8a6c80262eb7b37d09d02d99d20749aebd16a0bfc0e4d447e27e321806076fca

Analysis

max time kernel
151s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05e03ea0412f9d86c90553bf1d36afe0_NeikiAnalytics.exe
Size

628KB
MD5

05e03ea0412f9d86c90553bf1d36afe0
SHA1

47ff9bc58560d93a657c021f61eaeb9cb8a669f1
SHA256

8a6c80262eb7b37d09d02d99d20749aebd16a0bfc0e4d447e27e321806076fca
SHA512

c76d8ac0797d80c05892db1ac93953bf42c77828044cad138492d505c86994debdeb85e25d906554072b9163532c32339371eff166c96441715250165d5dca57
SSDEEP

12288:bhzkCTtYK3FN92mrRUDkDTYNmN3Rus3SAFYq8Noz9qirzrEX1fsd7TOoOTd:VfTtYK1N3RUDHNmdPCAaq8Nozgi/rE08

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
5068	alg.exe
3336	DiagnosticsHub.StandardCollector.Service.exe
3768	fxssvc.exe
4904	elevation_service.exe
3860	elevation_service.exe
3936	maintenanceservice.exe
3956	OSE.EXE
2952	msdtc.exe
2268	PerceptionSimulationService.exe
3028	perfhost.exe
704	locator.exe
3824	SensorDataService.exe
1364	snmptrap.exe
4208	spectrum.exe
456	ssh-agent.exe
1484	TieringEngineService.exe
2980	AgentService.exe
4336	vds.exe
2984	vssvc.exe
3476	wbengine.exe
4700	WmiApSrv.exe
4752	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 30 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\e31bd52b3e2edcd.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	05e03ea0412f9d86c90553bf1d36afe0_NeikiAnalytics.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	05e03ea0412f9d86c90553bf1d36afe0_NeikiAnalytics.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	05e03ea0412f9d86c90553bf1d36afe0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	05e03ea0412f9d86c90553bf1d36afe0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	05e03ea0412f9d86c90553bf1d36afe0_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	05e03ea0412f9d86c90553bf1d36afe0_NeikiAnalytics.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3336	DiagnosticsHub.StandardCollector.Service.exe
3336	DiagnosticsHub.StandardCollector.Service.exe
3336	DiagnosticsHub.StandardCollector.Service.exe
3336	DiagnosticsHub.StandardCollector.Service.exe
3336	DiagnosticsHub.StandardCollector.Service.exe
3336	DiagnosticsHub.StandardCollector.Service.exe
3336	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
676	Process not Found
676	Process not Found

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4284	05e03ea0412f9d86c90553bf1d36afe0_NeikiAnalytics.exe
Token: SeAuditPrivilege	3768	fxssvc.exe
Token: SeDebugPrivilege	3336	DiagnosticsHub.StandardCollector.Service.exe
Token: SeTakeOwnershipPrivilege	4904	elevation_service.exe
Token: SeRestorePrivilege	1484	TieringEngineService.exe
Token: SeManageVolumePrivilege	1484	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	2980	AgentService.exe
Token: SeBackupPrivilege	2984	vssvc.exe
Token: SeRestorePrivilege	2984	vssvc.exe
Token: SeAuditPrivilege	2984	vssvc.exe
Token: SeBackupPrivilege	3476	wbengine.exe
Token: SeRestorePrivilege	3476	wbengine.exe
Token: SeSecurityPrivilege	3476	wbengine.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\05e03ea0412f9d86c90553bf1d36afe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\05e03ea0412f9d86c90553bf1d36afe0_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4284

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:5068

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3336

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3272

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3768

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3860

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3936

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:4120

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2952

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2268

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3028

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:704

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3824

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1364

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4208

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:456

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:1764

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2980

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:4336

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2984

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3476

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:4700

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
PID:4752
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:3364
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
  2⤵
  PID:1528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
2.2MB

MD5
593c263f94816ff53f04a1fa95c66a77

SHA1
6fe5e35cfa9ebf6ce88adacf4468dfee082317c5

SHA256
a60e17bf89511157d05b9c1ea14cc8adc0803ea4994d3208f8aa00e555d35cb9

SHA512
4254f5762d922dee380c1370c7355be33ae8ca8d5b24476c7dc47ae84034a462fd1bbd145e9f2478e77ca0ba33e6eeebda862b2607599d4c744673fbc6fd25be

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
add4df44544a23d7b9ce5db1f3253e24

SHA1
0391367d3797580a4c2364b2d06fa4b397481800

SHA256
9432fdd9fe4f6c522ec18e7908cf562d697e041d3698c5a62089b9d358113d59

SHA512
9de12c28623f01ee57a4bba9845af2b62c46dc80b87d43eb25910ca5d0324f672ea5e75585588d7de3e80679f43efd9b6a4201349b808876b6a965b6d8b66257

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
2efc869a7e8cfca4c135ecd7acdeaac4

SHA1
8772445ef0410ff93389dd7a374d28e990e12a41

SHA256
3cc5938b79e6dc8558977f93fadca69212f5f580b58d6c4257375cce31387864

SHA512
d1a49b4bcb394b5de2ff5fcd4524de5c119fa14dcd14a1d4286d7a97125e74782618bb7cf9bf8947d3df8f729d0da316538a9087a4d3d75b3502e6ac482ef7e4

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
1dd16e4dbb7ef3945c1a20306fc7ae32

SHA1
8e04927d24c5cb94af41f5944a604de3850b76c4

SHA256
ac935d4031d70c50079651fadb867ad67ab8e76a476cef46fe34684eb316492b

SHA512
449dadc66f37c2ac01cd444c1097418fd3291fe7321828cff734b36ee19975fb1b3e746730e483152d9b17d0fcc6367ec2b9294faa7743aacbde8983187e3963

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
9a55a877c171d1ca6731b400e27d20c2

SHA1
6a5176fee1efb327a41e177e9139c2984ad46c8f

SHA256
aa1cda2ea4fc0f2bb8306444c8c93c1f45f05bde3754743b8a960339ace141e2

SHA512
7279ae2110f59a939a74b044a11d70bd40834ad061c26c0751ad6b2ed5f7f9b2de64c4835c16ffb1d3387d9b1b4560fae423678fc57fa2dd7fb35928171ebb90

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
4c751b6a4f50469c646a4fdd579021e7

SHA1
5babc32a4b0028820148af21a104d6f7af8df5cb

SHA256
0eb9a787b6b0f0aaf82fe992681c41df636de16e705d64d8998e8237993b439d

SHA512
106942fe3db9a20b442ae60ceb9095f2df1175b778d39cce4cdd077490d2cac50cb0b46561e3d911d18f333e3a50adce441ff772964e0207ec9d5dc1cf9231f1

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
23cebb0dd663fff3fbdb8831870d7fe4

SHA1
98f0026442facf42b71d5412bf9dcac1f4aaed3f

SHA256
a08c4635d3d3af945085386b4180f5232db88004e4d487affac1b3f7d8e0bc72

SHA512
70b526ae00a850a2cdd8477671e2b64dc78fbdf467539f3621186de4d75175539e030475cdbbfd601ee85a57a6ea9b7be61da8c4808dcf4693a06a9309b6a88f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
634c95152d0869844b6378e7164c22a5

SHA1
159c9cd1a431843c3482d1ebc58bcad4273a5367

SHA256
93dd2653580c5925c687cf77c019d294dfa993d2c55ead54c48383dbe55cdfb4

SHA512
70e1d20c4849e66eade8b02607f4e25d63176d2deb9d9c1ff88e4f89e52ccda55abe0cf7fed2c888eccc1c040f33f0a0798d29ff7921aa61949105c84c531554

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
3e650ad313374be7eeebc6d2fec9320a

SHA1
e48467981e73df7a8434d3d98b59842c6e5a6e8f

SHA256
b19944c370e0c74701987094ea91ad5ad6c89c559ba612c8b903be17dad652d4

SHA512
7d2a99b73cd5f73a66f48fc743e95f5b6a45c750940d1d9c09cc879770015d397777df8bac85e0edb17f1fac1e2fc8713d692209742567d09843d1bb5d7e688b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
9a5a229fdfca583caf87fb3132a992d4

SHA1
485a30a7e093924b611d25fc3d210d66c0870fc1

SHA256
07603875bab345d412f0e00171a949a96327d0ab28be07f6ef4e1969f1bb2fd5

SHA512
53052113d820eacbf5e5fbe3e0398cef52beb734d3b2a144ab64836caca429a5e96254bdce60c30a698efa5af6e5f8d8cde773150ca0f8f229550d7bca802a9b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
05eaa29c0c7ebeae495315e7a9348a64

SHA1
9c0d62c03fd3b0f1f568d570ba941e25a237fa66

SHA256
b46541c793590d8eda782942cfac2e3c4c6a855e76322e9538ba1f1f476ea723

SHA512
944d71b9b6a7f8f4011f2208770b7f7c0ff4d41ded65197049384c39e4d11dc6019f29208ebfc85725ac0d018b3ad7dcc3efb0dc2f82b14653c115c79df9d369

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
6245d181aa69433b79e35e2da4b5cc78

SHA1
08f46f55daaf22a9a62c681370666760967df079

SHA256
9ca0808c859e9274e4ad1394f5bd9149709c07ffb6f82a3ad91d298b2335806e

SHA512
ff5bed1f75bfa500c3a9c2fc0dd77ce6959a84ee549538aeb284f1d08ba72341cca0e0a22b2380d2a466d096114d8f9ab7107d479b09174a1a8f41a6d4af951c

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
9d2591d4409265a3c28499b25af3d041

SHA1
2e4b937360dd1e6af768dde345506af72b9a72cb

SHA256
f653c2d13bafc9afb6aceccecc085ecbcce122f4b31dd37a8b52eed2ec9dfbe1

SHA512
883e22724719b276b2c4a8dd2e5e4ef1a1d464a7c48cf009f801f097347224ff7ea7b4e29359b1f6caed6e6aa0c75b178dae362a28127cb5127db034eefa5372

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
f34de3eb7a5faa9fc696342ef3ac9cc6

SHA1
928765235d7d04d25d0cdd49280393c88722487f

SHA256
0d879d14fd15adaeddaf4f060f508e2c6a7c8aebf6a760dd280ffe2ff5fd7d86

SHA512
45cfdaaa32ac82f7aa91284309cef97fe526ad1e5e1a5b550fc49c2fb26d1721046cfb4f4cfa9d95f478bd216a03f85f1ece36a1f564331ae8b7990fe3bbb280

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
1dfd286b5b457e792b39f398792e31ca

SHA1
594e541f8548bd4e52eb5d27d25c7ff00ab2861e

SHA256
5ede0923543a70127b4acee6a2b85843008737a0334f68b077c8237efd0762d7

SHA512
4eb2a2dd3ff6f9c5c14fda16fff46a487009a86a0081575afeba9c06f79a0568207ae642eda6871fd15c2758a380c4bc9ab151afff8b6854e4a65cf9e5d40b45

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
33da0866bd93523894f8ff917fa90ed1

SHA1
25746d429db16098d27d19bf2b0ad5363d4746c0

SHA256
932d1e69fe13de267e69f474c6ec936b0ab3939a939be95d7d2200fee87a26e2

SHA512
7cf01953d0dd6273a4dd6057fe4b5f278d2e450c23727ecf642523f2805c6610ca800556361ea581e2205d97bcce3da8a21216a6159b2dae2ce614aa48ce14d5

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
aa83b595ef214afc23ab5ff7176be08f

SHA1
f1b2a28a524ce55ef61c83ec404b8e9aabb00a4f

SHA256
1620744874247678559693ef6afd4bd0723f1d63c364ecf78f940567faa232b1

SHA512
a9efbd4b46639040ff6a880bef65a6f1d6b454fddabe197987196bdd8e0694635c7026e3a3757db49ba206e94709f297f3d0e170a86e9c7627f6b1e9d2be13ae

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
56d9ad212ece7fac8aa35127f6ada615

SHA1
6a91749ce2abbc806f5fdf938e03cc4bee0c5562

SHA256
0186d3c59912e43e953e1890dc7b7b951ce4889c063eb6dd24325ea975391953

SHA512
d301208c9e8ba2d7a305f29f84c0b72420904c531224438fc2144b31135e32fa4807eb0c77bb5b0122c82177ceb24f22b9765250dff0d01446461bc85ee427f5

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
9f87f3c7842c6708cad7523aab03269a

SHA1
9d7a0b9adc218571fed856ba6330a2fa002df4d5

SHA256
a6deb34603aaab9803143ff2f8bc1586c267ae3e042b33ed87145281e71b798d

SHA512
9466fbf037b9be97fdd9321155138204bc624672380a23e6d2455c764d233cb59f76243adfbc14b9d6cf3e3a519ee426a003c0b2de2e45939833ccbb6c499b95

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
8354802a2536766a49e5c724c19d53d0

SHA1
a9b4f4780795934298648d61077cba193629c156

SHA256
8763d07f43d3322fe1bf2723ad82e5e5bc5062284b4186cd0e30ded20f0d37f4

SHA512
8fb6573be3e607fd466b95ac8c93122455c7eda70060fdbb13881129c7607d0c1cae27a98747f9b65ea170678cc3245b045a6f2a7707d6496f54f4045c09f7e4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
87e0a36428f0dd8e9cecf5215aea93f1

SHA1
3474f3adedf4e14ae495dc692010bd67bfdd9dfc

SHA256
5e96bc5e030a0e4c9984dce20d92b73417624ccf908bf8e0877970da41d21ef1

SHA512
544171787f07593e20629ff2850494605a70203b99792defbcbf2dfdd5ad5e1dd8a4f7d5320eb1f350973b9b7f66c7b5c39d71877382395c9630461c9bf309f7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
bc3d524c8942b87c2a2a2d51b59457f3

SHA1
0aff85e92643330beafa9d2dfca4e2299c3463c5

SHA256
1b860dd27acaeda730364582c39295b67bc2b706bed724e89880b4dc72281d7e

SHA512
6775f37fcd9f4110bc487f1de5c167e16da25741ed0998c717a987e81ac5707cf86c485b844ef1d44de6c449f4a7d2d8f76fab65aff27406a9e24ee648c23385

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
454efced3a4608b6fc8afe53677edaf0

SHA1
73f70760d75f098e262765b72ef9b19b143fe3c1

SHA256
2a2f955e0ca81af276d55ec5d69bebd0a3e6f0f9b6be454e31cbd04a889513dd

SHA512
6d84d2e2c4d1f0251818af65635089197347e1ae32f5e941a6a180e623a96543a3c59305fafb6ddf76018d83265e303d17da2af6e97ecc6dd8ebdf3755046916

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
4d84ee9bd567a60f061540bfad43c967

SHA1
7d09299191add47872b3a85fb75f5da0a1cc60a9

SHA256
94a0d51a493080368db51ec69228879e0fcf9fd269030bd0f0ebb79524d0c8ae

SHA512
9608a39ffe3e45c86e0b5dad9d332a4a68b5b01731946807bb970d60e16c0cc1263fe41475ed898c3b9ce8f8a6bdf8ab736e73eb111a49b26c68ed962eba20d5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
986b5a6ff6e52dee44d6fe2c3282c97d

SHA1
4a3f2f98b38c965cb0d5143b9ddb56c0e46c05da

SHA256
5e6295d71f24ad109b1057a38e85ccad0d1bcb911a2be88ca23ab751f4280d13

SHA512
9b0e90552f74db3bf99b2e8347baaaa6fb04b226da89478a7e37b65549670117416f860109e7445e742bdc6f52d32b81600b6c5e47e9cd78ec18ec8d38b6e6e5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
5ef16349489b953ab11329a96be26ff3

SHA1
7b5aa229dab62146bb5e4542975da5f921643999

SHA256
68b7f96bc0124ebd93290cf3e21f9c4dda09bdd32a8f806d194205461c0214a2

SHA512
5f0e57afeae0834df2803e358d2d78dcf89633c2d83ddcc8c7f016d194d1e21114038cfa71ecddade117a79a51a70811d7d055cd942661c742f0383c623581fc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
84c795969c54a3eba486f9736905efc4

SHA1
493463b436f0f115b92e8b4a2900a262fe022741

SHA256
f28157114024a99b7135ede1776454cab7c1517666d5c86fd05eca4b3a0a9a1d

SHA512
b1cbe0caad923e7110cc6be466564240df995ebda8122a5aa3c9dbbc693ad636ad6bcc3ad3f30b230d1f28b3a85e599fb8b598806b60b8a9b6ae43e2aff58738

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
400236c2e60f73b358936e72a4a921af

SHA1
a3e1f814f55f2c8eedaab302e84be8bc32cb7f12

SHA256
1bcef48af7a4eb4355de4556796a8a0305f4a05ace3fbd8147268707e30d1940

SHA512
7031422d890f1f60e1fb4612ac5a3822b178b8f5fdfd28525826d2fc0696ddb0f3a4363fed55603e46739d126ed3afe67b3f5585a40ee5d50b56528e126efbc0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
8978b5d6aa1af8c9bbf3f5b1910ff5ad

SHA1
e537188ea0171d244f1ded04b5fac47ba861049a

SHA256
a4445b56c6dea02cdfc6f05f74eec9178f2943e911dfcb767a7d42f0d8ab95b8

SHA512
3b9990900bd887ed1fb78fc8b4e7fe21afcec8bbee09803b38ecbcd94e60630132f0253c1f71e7882ce6a86ac715b5795f90b837febad2f9497302b8cc0e40c2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
b3610f63713ba4704d35e384b44100ed

SHA1
a092a681f2df0c10f4d7d5e0e40b8de71c73d9e9

SHA256
51fbaba6c17accea3ca8c2cf97c93990ae5ca481fc502f7323ab1d4451278ea2

SHA512
8dc0afe9107d9466ec22b67b9aa4179356ce9377e59e9a383c6e42b720b383bf0451180ae7042fa7d9b66813ff1f9ce00bb3af49fb29cda6b00e00be80a1068b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
d7346334843b1915cf33344f2f998337

SHA1
8239165aecaf8c2a1b6aee16742ddca58abbbef8

SHA256
437d2fa4c2a868f8d89779589a8d3bf182cc9665791ae5cb50fe32d4c2f6bb9c

SHA512
0e701dc248ba902e8d1ab1e0ed1ab0e869e8da0fdc4372a2423d2290fdedf2e46dfde4ee84f136930b7c6d276b35ccf167418770c887cd8c1ca170b440e6a453

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
aa46d64734ec287bafabd3ff9a288a6b

SHA1
3f47d82470b5fa362c6e3c54f2f4b5c4c1cf264d

SHA256
d88256d608380d7cced290be281911134b1c457fbd1ceabeac46838029dc3e69

SHA512
b7090dddd1a347b488aeafd7b28224fecf4db07fffcf5b36af78fc8689d5bcf1d8ff698bc0bf576b5baa29579842865e9be35597443ebc26d61f280a65cac2b5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
9af97f304c8f1e5ecc5d63d255f1a1a9

SHA1
8c360f51465cf5bf4f30dd9b3e320615cbb9945d

SHA256
031c276c73c0b7f0765d9017aaac99cfaac585a99b9ad8dbe84d3799b6782520

SHA512
f2ef39900f91a0d2dd2377bab372ed897064504ae34174819166ad9509d3caf6b4233c35a091fb5090da763a1df40823b308aff0a3b8d6bddc671ae26b0ac008

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
5b6c2f9d083393ac4c12664dcdf4a33b

SHA1
1ae594054caf581461903ea452019898776c8611

SHA256
1c316e78bdabccec1b22d7d9fcd106fb04cc4913f921e50b396ad52f4a5fcf25

SHA512
a5e4607b122f9fc51e74f17628d042e64e5bd4afecec1ff8c517966a212c1afd3161ff81f29206317e512ead7cc86d71c9cae478d9819ea2a43d41d4f21ed271

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
dd48dca39c264f4286177964df454cb5

SHA1
caee5f037aa0ad00151052cdc86ec3c3b8e13878

SHA256
9fb6cf75c6a9d318fcdb3c85b68c8e3fb652bb41bf0a5677deb168d63d291230

SHA512
3d064c81ce41db8b2be4c5871184bd02638924bf19c3cc71975ab376e985640381fa9c3cdb0062242f7b39ae9fe9135595f49cd3b607f8d0fcf2452356e75583

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
f09ff63213f0ce66420e8dde1b7d26ea

SHA1
a6a5c06356d95196700ab33eb6c1a8bcfd3d4d07

SHA256
34f9ea23898cc96db5e44545338b1506576bbdff9f19469d657c7b977c2d511d

SHA512
00d16204c9d52f0364efd0ea6ae2d9380e4eb38c71eddf05466479d01859169fdc0144423ad37040a21d8e267b5fa8fe5859c7be89a477f5f8e334d87e5d2a62

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
cd528319e36e8cb3ae1c6a47c66669fe

SHA1
a7917ee92e618d5a887de2556634ed1e78b7f406

SHA256
03ebadbbf9dfa8641253d15a468e172ab01a5dbe0278b86e3b55b3feebb1a90f

SHA512
3a2c5de8aa55b75a52bd381eefb19e7e1c1a49c06c4cc1cce3ca9b9b8994ad494d2b0bbad879cdf24408db7b9324ce7c0c89912a520232e66f6848d4e66a3655

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
69b350ad5677a77eeee3567c5a53a30f

SHA1
2dd4062472ed96160258c35819bb4a07eaddfee8

SHA256
34a99758996ddf7016f9bbca07d80e92b548f308e491e5e77bebe4068b2f1696

SHA512
066d5215308470cbee4f081d37c9e9874f17c2058d336d52757280aa5d504cade9f6e88cde3bd066015a1ef0c319c25ede3d30e0169ff87ea86e3a1f50feec97

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
e02627bbb56f1a81cf0959c4f44ecd90

SHA1
45cf78be8c38394644bff156fd1a09315eb82bb2

SHA256
de6c8643b20409c1c79cde00b8262dba2b53caf5c8f244316b9ca14d8352c8ea

SHA512
12fe18361d386c07b4dd3d4b38608e1eec5020ddcc1c335ac7b13dfbb76eade279d772245df984f2df72ec51ce71024032b9af9fa809e35dae8d3f8542848cdd

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
696KB

MD5
b8211249289a74fe065b1f7bcecf76fd

SHA1
59fde931293ce3f3965d6672ab254e6c07858ae8

SHA256
7977dffc6b91f0ed84281dc9d50c77cdc7a488e8a742bec08e01406798f8a7c8

SHA512
8128078621b38523e70115ea350b07b1ca32e286448cf2e16399572b846d5204df9e48b4b8d4652344ea7a0aea81da4a6935d3c52178f4b36332502a50bcd92e

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
484b14359580dd426a1883e1a44bed57

SHA1
2a75c3cd433d0d8cc03765b341d0a5eeead92bce

SHA256
c35a9b7a31e88677b055b224930466f1f8e012411bd86416c083e7c1df813181

SHA512
d1c4d4adf5c8ead537e2bd8cc23f66b86fb3cb68967ac22e5d2ad979011a2ccf9f4c9bbefff82ae361e2bb833a8a3037505d64141530e822fb7ddf2d1444d0c5

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
62e4b359ea5002bff456d4c1e08552cb

SHA1
673e3da6edf963662fa11ba3c8b0f33c6245ad2e

SHA256
ec254f2eeec30743d729dac55f032966e7b178c145ab8c15fea0a72c3a120996

SHA512
fac7bad71f4377fb1e5140df28ec0b7dbb28ac8acfc00c9a8e1ddee525f69a8ce561ebd669222537502425dc82d3607e6736cd29b68aa92d7fafb7411447f49a

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
ba9b36d13b76c50c12c076537a97cad6

SHA1
3e9064971fedd0b3fcc8890cd449288d9afe9fc9

SHA256
6b357d56dc4a816c9d463fe50a8b8a58d75bd6d1f88eae8beccac8ed89873bb0

SHA512
182d43513d1d6a83bdc2beec9e17a656edb5c2160b0818de5d81533ec29a3d7e9c7c895e230ca12da88bbd1971097c260bd595a6ccc0481e9465b293ff6de8de

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
797c53091c632fe3265141f488459ca8

SHA1
a393e4ef9309289a1ff5701537e175984331702c

SHA256
f1337286aae57160d0546a3e6a43437ffe026eda221e47c9365ec457e0cae665

SHA512
aa0405f3bbc5fde7fb2bbab1326f660184ff5b3c889d8c2f6ea2885c1d818101d78f235ae461b3ddb9dc8851030f8b1fcd69409315c1fd19e1bee30040b2d60f

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
7299a0b1b8a19aa745796f146d30e214

SHA1
7397644243113d82f3ba0743fdba3721c5662575

SHA256
c66ca0915c337a91638fc67aaaa69770ba5f9d3348b1147cb1f0e8c11f206000

SHA512
86241a7d747621860493551977a1c0cf46b969b1c2230730788fe4d8f565ddc930b6ec1a9a86f6206fe6ee783a64b6d10356c83147ee753a12409d1a1e0d60c2

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
db7f730da4bb6cc74df1be76d4f556fb

SHA1
7f84f77bd06df42dd203d2f0543eea6298cc59d4

SHA256
8ba2a575366a67901a54a4ad307633fc0e94bffacf47fde5a26339c0cd3f2c10

SHA512
e5447864db93f3d378c58d2c07041ba2ccbec6e5b1f79042acd4e4c0de83411bd9c820472cc87162932e7adb0c7606c5f51acbd139e9b3fdec4a8fa99b2d4c8e

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
22cfafa988e8fe2bdd57358457ab2720

SHA1
758107becbb37234db21d33d393bf1156faf51f4

SHA256
9bb5b19287f47ce51260e80d5661cdd5364bfc041f0ac0bb3f0c0fcd5c3a0d7b

SHA512
60691b030df944dcd5a0b5a80984dbe16791843063bb52ee53343266ec2b4d03b51ce185d9aeb15b35adce03085903fc4ce2d5ec5fed1965f9bb7e9e784e323e

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
01829e4d494268b483e2d9fd937fe944

SHA1
8a609962db9ea8342933bdf4f0f42e4193f00fa4

SHA256
204feabc0f63d7716cd1176eed877f38990e8b5a9a84735a6b1e657cc89973dc

SHA512
d7a15fc9beabd2b5fe8d11ecf989523d0429a71e1278509faf245e332495c8d6066028143afbb470a8e2126f01dd7bfc856f1d8b9cda23edb07dcdf61438b765

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
8dbcbe286d14abce5603fad45d48b032

SHA1
fbdf4972ac4413a68e79f63c4bcb840d4f0c2200

SHA256
605b4c65f038033b0f6bcf13ccb718c22ba8c78cd11dcbc7f47cad7f73124e27

SHA512
f9fb7fab6c86762f7bd161aa426f6c2219a74330a1012e98622ca750742e1b0a63f87dc7da6ac458aaed8858bb44866c3b7ccd66a79a853253099cdbd1d11691

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
d890c9e18601955b68d8896dcd9ee05a

SHA1
802644d4a638c795ad32c658fbc94b9a9603fb4b

SHA256
952d863efbcfaf69403984415c4c7c35c26af20618da7f1165b909720aa8d084

SHA512
57763a165c71a39801cf18a4d3c33137c84194c4e86e5bd061c8724cd7a8ca53151490b1ab6e3a5a39e7576172f99bc78ff53f46a0f4d5d75ead9e348658cfb5

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
6f0147231c05d51bfa049a2e7d60de8a

SHA1
b23db0cf038612800cce43dfd9863505f48973be

SHA256
a519038881446c1d126912f90487df6d321148420e843dd4372e0eee72d2c865

SHA512
4e1e884d21040df31faf9626e1faaac4bae0606860ddc83515bc8d3ea1326ed0e3a0167ad14089ded64ca06c6b08f070b70d56f9dd617f283a9a020e2e0a5dc8

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
e32cf47c47272220080c58acf9aa3588

SHA1
ee2fc45fd6b7b18500a04a1915cff5ad99d80d6e

SHA256
b387b2697e337cd00917fb64338c1351c04a04c293cfc800a7643441b9bde78d

SHA512
e049770c288beeddae2fb8b12583a8c10cb85ebcfd947902aa7e9cb28d0743ce303c3912ebd3c34e2fde5ce484187c2e1a1355727e7e912b7a84c8971a5b81db

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
cced4c9e263f511e9892165ba5f59c0f

SHA1
52d61a098ad7c1600f68377104bfb1e31b0d3b34

SHA256
4a64787a8820a170c5480ce53884dc6f2613a2f6394a1bcb58f8112335fe2b6a

SHA512
b0149a4c5b52ed2e1510c3b9c467e1f53057a592afd7573be0584b825909264d67b411d563890d74ff4a9ea5e06aa94f4bdc631c2e5d560155d5fa74b505436d

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
13837adc459ed4d7433ddfe16810e252

SHA1
559f18e61c1a2c449d692bda4eea7b2be582daf8

SHA256
0fdbbb6d89d9bf9ba8223a07dd1af5efac19bb3229e7e5423c3b048eab8792e2

SHA512
373621fccb4ca1255bf6b1b40c750e978a147d11f3e2e3c8784acb197b39d19e435d42c5c502a6e14ed9078c8a603bd206abf9d291d96528a0aad61403be0e2a

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
9a0de05bb75321ae4bc972c6dd86d377

SHA1
45c1583b7cca984a5beff5b78f813c6815e59b65

SHA256
d796e7ec521ceeec4378a5ae5fa55dd9ea8ba38bff5e7c7491e0cd264c749ff9

SHA512
d0c86f6a582008c26c9ebcb9e4ce9e4cc79e3b501709963c02ac5f4117ec2a6169762cb79a614a6343a25088bb3ed08a65c6147d9513d1fe898d40514bac6d1c

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
e2ccfa34eb63a1b9ce79fcd11935f069

SHA1
ae51f756c96e920b8815aa5f3bdea23cc97e5dd5

SHA256
d05b405833ebd4603783107f97f216786b1da8bf86cd7fc8e237392f7a07c7b1

SHA512
3816629f868dcc39df691f570ef79b20591d95b3d8d4731719f4892afb1d2b13e658963d400797051e073adf0c041229ed996eacbb9ac5722dcd32acff73d01d

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
aec401c2d5ca2d52e0d02db7c9125d87

SHA1
42847019d4004736ed33311c7458c9fcc80f2ea4

SHA256
a861a7f3c9f421b4aca40fe35677fd748422123ed75d672e7eb912e9d42877b1

SHA512
1d1fe5cdc4290cbfe26b79d82254db554c695b1f596d9f1136b3a307ecc38e6ac8f1e037a519c7c482ec05d9b2535a0b3f1683508ecae06370239a04e7796312

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
eb62e5621c3513c1247d309493d4109b

SHA1
7c802a6bd27631251db04eaafcb826655aee944c

SHA256
5b1b49ede6309901d5f035cbb2085a10bf3643a8df16f817b06cd73d6adb0892

SHA512
808753a8014768b0a19a334d46ffef912d7abc83c3117d79786507c6b47c2b185850f1cdd4fe3d6fdf2c0338c584204e03d4f4f51144dd1b7df834a6e84db48d

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
2adc4d9ea17779171b635967e6d5d8ad

SHA1
4cdd6203eccb811fabe740a2e1d05e1dcb5504ff

SHA256
a8be2be8f9c518619196a43ce84b5b0919616d5c324e0a086fdd585237eb6e81

SHA512
387d6833f2d61bd2c3a91c1f573a0c166bd116f78de4ae420bb8deb7bf52cf7eb95cce078613ed0711ec273da07e4482e6bd31b8fc2647f8c982eb15ab828e4d

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
7b72bec48982a5f3d8fd331849557d1b

SHA1
d10f6b41bfa63463a549a5c24218a7f21311c41f

SHA256
b8126fc8dd8937543d7d9f83842286fe3a56d9459791c22a84f3aaceac957bae

SHA512
540d2f2a22a11a6b236bcbf93902de079331cf36b073632c24987c2f2e8226d0eace6f004a84b573d1623f33f99befcace040afbdf943fccf825fa74edc9617a

Download Submit
memory/456-304-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/456-416-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/704-282-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1364-289-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/1364-413-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/1484-315-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2268-258-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2268-268-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/2268-262-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/2268-326-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2952-322-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2952-254-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2980-318-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/2980-320-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/2984-327-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3028-272-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3028-330-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3028-273-0x00000000007C0000-0x0000000000827000-memory.dmp

Filesize
412KB

Download
memory/3336-123-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/3336-17-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/3336-23-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/3336-16-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/3476-331-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/3768-28-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3768-29-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3824-414-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3824-338-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3824-285-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3860-205-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/3860-45-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/3860-50-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/3860-43-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/3936-67-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/3936-64-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/3936-70-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/3936-72-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/3936-58-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/3956-76-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/3956-216-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3956-74-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3956-82-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/4208-415-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4208-292-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4284-75-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4284-0-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4284-1-0x0000000000A90000-0x0000000000AF7000-memory.dmp

Filesize
412KB

Download
memory/4284-7-0x0000000000A90000-0x0000000000AF7000-memory.dmp

Filesize
412KB

Download
memory/4284-66-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4284-6-0x0000000000A90000-0x0000000000AF7000-memory.dmp

Filesize
412KB

Download
memory/4336-323-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4700-334-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/4752-339-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/4904-195-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4904-38-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/4904-32-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/4904-40-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/5068-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/5068-106-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download