e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe
Size

1.3MB
MD5

c2502c61c5afbe6dddae23eb0a33c87e
SHA1

86d7f370230fac9f3a7878b7d213b5d61e73c0d9
SHA256

e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204
SHA512

9ace6006d142e3b55ebfcf72ee07347a67e2cc09f3c6ecd664419affc4fd9ce920f989989d7f1c2a985b3dabc6121291cb8b8bc6684dc38ac5e384ddef622210
SSDEEP

24576:V2zEYytjjqNSlhvpfQiIhKPtehfQ7r9qySkbgedtaHsK+fM2jEaNZBqoeW7V6tGX:VPtjtQiIhUyQd1SkFdtksDM2jh3BqS7z

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
4840	alg.exe
4788	DiagnosticsHub.StandardCollector.Service.exe
1452	fxssvc.exe
2860	elevation_service.exe
3492	elevation_service.exe
3940	maintenanceservice.exe
3200	OSE.EXE
4188	msdtc.exe
628	PerceptionSimulationService.exe
4712	perfhost.exe
4624	locator.exe
692	SensorDataService.exe
4388	snmptrap.exe
4460	spectrum.exe
2492	ssh-agent.exe
232	TieringEngineService.exe
3776	AgentService.exe
2876	vds.exe
2748	vssvc.exe
4820	wbengine.exe
3548	WmiApSrv.exe
1968	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 30 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\f8259ab7b3e2edcd.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\caps\hdpim.db	e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Adobe PCD\pcd.db	e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpnetwk.exe	elevation_service.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	elevation_service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4788	DiagnosticsHub.StandardCollector.Service.exe
4788	DiagnosticsHub.StandardCollector.Service.exe
4788	DiagnosticsHub.StandardCollector.Service.exe
4788	DiagnosticsHub.StandardCollector.Service.exe
4788	DiagnosticsHub.StandardCollector.Service.exe
4788	DiagnosticsHub.StandardCollector.Service.exe
4788	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 39 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3708	e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe
Token: SeAuditPrivilege	1452	fxssvc.exe
Token: SeDebugPrivilege	4788	DiagnosticsHub.StandardCollector.Service.exe
Token: SeTakeOwnershipPrivilege	2860	elevation_service.exe
Token: SeRestorePrivilege	232	TieringEngineService.exe
Token: SeManageVolumePrivilege	232	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	3776	AgentService.exe
Token: SeBackupPrivilege	2748	vssvc.exe
Token: SeRestorePrivilege	2748	vssvc.exe
Token: SeAuditPrivilege	2748	vssvc.exe
Token: SeBackupPrivilege	4820	wbengine.exe
Token: SeRestorePrivilege	4820	wbengine.exe
Token: SeSecurityPrivilege	4820	wbengine.exe
Token: 33	1968	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	1968	SearchIndexer.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 4496	1968	SearchIndexer.exe	124
PID 1968 wrote to memory of 4496	1968	SearchIndexer.exe	124
PID 1968 wrote to memory of 4704	1968	SearchIndexer.exe	125
PID 1968 wrote to memory of 4704	1968	SearchIndexer.exe	125

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe
"C:\Users\Admin\AppData\Local\Temp\e3b43865ab465a68fcc02dc5ec0e04eeacf29ea3ea8d932b67e06823f0b07204.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3708

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:4840

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4788

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3248

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1452

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2860

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3492

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3940

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:3056

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4188

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:628

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4712

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4624

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:692

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4388

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4460

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2492

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:1656

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3776

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:2876

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2748

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4820

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:3548

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:4496
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
  2⤵
  PID:4704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
2.2MB

MD5
d4f1ee2e86f7837d5b6ff539827a297b

SHA1
f573b430e066fc36386d9cba1a1675bfa2cb69de

SHA256
256ca3bd74b8cdf7295d824b38e95e2cb16311c28a98440cc1dcc2ab6890e99a

SHA512
2c0a41f15de35e6b8d37d5b4afaeab2a5523de7a28fd3d31acb0864e90290f5fe420d51528098edd7e0f421c5119024bebf028097feabe17bf3e0844845c394c

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
fd3a5a4362b58fad20c8256f8fa5a487

SHA1
4564acaf41e4764f1e2788cbd54c85a19da793ab

SHA256
07d10904f4cf94c21da7115bcb680437ddc273505c0dc3f4b31d331bd59dbfe0

SHA512
1e114667a24ce098a4897a84c28e32fd4c6168c7366379116f50132e41f5a08c4048bf8877d43e0b6a2e74f66d8e2995858aa250a9eee5d8ae0da3ea407dd128

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
00cbfe452a3622b6d9de89594c34a4f0

SHA1
4c08f9668546e6d09074610275cce40f2a9df75c

SHA256
7029456bcd87137ab6c83453f6af27374565e31e4fdfc0a2fc572656bd2ac09e

SHA512
f164b9d6d41ddd9e94bb7dcb3b89f5caee6fc9d9e8ad6134065a41fe4347106d68934d7930acc74ff3173a1e56c7a4fddd04e308290548fe696268304e1baca4

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
2107876e20cbdc0c255df4baea45c300

SHA1
55ad5dc02ee960fd5d20b24d20e82fc4470e4a80

SHA256
f636c0f8d898ea18eca1008ff4c09edef6487a0d2fba334afafe91ec0530ac8e

SHA512
c9679de157417f12ccba2dba56f6b5647909b0d2b4c739c788e8403618c0c838095404f1dd92433f84188c76f91f32e2ad55b8f10cfe13e32d6c82d25f5644ee

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
b765462120d092a26d457de88644f04a

SHA1
8159bac2889a338362e8bd1ecb2f09843a084100

SHA256
370dbe600016fd6e7bb56816282796b93469a4389d9cabc76be7984b1421be1c

SHA512
7e279028ad01a43a9363515a3ea26879f94a139162a6452573a51afc12848dec592ac45084be44421ba33b1b73ec340c7ef8a2eee32c2fb881e77ce3aa6c60d6

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
2d2da0c4d8423b8edca3c9eed67b90e6

SHA1
f06fdc73829f1c900383d914b5cf04fca81aa10f

SHA256
60589270d714ac3d2c32d10aa5e70d02a9d4be929a502c6457bff70553001290

SHA512
d829e3bf13d6478d0632d0b33241f059cf194890f5ecf0f13f1c1a7db5f856621c33a0bc0d341223371fadc360e257c9d86969599d7fb3f4ae3f23eded511052

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
13665a68d0c0c607e694f97ab096aca4

SHA1
8427adf0f05a1172374096e744db45e5dddd1d31

SHA256
88dc90a7a5c57b1b38f94d3b66d1871cfb6c1cd88e9e65b633b108aed966ed0f

SHA512
fe3830cf543fe073b5aebbeaacf97dba2278340ab90cc7f180bc5e3ef9d1554974b346228337c295f1bc66296a9c54cdd633e4edc3a6b1287528a8826d422286

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
e324c51519ff1549cf9dc8c82292e532

SHA1
962809afebfab04328223d0dfe3c29f586d34865

SHA256
eec8d06a1ca50bf7205d85bb0e123e021ba720c858cd9d9e0d33b756bfccb548

SHA512
f5ae917c0fa52ab87ca75f4cc4b822b0ab5876c4af89b3ce2fe2e637da6c4c69dbc1ace5e2b018b7213e4b952231268896e498fbe4d3d28536a63222b51ba175

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
35a9ceef0a0015cf2f62dbd9a0338006

SHA1
9da08a3a5e3932536203a72daa597cd0b4c72a29

SHA256
30da093e99a8a53f46ec1ed909ef8289d4ba34807cf431fa2414bd1ad3629c5c

SHA512
15e0d1e1092050178c4817b66e0bded8cb392e43147c2ec4c48d1ef543af62b067d441b8f1867dc54cc1a677d2b0cd5f88a55142c30e4c127e6f613641401180

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
cad52374c68c118cd8f85b73e8b8d601

SHA1
d432ba8f61198d8c41c3cfc418effc219191afc5

SHA256
ec91009b22d154af92a705a5ae57686fd787dc42c5fa7cee7f6578ac54070c29

SHA512
c614a492ecdb432f33b6978441206e4a6ac572a5b5401019fcc252433a01590ac216c9d938e68ab312b5f2c8bfb87dc190efd2ae727e2d34a75a8b8c907887e7

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
7d34c40769feece50d4e7c1a50302397

SHA1
e7a080165d393d27b86b7a418508bc72ad8de32a

SHA256
b985828c016fc7cd4550f9d05e9b673105c5cbd66ddee0fd0473944d5e48bbda

SHA512
c6bce7d30187ff8c889f3e07326b971323c747881bc38c744fad77f6949c44c34a6b771098abb4ca58d0dd7d024a3b76e328a64817e88a1cbd5055bdaeb4cdc7

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
b4608f4236af6f080dac66539b7a383a

SHA1
e0579a401fd340f88aded166d6c67dbe0a006353

SHA256
8499b37db2254fc9825f323ae1712c06dfd5f5a0106c40fda3bfd32f794019a5

SHA512
489ca2418275ddcd131169be56b430b1bb584c2128799952043f6e028ba22bbfa41149109acdfdd2d9949c0ed7f773a304760e0e15533b698d9d2293954c3d6d

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
f5f07869807d329ae05f344871d4da3d

SHA1
526b7ccac89cca17dab8f9efe8a03014700cad0a

SHA256
0d3c5c643b6f2319dadb5b4762dbaf46980e6548c0ccf75f3b309c6fa8ad406e

SHA512
943ede8e87b513f50243d204c91bb31924b379d3b7bb2f70f8914e52f2ecf602198971a4dec1435ff68de0cd1bc34f6c8114cf9038ce9e24a6f913a7435b6b27

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.2MB

MD5
f43b23f9f2bf9129db406eeea09e8891

SHA1
8906d7d63fb60f54eb2bd2b19cc652b28db0a38c

SHA256
c6dc4874542a07d1f1d6fdce093ce61f1ffc7464c1ad6bbab8ecbd0729b9b485

SHA512
24673bc8c59f9d64e0ca4c71d48dc94f1664482be617841176b3c7221739775be6d25b96d74959e4016de7c0c87e3ff84098101d46759b6523c970e4d5357062

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
77e0e0bf9f6714981dcf91c93f3c5e65

SHA1
132ae2917bda719cedc1bd3c30b46d0a048aea9a

SHA256
6ba7addd9bdea63b51931fdf8f9e796c2146324206798f75e4161d9eb5343987

SHA512
03793d9157e77aac8e392fd84951244df59e9da998e190768a6dccabfc3145cd79be2056d5385d3b65ea3f69d22e8855f66e4f7fa8a203c691dde31786b1a9c8

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
63bcef847b51b97803443220d332de11

SHA1
1ee2d8928dccdd977e60e9a9f9cec8908b6bed75

SHA256
f8f9497e8f678179850fc1c5596ea63365083a9c62ca17df8bbd6ecd111859cd

SHA512
49204d0bf51acb0669c136f60049f3499f33ead230b75fe7f14d045c35a3ef09ed1afac9a718a6988c1be33aede5022ea517b3d2b8bc1e79e3fc62433a2ce7d9

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
46fed9450fa1870d5334a164c200d367

SHA1
459f277fae166c5588e9098ebb2a650a1b21df64

SHA256
afa91947cfb1746a94ef4cc311c186e2f3240d3691aa4e9ae6145ef3ce82f98e

SHA512
f1550b19232e8b8608b4eaaa5409545be8de2077854b8e614eb60c7b8ab1cbfd823bf9ab4e8e9bca4a254e1f935e673c315fde885202fd90141e48db3ae6a372

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
01a27336c414364f0d792754bc70ce2e

SHA1
f52b7b5b774ed7faa2c65292ac3cbaca99a0e4bb

SHA256
47d4cc2bbc6f98ee5fcb245f0d7f7de037944bde26c5e087f48323017d0bd92f

SHA512
1890c73bf4f737ccae116b3b285a0bebcf10d9e0ea7cccea35170d444f0fa7bbc074ef6cb5ae74dce20b4ea448f7690276ee7d89c55f4aa95584d6a465bf0393

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
9ccfa5c2dc713bacedf94080d10186d1

SHA1
bcc78789ae0f6637ac12f45dec84273620b7bfcd

SHA256
5bc2692a5a44e8a90e0baa04387a129d9ed1f582f7412b63b6da4fe95b42a874

SHA512
b1e62a7ff0b9681cb02d0d71440bfd9fb8c55bada332f1bc7a38b287f986f42f0ebe5cf95e580360ae287e0d23bc2fb2cb95b68de4468f76ed58a3292de9027b

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
cc37057f2d35f15c90c6eb265d8c16f3

SHA1
587945ab161166b0f552bb1c8ef1a600cd7cd655

SHA256
0d2de09eefdedfe736fe75f7c51707d7abc32ec9b50fe4fdf12bc20864662451

SHA512
ecd38c9f7124454b9f7f04da95c682ace7b1894e3e02a14963e956da66858fa16cc656e76357ce28ff5d0684207f35ee845693804362a607a573f9821f3d04a4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
91a932f04f77ea4274eaa437f8cffe2c

SHA1
3368593807475dd4a4d12fabed6ff46c987ecaa1

SHA256
ed1651ad137cedc7e41975e1499ab5db329c45762548d47bbddc14806512f71c

SHA512
e58da2f3b4eb93cd8f86681819059b05afc3a73c456c40f79e564f05fbbbd1046cd9935ede96c77ec6892c7ca706292b96086f16fca5b22bf44b7c05f9a09f93

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
455682c0ec80dc4ceb73d3dde357075b

SHA1
767ea9b098fcdba857c0aea91a00afa9dfc2d927

SHA256
ca27b0f89be7c06d6272f45f7f1138c8c393dd8d7ef1da960dc468b38de5ec5f

SHA512
093f377d79a657ef7c1156445132dda2941b8636974430d25a4fe4795a9b759d408abd66c6fdd2160444e8a88691082a5919453872ec7df963ca56cde5b6bc39

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
ae796fc48ba0a03619c756c3e5cfb33c

SHA1
b4bea29fe2abee7104a9bb8395b706b7adf8b41d

SHA256
e07bc352ee97f917788f62119987a1c8758b6dd1dade99e3cd91a6ecb5343e92

SHA512
2f99a35a309f9079f3c9ee9371d763eb1406855f68f099c4e67252da1b66c806089640ba406a24636dfb34559cba87e04b5873651817bf25a1aaab4fe7298623

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
b4249a24a855ee0715da687dde59e690

SHA1
a146759f430e00aa572ecdb78d02b1a5d0411689

SHA256
6bc18285a8ac6d131516c017882d720acf2d31e75120e25a764c06260c55beec

SHA512
8fd0363aaf8af98b0015b5a89bfe4b21400535b58de3f6b0b05888c013af2a86eb4d2aa5adce0b325261a1f6ba3e790b54eabea053eeed59855ede8e0ddf62d7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
3f10f716ec5dc614fb61ab082c5b831e

SHA1
3043d30af17ee1ed2f0ee7b2036137abee789bfe

SHA256
24bf05e5be836a2dcd376edeac94e9cc49a8f8bbcb85255d6eb33cce578803fb

SHA512
37ac6e44ee7064e46d2186e1152c397a823c913fba6e1ac1c1a227ea3a78b03992007631355896837bbdc1eaa9caac51a0ebffc03882a10b451d7d856e658019

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
39399f693067fa84eb241f748a87ffe0

SHA1
bfa402d25a0f0f6416c08d3cc0e91b53d9a0740f

SHA256
ace84214501c7e4e6d498a24e41a7448eba157f1971265c5a69e6b23683a3e26

SHA512
393192dadb8c66533e3a346a566cfc13e453bc4e1b14197c399b26a71e7b331fd0089820d90c749cf348351685c917b2e4dc0248dac902fced3728b7b7d8bb2c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
13e86bce353adb4c8a5e5df01e9a8524

SHA1
948eeb2798c38f8ea95a347f27df16119e37fa1b

SHA256
e7ebf94082f69179321c29be16bddcb2ac36631b5a0e2122702590c531665d21

SHA512
cd2aa1780e6a314aebedbb977c319ca5b95444dadef0d08b36e5ea2cd4a4433889eaec2b6ff276e9615f3a03b8047a55d6893995bfef6f8937c6434c0fb54e72

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.4MB

MD5
81b86ba70ae6bdab18bb5dd8cad2239c

SHA1
7f364929603e72ba191d424c1f5c2642a6f839f5

SHA256
cb3c56709ac035e2f0bd548b96f7db30e6c2b1b94ced38f590c7759509c2acfb

SHA512
2080fa61c6966fd3edab063c4f2c36b949b692a2bc4140185b44edba1a1366b2cdaf3ffff8cebfee46e47c87328d20de8b79c8b7817b5bf502ba6e30d6974d41

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
2cd71155ec8fd30406b843e56ceed4f2

SHA1
a308321841c5155005de49c10c8141fdb4f6f330

SHA256
c0400c22407a715c1ce23f21965b93c3937bfd63df9e76c82085cc5f49422981

SHA512
aad71f9ddf50a3f94256a4807611205f04ea40144b146dc91511f7679b48a058f1687ccad96fd2d580e4ef39e165bf057eb74f8f78a9c34fcbc790c39f663511

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
e872017f6c87f2b031d01fc1d51d83a7

SHA1
54aea9d00f7ac81466e7913661d022a214f577bd

SHA256
7c1dc461821fb45d225a1821ef15da4a3ca1f793b33de20cc64fb784df89ee05

SHA512
7deefaaa9955e47f906a86a064d49a3155c01e76c37657c88e7526d3d8322bf06390e05dff787692cb7b9ba17ed0f455cbac678e522826349a46583710226d51

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
be2b070aaa00b56c259ff66b83cc45ae

SHA1
b6e7d1892ec0a69caf0bf2690d5ecf6faea22d65

SHA256
950805d6ec9ad46705d4d46524992c922c0a3db8ec7c81db53100697e2ea9055

SHA512
c0150f167037bda7724c0056af7d9dd52c73c298bc8737f193e49bee8d958b75908a8feba1e06090b25b74efe3e27f1952e72916807a26cdaa7c4c782c7ef4c1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
b8b157af8a0098dcff1cb3b59eb1817a

SHA1
353b4b9b41f2e53f36337c7ba4ca3734e1ff13d3

SHA256
629f00b0e02c02b6ef6def7e974ac7825fb314e624c620edbdbd887dab156734

SHA512
5e9c780ad798c1441a22644ffd06ecb06e0b6b539cfdbeaaa8aa372c79a8fa4f3df263029e791d93e5fad2ddc6349f93f415ba3011b01b98029bcd102f239bb8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
94f62729842f44eab9a28c90ab14f78b

SHA1
0b6f6414e729c853093d5ba58ce7c1dfcd16c777

SHA256
2b862085682d362300049f1fbde272a6c9b6b05189d1ea66fc820a9ed957f1ff

SHA512
2cd82e07eb289e23a3ab4da249064e7846aded57a821be34c1ea64646bef2b9a27340f14d46f77b397cf3ffab19f5a5ba1e94808cf75cea83ed4ec9e92fde95e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
9891a6f2ec562d2c384bb5dd913fc4b5

SHA1
8b4727b078c42f6a40d4a1d21fa720fa288b9d20

SHA256
169bbc7156e08d3887e2354e3e9799c1ea2a90775a3dde005731a1ffd6308c4f

SHA512
3ee0502ce3d3244770d7f09cd6c456bcb30f2259f3c17f96288c89cc53fffcead00b0b583123e497981d109fb90fa629aab9e208097f66caa8d8cf19628f8bcf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
5dd6b496769b984d041b1d85bf471486

SHA1
87aa65cbec0bb8c208e6dc14f8760606e3a141c5

SHA256
8c67ebd6c9f2b64115922562535bb2218218d02f6946cf29d4b120267da21b8a

SHA512
407fa17707e9813238c1b74620b03266c72617f1f1ce3fff614b6e3c81f40aa402194f518fcfa7a4867096ceed9c41836edde3b48849f2008b35d9a2caafbada

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
c3520752d8d239435dcc52a0c7bd78c5

SHA1
316ea7c77ed84ea6a1b2013c0b43c543845cf26f

SHA256
bf42bc818782dafa62c77b6f196e15bab4024bfac624ec269a70c97705a672da

SHA512
4018bf69d5e01dac84e9c008c0e9a640b4e2a0ef607450fc696c021962410893177713f0f0b2d6f258df67b1be59cf919b428846c2f64ea607bb9bb6f4930255

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
0f9f6c150699f99745271550656a90bc

SHA1
42f3fd2ce4bd57a54fadf568f56dcb1849e00b31

SHA256
1b7b96f96af236e6e9cfb9500e8c010738c07a5bcad856d9e03f42f12ba5c411

SHA512
5b4daebf421e8ac157d6af054cf11865c70263659f33e1bf48a003d24ce0de7fd22e7ac94e603fabf5e3d52a5795e86d0fba469a36179a6423ae8d59a7da81e8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
e5f4315979c4df8bf905e06a4ec423a8

SHA1
0fa2ef9d5e0073820a5dc22802bb559ba3766861

SHA256
66f5bc27a49fbb111c80e0a64a606de51777457de4424186c696efaf08327cac

SHA512
b7864a8bb55e8cb72bc6f372dc9be77c8b40dacf218b41b2a7fe3bf2b4e08c0790e7ba90e73a1ae1c360c4923db2440e1bef4352881f7487db1c3b01a7f06bcd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
69312418e9af867ab8a4e769c87e1b2c

SHA1
a8d785b0aa1e29c6dd44a0cec0d1da5e96abd9ab

SHA256
80e28b1681a4366088dcad75e2755e200e8183f9d1fd97da13ae0785a3f44c32

SHA512
934f810df732d7158f4fc3c2f62009a835376dc0872a2a50c2e4305f0aa203042689be8cfccfc1bcfb8b8c27b3d01aeb57fc1f2a8566101d397b953141c90ca0

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
123a65160c86f7422ee089d77813d451

SHA1
12fad2c8e5acc95d8fbbd488bcda8db9612aab2e

SHA256
c2c92cd2636aafb42b4a89e0ac19d3d9b10b688b66d9e368716b3c2880e199c6

SHA512
f58280c9dda1530bbcdb95c0cc80ed1dc01d5ff37b61eb44a2c09e92a68aafbf51ea1d24a839c0f4d200dc1c8e5d4400b42331b7aa43214523e9305d19a2222d

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
229a1439d0cc7060d44a61b759a45715

SHA1
1d2599cedb367613e230010eec6bd68a5d22afdd

SHA256
238112657999a60f53c272d452b6a3b883b17b1d4796dcf964cf885c5b8f3808

SHA512
11eabcffb8dab9aa7e4dcb476ad88ac295255f7c8e3b447bb23f2ded91da2d9e0602ddc89ee02ff849fbe90e3717210b43abfadd3b762c6bc151c4970f8656c3

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
ff80f2a888149d188d4a57a9f597ad47

SHA1
5ebf086da363d122c5d7ce577833faed84d13525

SHA256
023f17c77a9aedeb08a5975cf0481c79c992ba41b7a8127c685149f200ab2171

SHA512
5d1b56a114c341e0dcbdd7b8e1b6887429b36d854cc6d1d7777c8cbf8de53e7188f1ae5572b66c0d13bbc032445248a7cd649ba4d38c9c1984646419217542a7

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.2MB

MD5
65fcc037c99dd6c5e5ae3dee09c28170

SHA1
206b8ba7ddccb6fc6e2952d6eeb660c8a04f6d82

SHA256
3ece98ba43bd189bf4a7aff0ea04efc6834abfbf886cf3a49db2bb50a612020c

SHA512
3fbdb3472b17d63d3c7888e3a2a22b3d1db504c7adee9d3c54ea1e27312d043f01fe46dfbd9cd7bbcc44f5702498d905d8a9872076d0c33a6fb8c62d4f182010

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
6d47705cc1c482e93933e1551f678c52

SHA1
57363d3ebee9da5a4cf26bef0f35b388b5b2730b

SHA256
764530d8327f8dd6f63e7b31e50fd6e23610d14a3f29e4ec5198d7766baf0735

SHA512
53d765023606ed72e1f50a021c48e15942106073ba85d4e2d2f7083c15660fd70da279b1b33e70c705e8e2c9c9a5ab75073ecaba7212c24df73c33d3acb5a3b8

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
38637bb3695b0687caad20bc42fa29c0

SHA1
8c7b1d810919f82e32262bb126c2e339d6fb905e

SHA256
b2e5f3ad59f0b03e44d850d9c0a08ebf055c1092765c4c451dfdeefd270dcb54

SHA512
dcf2d4baeb1b49bedf0a83e5e1d3f80fdd518e5694521435ed2f31a7a16e4b516210895fe4555df395ae45648312b366ebf6d0d9230bce30c8dd73e90941529e

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.5MB

MD5
d76641f42d5dad37247ab010f9ce63c5

SHA1
8faeec7036229c494acb2b99231230f3f0db7fbe

SHA256
a6a9df3db9b5cbbfccab340ae9fd8e9c793df51cdd9d0e48ef276247329aefdb

SHA512
240bf5314cf86d7e3490f5d9461e7f46b2f79e784c89b667a95d7809363772ef7bd36c52c52760bb04999615a2b5e2228652a1401bc3aba0b5d43896ef1ca17a

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
648b763375665ab3ef60f5b526a7f7a3

SHA1
c6fedbad02fa2ee33c07be61dae1aa6da253022f

SHA256
8c8fdc1431f5747c4ccbf3b8fa2dd0484f0f9b636c2035cd6d4396a5cc33536f

SHA512
5bd16373c785a17f2bb3f3686208fe4e8ff37609a6df7089d73f295c62443e2f6284b7dcd15e74fe826243fc43c645662f3a9a79b9fc677e83dee220e4e77cf4

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
2ddb65c6d12aae95912e08989d079390

SHA1
296522c3357b10ea491efcf38bb13a758ad4e791

SHA256
ce8dc0097ebc236af2d49546e5ca30e1303d571b832a6a7ab83cd41d336ab4d0

SHA512
a5a5a2fa3a55877e98c35069628bcfa3a9f507cb6403ad30d5c3bfd51753904313b10b75907bad1b4cb60424faa5f7f62eaad669b97dc0a970e303fec388297c

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
a836e4c871d04b4b2644c4b92db96434

SHA1
43ac51b5edb13dc55bf325ec4649c398b45b7b74

SHA256
fa9a987b2f1e1701085523c6639a807cbfb6acba96f394affcb792ad99ff3c41

SHA512
734e189f5b1eb45509a630a1ae71dbf28183ac5ed3d20ed73eebe5777db18f59a31a1ce14d0e255b16c16c4a1bf13df116d152d6412100e2d198c9fde3c31914

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
c020582745220dd954d71514624d4706

SHA1
e3e6f96b9db21e327e6c81963a4114f255d113cc

SHA256
c4a619c3fae1d1a282acdda9e218b78d603ba4b0c563c631fd68d3d26ad983ca

SHA512
641edfcc967d01a5a86b01b70f1771eb70a992ea1b15d1122f6ae936f7731addc4da5c141874997ffecf42c373dda9adccccde3e9547aead2ce13e0f9bc9c650

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.5MB

MD5
fae75333228c5ef5a10a53827a62e126

SHA1
2f73a68d0e7ffd9310f759bb492b1dd73660a4b8

SHA256
6389a15b797f2baf49186b2e0f4eebb9a5b88ea07b77742347d8739b6f83951d

SHA512
6993c37cc12bddb4034313613a9d032f7f0c350560651739113e896590dc89aed5f900872d914bd9f769b618af6ec038b910480041047b827d2e8be2dcab4764

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
e2a2d2e18d598c5febbd79861d6d0180

SHA1
3c8e36af356baa74b131b0498089c420a6146398

SHA256
06267f2fecc8b2bbad150bb5e46f86b49849b698b7deaa8cf1939f393f815ebe

SHA512
360dac70a8d6747a9e6b2658f6057da23e52f0607d90e11a0f6207f247c0cd6e62554092e475b0635016cb4837ea83f140c2cd8a34d2d84e865dd2d77e37636a

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.2MB

MD5
9caee552d49f4b1d177cd60bdba793e0

SHA1
3f7f0d5aa9892d64438dccc8a99338d99fe2c047

SHA256
8b5d78d27ffac987fd557bb4f5f5405209e5125a67cfc62a43d265e71fa80eee

SHA512
26187405bf4874601feaba256f6b6ba5476cad0474306c8fbcf72f145b944e205c1cbca593392fbc311f4a6324bcc6b48fed7194155afe0ff7ecdf7b63d92295

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
89207c6a6551fdad85a13e0389ea8ffa

SHA1
91f77fc2f1f1457d094245a417243fe64ad9005f

SHA256
f727ea8f67a1b9d584c3caeadf599afb4f765f25f957eeeeddfcd39f2742d87a

SHA512
3928f22654cab9f6e1cc9b0e6f3b0d3397a3d732e10e2caa8cf6c938ddbf57e72342e41c72b5efd48eeb0c96df7cc2209fdcadef6a8d224274075a50a90f3ba5

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
0cd4148cdfe8220edfa0cf6dbe7bccf3

SHA1
6397994e5e25684dd964e68d2dca6302897fb43b

SHA256
7d3a3351c38fb45dcb250936a93ee96f8fa7522ccc1be35b1346f4825ef5ce2a

SHA512
86b0702bb755037472fded45ff416f79841c4dfdd2d299c5446d9f854fd9590eb97f561037462356c3fca5b26428dc194ae72717ba1e5f81391396bbfaf3bd90

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
943d94f8540925f547ba6f5844a9de7d

SHA1
5a95512b9299c84abf655b83b6ae64883d54362c

SHA256
6a302ecb0b414cc48e5e8375cd6292f5a96cc0d405bb383bb81a144a981fb73d

SHA512
2ca3f14ca2e8e3a5d9120325ee6bbbd678e3c2a801c2b0c0adfbe3872e8f026b8b0af55027c1775402b6780efe0711b885e7f78fab57d5ec27bbec739e3fe34e

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.4MB

MD5
177d75e18d66cb05b3d490ac31559971

SHA1
df2e3612cdcbfdc022619f00dd784061056bc89c

SHA256
4e549e284b6f385e863156a2f96d7cdfaaaffe412883361f5de5992b035e274d

SHA512
07f37af40ef44ba9e91e9fc9400375d85d4e589131085e1c494764a673d4ff34c27af9efdbe66769a32042ccc4ad166b2463a75092c28a8a032121b87c673d2f

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
5d3a34a0b28f698a4bd6e80e20be61f3

SHA1
4c87a43b6560f9a572bd0b542d2da5330df3d235

SHA256
d926bc89879b9909f5c4f897c5415d724d53a831835005c5a536ccbfd08a5202

SHA512
ee7a7cc8762b206c3e23928e9c1eddea4d88cf4f40ff8fd5caa69c9f827be7738e46485dda0c323dffd49ee7df799b990a1134a196d92d135691642c4bbf98aa

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
fdd268d5aca5752d5f187d462ac27539

SHA1
9e3d19479768a5db6725d25cb3d3f98ead9d4123

SHA256
bda8b0197a84e332899139484711b4142c521666cc8dbd21e70cd305f343c8a8

SHA512
7108068c191e2c64e393e47c66f9c01380a4e818e39f9e7c8e81953709a9ab5a70340e68f59a059c2e47f884ebbb8d754f8c64eb002450a3a1cfc6044ee6b067

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
c56d4220eb4f18172be19d3fddef4473

SHA1
7f38822cccffa5541236a09dd9cc91540ebd28b7

SHA256
bb372216a9c9e71d8d711c97dafac66312c5f07485ea8d66bf8151ed24a234a6

SHA512
6912e13359f4b2525f5735f3e8ea6c20c02669b2946f2a6d100318edc43332763a34567f23aceed1fd620321e79bdbd524cfa623789d7c690c93f3952dde2f6c

Download Submit
memory/232-320-0x0000000140000000-0x000000014017B000-memory.dmp

Filesize
1.5MB

Download
memory/232-438-0x0000000140000000-0x000000014017B000-memory.dmp

Filesize
1.5MB

Download
memory/628-331-0x0000000140000000-0x0000000140144000-memory.dmp

Filesize
1.3MB

Download
memory/628-270-0x0000000000BD0000-0x0000000000C30000-memory.dmp

Filesize
384KB

Download
memory/628-264-0x0000000000BD0000-0x0000000000C30000-memory.dmp

Filesize
384KB

Download
memory/628-263-0x0000000140000000-0x0000000140144000-memory.dmp

Filesize
1.3MB

Download
memory/692-417-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/692-290-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/692-344-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1452-31-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1452-29-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1968-345-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/2492-421-0x0000000140000000-0x000000014019C000-memory.dmp

Filesize
1.6MB

Download
memory/2492-309-0x0000000140000000-0x000000014019C000-memory.dmp

Filesize
1.6MB

Download
memory/2748-332-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2860-39-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/2860-33-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/2860-41-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2860-224-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2876-328-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3200-87-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3200-245-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3200-79-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/3200-85-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/3492-52-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/3492-58-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/3492-237-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/3492-48-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/3548-340-0x0000000140000000-0x000000014015F000-memory.dmp

Filesize
1.4MB

Download
memory/3708-6-0x00000000023E0000-0x0000000002447000-memory.dmp

Filesize
412KB

Download
memory/3708-61-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3708-1-0x00000000023E0000-0x0000000002447000-memory.dmp

Filesize
412KB

Download
memory/3708-0-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/3708-7-0x00000000023E0000-0x0000000002447000-memory.dmp

Filesize
412KB

Download
memory/3776-323-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3776-327-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3940-70-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3940-74-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3940-76-0x0000000140000000-0x0000000140164000-memory.dmp

Filesize
1.4MB

Download
memory/3940-73-0x0000000140000000-0x0000000140164000-memory.dmp

Filesize
1.4MB

Download
memory/3940-64-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4188-326-0x0000000140000000-0x0000000140152000-memory.dmp

Filesize
1.3MB

Download
memory/4188-259-0x0000000140000000-0x0000000140152000-memory.dmp

Filesize
1.3MB

Download
memory/4388-419-0x0000000140000000-0x000000014012F000-memory.dmp

Filesize
1.2MB

Download
memory/4388-294-0x0000000140000000-0x000000014012F000-memory.dmp

Filesize
1.2MB

Download
memory/4460-297-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4460-420-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4624-287-0x0000000140000000-0x000000014012E000-memory.dmp

Filesize
1.2MB

Download
memory/4624-339-0x0000000140000000-0x000000014012E000-memory.dmp

Filesize
1.2MB

Download
memory/4712-278-0x00000000008B0000-0x0000000000917000-memory.dmp

Filesize
412KB

Download
memory/4712-277-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/4712-335-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/4788-202-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download
memory/4788-25-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/4788-24-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download
memory/4788-16-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/4820-336-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4840-12-0x0000000140000000-0x0000000140143000-memory.dmp

Filesize
1.3MB

Download
memory/4840-201-0x0000000140000000-0x0000000140143000-memory.dmp

Filesize
1.3MB

Download