bfe133028c5ef22454

SHA256
e5c00f599e05fb39a2de46c9a89993a4ab00a9db0e04b10187168babbf63bb29

SHA512
8c9b0baceb034169081732ef5e44d891f4361585887b224e6ead5de7a99ee39f77f85e2d701aabafa75b33c6784098264ae3919ac15004e7b22e519675927d39

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
bfc012ec80e79c2252a46bdd29e2aa68

SHA1
2e2f7633b0b7a281c6943ce7700ac0eb509204fc

SHA256
ab505405666cf88bfab4923b90e155cb18e89ec910799690f55fac7ebd85f5a4

SHA512
d9420df2e425ea59d687664ad20ed3afd2efb9a93e830e89707a41604a14d38508670f29c13f824da49c50fab763fafd2b1e5fdad61dc7a898a11434fd4a2627

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
e8921b3983709072373e256b81aee018

SHA1
c06263b470efec8a2c437714341f80a029a321e2

SHA256
bce0f8e2c3e97c2cc52364e525c297780d86582149e5ed7fd307ef77e6920262

SHA512
4606fabbbc921ac112ca4e8ba9c0aa21a9944c56f7ae9cb8b54c9199e45cc67b4f54a19d9fce74f201118736435e7f3a06850ce63d480e57045487670bfbdacf

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
cc0d2ba8f484848ae4a7dfe5ff573bda

SHA1
633b326275d15a75ec3e998cda5af5471a728b16

SHA256
a5d3a10b424d29277c744f0f2b0083cb1c01ca908022e45731ac0a176d3a0d5f

SHA512
61f23686ab518fb784cc92effc6ccdec150ffd488dcc10f21780f2b5ecde4f23fb6b490a15343efcdc1a4f8bccad7523c6a247ac359d7375606f122942f5e2cf

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
8c5a3fda84a6b8624e8a36f1aa2d97bd

SHA1
e2c197a5637cb137a83c968f6f66ddbb79f4f82a

SHA256
82c46d1c1f9fa620a6b3d6ce5937cdaef7461d5cb188e3222131d764d9ca11a3

SHA512
f1bf7a9be6a7b11effc190a773acd06b64a3054a5264c0305daa23c9a8b3396c71d3281da277d0dbf6292b4c435b6150f9bad128b924c985b33199155c281ae0

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
06290c2b790c884a57f456c167554ac8

SHA1
29031dbce456987cde4075d5c1db75e9edd6f5c2

SHA256
be19a842ed5ac5ea54da0bcf0c585a28aef8a9a3639b0e6cc7945fb5047124cf

SHA512
e009ad6bb79a3084fe74393d41aff4c41d59bd04f15f1f53f7f577d6fef9c204bb29c45b925093f34d7ba3289ef003e9fa1871a034858b1e6421d09079fd5785

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
b9c47166b79ccf8127259a9b8d11ba4b

SHA1
fbcde124372c20fcafbb9c71b7086b2e9f131d88

SHA256
1c307dcf53c94eeb6b3f88776ca84277b84e7945d3c08698f3fb480015d573bb

SHA512
83b5b2cbc7bd9c6d5fd8aaacd4aef59f3ce799879d83026fad7a9e280ebf338ec5821ee8e4cc0d229607cc975286904b77b48d8176ce121c4d0e8682c73b7f71

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
535e8a6f0797f42a30507b2710511bd4

SHA1
2805324620ea7d9b5ef06631283018248d2fb71c

SHA256
cf70fbd8904cea5e8dab5d7a8e7ae1983e19c6e883507f06e55df4a7e84742d7

SHA512
16c6d096099487e0e69dba17e58a2dee7da0de80a9f923973ddf04ade07a310b7c909ac3019b7df277e76d6649580692257d9aecc6bdb778d2610839a85b9111

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
1d81028fdfc154ec8c9006265768a86f

SHA1
ef849e514368c463bca8e3e7ede26bb4aff46736

SHA256
09493d27a82e4efdfdac8b99bfd209c0e52860ac8325d00736f465f476b5a663

SHA512
6af301757d9c1caf0e21731566618c76e492fbbb30317d30aa24e894c40a1e5aad1186f9c43364ff6246d0edd705d67b3f1a1cea1134726c46e52017a8351714

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
998de0e3bdc7c15bcb99b1aebb69f37a

SHA1
e165d4ab88027626107e946f890a60ece25675ec

SHA256
607c0897804c0b451ce30fbdcff686f31f75b95a309d21da54f2fb95b1ab6705

SHA512
82231975f5db45b4c7d204da40505631d325a5edbd596ddcfd4bc9ab5f8499f8173a2f8c57410df663e2e5f7b41483515b0f0b768497918eb164fe8d4b62801f

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
448KB

MD5
b5f5794c0361846d9fbf9cf55ed3b879

SHA1
288550d5f9d3e15c146033e992cc9e2965c53b41

SHA256
1fba032cb614a9aefb77060b7028890be8a5a5341b1c443ec6aa4794ecb27e4c

SHA512
45e7f74bead265f432b2aef20511d528566687812bfe1a75b4fae5eb6342d3e503551df169387b406689e6896893c01fae8d53e67635d293c927f661bab19a68

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
502666863ea18587c724f8d68d9ee421

SHA1
42acbae38b9f34fc48204f9ae8aed5798586bf17

SHA256
e54b628f344af459f1cf322c9f63958c8446cf897f0069d5a02932ac2cfbd2d3

SHA512
da20ded49bda22b5909e407c949573a0499d05bf6fff304e395c988265d5fc60eeb6c9dc268e5ed4ba2672f724d083271a9ddace6b2be90424e29efb4383e9cf

Download Submit
C:\Windows\system32\AgentService.exe

Filesize
1.7MB

MD5
ed30775c1bb1a13c4b08bc2845158be9

SHA1
1a717dae98c5f10343436d650cfcb581bbb7a598

SHA256
a851a77239b1d7acc41e72cccad26a5644f4c3b96b81c883a4fe1c341237b428

SHA512
aa6fe1eb478774d36226c7f7d88a2cb84014917332050cb48c590fc4da57be2f77f1c8da7e0049ef28ae033e426aa712b5407d956a962d9db4845d6a5c4c33a6

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
838a3985d94a3a5dee401fdeac21bf6e

SHA1
befd5dce615676d6d87bff6d8b47dc538cd45882

SHA256
71db8a51b6a937757dc490f7038361b2d3001377458d767b2961596bfba2216a

SHA512
4a41fd0ae7e607d12cb2577080d8eaf3207ce831e2a83ffe84435d4eb44a3a0b0b78cab4f624e21c27356568619e731e2f36d0ec1dbabf0e34f23ad497be2f35

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.5MB

MD5
9da15635fb42ac6470b58d7de322316c

SHA1
ffd183d4348e74cdf1ea726902d8c4df9225b17d

SHA256
66e6520b48d5561250c65c73f8acd8ee620960febefdaeeea93f51ab205e353e

SHA512
30e03af59b22ef2682a23e1c738c3d43ce3b10ddc4c892b2a299ef3c8499722cbffe7659ea278aa2a4a7fefeb5a116140377fb50415c8bcb2e3579eea94892fd

Download Submit
C:\Windows\system32\fxssvc.exe

Filesize
1.2MB

MD5
49aa16c420b6091ca5588c32d470be44

SHA1
b1d8bdd17b01def00698a381c68758302f653c19

SHA256
6e8857811b9ea0d1ad8662946921de131e2f243f770c9f30f26b6795f8481401

SHA512
80b9504b0057e403b36f60b2972bad845556aab1a624988a940be1002a246f8a984773d7601fb911742116bd5cb37ffb06ab0df9d0a0b81af09b106b08ee0729

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
a7543b1934ac8a6a0e12e48484ef2b02

SHA1
f43983da6d2b306235b23510f0341095456a5942

SHA256
3a4809f1f74c06b95974fa64970b53c4ac63e3b80892d207d0a7b7097f810c21

SHA512
08043ee5e8e56debf95c4defdc23c20af51381a7229154701bca939231d34341da9ff999b49cc0a77a7f2221863ce3b6108b714f50c6e32bac54050cd3a51875

Download Submit
memory/960-80-0x0000000001DE0000-0x0000000001E40000-memory.dmp

Filesize
384KB

Download
memory/960-74-0x0000000001DE0000-0x0000000001E40000-memory.dmp

Filesize
384KB

Download
memory/960-86-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/960-84-0x0000000001DE0000-0x0000000001E40000-memory.dmp

Filesize
384KB

Download
memory/960-73-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/1392-139-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/1392-372-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/1616-0-0x0000000000400000-0x0000000000882000-memory.dmp

Filesize
4.5MB

Download
memory/1616-1-0x0000000000BA0000-0x0000000000C07000-memory.dmp

Filesize
412KB

Download
memory/1616-204-0x0000000000400000-0x0000000000882000-memory.dmp

Filesize
4.5MB

Download
memory/1616-69-0x0000000000400000-0x0000000000882000-memory.dmp

Filesize
4.5MB

Download
memory/1616-6-0x0000000000BA0000-0x0000000000C07000-memory.dmp

Filesize
412KB

Download
memory/2136-172-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/2136-58-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/2136-50-0x0000000000DB0000-0x0000000000E10000-memory.dmp

Filesize
384KB

Download
memory/2136-56-0x0000000000DB0000-0x0000000000E10000-memory.dmp

Filesize
384KB

Download
memory/2396-376-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2396-173-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3276-366-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/3276-112-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/3320-88-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3320-11-0x0000000000520000-0x0000000000580000-memory.dmp

Filesize
384KB

Download
memory/3320-19-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3320-20-0x0000000000520000-0x0000000000580000-memory.dmp

Filesize
384KB

Download
memory/3380-370-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3380-149-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3612-195-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/3612-378-0x0000000140000000-0x0000000140221000-memory.dmp

Filesize
2.1MB

Download
memory/3752-177-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3752-61-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3752-67-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3752-70-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3976-375-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/3976-161-0x0000000140000000-0x00000001401D5000-memory.dmp

Filesize
1.8MB

Download
memory/4088-186-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/4088-377-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/4128-360-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/4128-95-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/4128-89-0x0000000000CF0000-0x0000000000D50000-memory.dmp

Filesize
384KB

Download
memory/4144-126-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/4144-33-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/4144-31-0x0000000000740000-0x00000000007A0000-memory.dmp

Filesize
384KB

Download
memory/4144-25-0x0000000000740000-0x00000000007A0000-memory.dmp

Filesize
384KB

Download
memory/4168-127-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4168-371-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4732-44-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/4732-48-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4732-47-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/4732-38-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/4732-36-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4884-115-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download
memory/4884-367-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download