e676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052

Analysis

max time kernel
144s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052.exe
Size

716KB
MD5

0331aa0627dabb35086ac33c975f2834
SHA1

20681067e0fcf939c66cd261b03df613f489a16e
SHA256

e676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052
SHA512

249ebfa47cd80a478cae673f9b71c38dd24a652d091e73b8b835cf85685e26030546b7f8c17323d4f9f9897377c92645e7d7669bf45db4b1040bd5243f36f1e0
SSDEEP

12288:33P/aK2vB+jmqmFrfBCgiw4bivhqGoj85sVPL5qw+DF:3/CKABbqMrfUgYbkhqfj8uqw

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

Processes:

alg.exeelevation_service.exeelevation_service.exemaintenanceservice.exeOSE.EXEDiagnosticsHub.StandardCollector.Service.exefxssvc.exemsdtc.exePerceptionSimulationService.exeperfhost.exelocator.exeSensorDataService.exesnmptrap.exespectrum.exessh-agent.exeTieringEngineService.exeAgentService.exevds.exevssvc.exewbengine.exeWmiApSrv.exeSearchIndexer.exe

pid	process
448	alg.exe
452	elevation_service.exe
4696	elevation_service.exe
1900	maintenanceservice.exe
1524	OSE.EXE
964	DiagnosticsHub.StandardCollector.Service.exe
224	fxssvc.exe
1260	msdtc.exe
1184	PerceptionSimulationService.exe
2656	perfhost.exe
3012	locator.exe
1540	SensorDataService.exe
2412	snmptrap.exe
184	spectrum.exe
4304	ssh-agent.exe
3480	TieringEngineService.exe
872	AgentService.exe
2652	vds.exe
4740	vssvc.exe
4752	wbengine.exe
408	WmiApSrv.exe
2584	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 30 IoCs

Processes:

elevation_service.exemsdtc.exee676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052.exealg.exe

description	ioc	process
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	e676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	e676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	e676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\45c2f38bb3e2edcd.bin	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	e676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

Processes:

alg.exeelevation_service.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	elevation_service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	elevation_service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpnetwk.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{1342F81A-D5C5-42B4-A5E8-933F7759DA30}\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	elevation_service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaw.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	elevation_service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	elevation_service.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	alg.exe

Drops file in Windows directory 2 IoCs

Processes:

elevation_service.exemsdtc.exe

description	ioc	process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

SensorDataService.exespectrum.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TieringEngineService.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe

Modifies data under HKEY_USERS 6 IoCs

Processes:

fxssvc.exeSearchProtocolHost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

676
676

pid	process
676
676

Suspicious use of AdjustPrivilegeToken 41 IoCs

Processes:

e676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052.exealg.exeelevation_service.exefxssvc.exeTieringEngineService.exeAgentService.exevssvc.exewbengine.exeSearchIndexer.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	2696	e676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052.exe
Token: SeDebugPrivilege	448	alg.exe
Token: SeDebugPrivilege	448	alg.exe
Token: SeDebugPrivilege	448	alg.exe
Token: SeTakeOwnershipPrivilege	452	elevation_service.exe
Token: SeAuditPrivilege	224	fxssvc.exe
Token: SeRestorePrivilege	3480	TieringEngineService.exe
Token: SeManageVolumePrivilege	3480	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	872	AgentService.exe
Token: SeBackupPrivilege	4740	vssvc.exe
Token: SeRestorePrivilege	4740	vssvc.exe
Token: SeAuditPrivilege	4740	vssvc.exe
Token: SeBackupPrivilege	4752	wbengine.exe
Token: SeRestorePrivilege	4752	wbengine.exe
Token: SeSecurityPrivilege	4752	wbengine.exe
Token: 33	2584	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	2584	SearchIndexer.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

SearchIndexer.exe

description	pid	process	target process
PID 2584 wrote to memory of 4936	2584	SearchIndexer.exe	SearchProtocolHost.exe
PID 2584 wrote to memory of 4936	2584	SearchIndexer.exe	SearchProtocolHost.exe
PID 2584 wrote to memory of 3500	2584	SearchIndexer.exe	SearchFilterHost.exe
PID 2584 wrote to memory of 3500	2584	SearchIndexer.exe	SearchFilterHost.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\e676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052.exe
"C:\Users\Admin\AppData\Local\Temp\e676de88c3c722519ca0f804fd8b1fe59abd3c2b8ceef728244b5c8f0ef25052.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2696

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4696

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1900

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:3800

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:964

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2924

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:224

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1260

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1184

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:2656

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3012

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1540

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2412

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:184

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:4304

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:5020

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3480

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:872

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:2652

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4740

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4752

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:408

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:4936
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  PID:3500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
2.2MB

MD5
d38e1454796e44d6792f43e0b89893ac

SHA1
873aa73b5f95617cf446525e505fb911d33933b9

SHA256
2ff1403f387d2ee1042a8ed5c6be81b548a051ae6572a3424bdab2119251ba85

SHA512
617f0cff95e96104e56cb82f142ef95c7cae5f53b0d84d6f3f256b25fdbf738ec8f8efa00ff6e25ea978644a9bde5e22fe92eaf4da58c2eb8e762b1e75c740bb

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
c40abd2be04147f52d3a9549e48ca4b0

SHA1
fc5bdf49060179b7ad3bc61545aaf2e46629fb92

SHA256
fed98cf29fa6a2cf3bc40985d8adc154cd62116a9b5d8fa0ec248174547b8c88

SHA512
adea2945e92e285961d51551e39e6b59df7ea3e76811020a142f63de809446b3d20ecaf01354ceeb51619ac538fe73649cf2c49d565a780fb2692e507a6afc9a

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
45bce8b7d4018f9d5dd447ffe1db5535

SHA1
afc428a78b4e157db4d8465ca86f14b84b5755a8

SHA256
c0cc9ba699c25ca19e16b44cb59a2fbc28d1e58e685cdb7645f3f272f5e4e4dc

SHA512
5d6285d16e5c962dc890ccb5d77081f388cca608393a5321999a79cf9080bba91bd864c78cc28d591c107f93290186c114a46003bf03db494aa0e84a47cc5860

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
c679d2d4ecc457394e3f4ed6616f134c

SHA1
8bbb5ab6066a71e473d83945f8f370761456f0d0

SHA256
c3771dc4b0a4196b5364a6d494074b4956684d03d9a509b7fcd40df865627f83

SHA512
90fed20d7c027f101842a3a208cd22de7ffdfe23bcf9455e39cf0b9ef07fdcb369069b74af6860fb6957a06ca48cf85317ec55fd9343852f0556283c550601f1

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
9bca8182265b23aa03af518649bebc30

SHA1
bbea21e590735c41e1351b00201ae995651d083b

SHA256
d6488812db82f7f76ae41944f80044f3f754db177cad02479989a18d00501688

SHA512
d18d39c20eb888f2bc429fba97c188f2622d7afb99d14829201fe5da91129a9149b7cc1d0ffb7a6f68fbc9fd86f0f6c1fd4abd8b865e5d09e00067631694a7ae

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
e722ff08b20ba112de0c34f004850891

SHA1
efe0dbe09b604908f5a0a59787703a2e6e15e627

SHA256
57f9c28086b7224f7b44b047ca4da98f7cae26a990f18b57068605f3877b6eb1

SHA512
9fa2842624958c6ed2e3fd362c2bca22eaccaee2c0eb5b677bee3b4dddebef05b30ba06b3066a322105f32918072b13a475b690763842b8914c846698fd2900d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
c9f4b740716671160a9d21c6f503436a

SHA1
a740bd226d5514d8ab14a6b287b8a5cfce7e503f

SHA256
5b83237cb35e098e40bca714a1edb48fcbf3dd846290fc7e3a16ee5e7dffd459

SHA512
e0982faf8a9eec1770538fd3b481383accd3e6d17e9b7b0695efa089fe23597cba9d2741bd01fb79a1a0bed34dfba8db178df97a02d0a35968a7b29e04639672

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
fb9f951579af476d1c4e447a9141e1c1

SHA1
4d0cca8d41a7d3b8e1817d761c09e267e1218d97

SHA256
a80415fd222d0703866a951b4bae1d0b6e4a8826091e2372bbc2269ef5ce0d7e

SHA512
cd6c8bba6b886e844f335377d396995866040a334282de170dcd99ded3aa15958ef289576439281c771a6c32439727ae826d29563d78cbc50f104b5565afbd82

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
fe1e5ca7194b0dc1d33e91b52945f1ef

SHA1
6b46f2d46cb6d2824797125a087abf6d4ccb66ef

SHA256
1b37a622d65ab29381e43f087d3176d5e23c5a6343d59af407f50ff05cbc808b

SHA512
84d03bbbb0e306e4f6c1236d8255c567b7cf7aded533cb372192395a7b0a8d088986b24256fb0b9b314bcf2530eb466ff74446da98e9bf8d3cedb6667f659f75

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
526d72bc7e7d14a21faccfa0a4791c1d

SHA1
de9ba559698923535194de0741146ff64fb7cc54

SHA256
906776b916e43de866703949bee349ead128580d5e38395766225e8310a09e40

SHA512
2f4e282db6c87425cf47fb5cc55d31f26aaa1e226bd67808918df31a9a14b2fb8c79aed9c66297252b87cab8997e7e3d4ec7da103cbe1a7b8742987fc254aa98

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
61c0c2927fbb3af52bf5225cea66060a

SHA1
0917708e6e0f7c0965dfd98e43ac918c3aa44196

SHA256
f83bc5a9bf4e77fe7b239c31b9b1d239f2b2c3dd5b7011f6369c6e4d657db89b

SHA512
c611ee5785fdb38694d5f758b4389e815d13f6755269bcebb43fe4ca85874907088cfc1ff5cfccaa58a414453c70ed139cc9507c12c0c18b978c14312d77440a

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
d4d0e6a02784d8494ba59a1b5d7f369f

SHA1
5024746eb6f33fae02af64b6a1513a543584a7f0

SHA256
fdbaf7379b5e5102b56c42feb3212b7793db1d62edfa4d49052d24d5eb2accdd

SHA512
92015e838223bac30a84754cb7bb0fb42a22ef0319cece058808bc39aeb02bebf57dff38afce201c8d0caed1a3ecee210525221fb18711ea3801786962cfe4e4

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
92b16ddab29ce1e5e7d5e0bcec6bb6aa

SHA1
b399d440ddc071f8afca688515256663b49a72a8

SHA256
291ca463b4699ca037b930f1844a6403c54dd788cd55ab5d632a1b39921d56ce

SHA512
6412653bb016803be4e625cbc25e55cd62e63d667683a5fd371fd10602d611a208d8bab3660ae0bdf33fdef395490430f2e69e6e87e369c4522ae52fadb64567

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
487bf7ab32ed9e2db21cf81db99229b4

SHA1
04a441924c9b4eadd9bd80af15fe4bcbb262a8cb

SHA256
03bde7d2b017a7c8e2c68c6679700904b79088a8f96eb6517850fc7eb0ee8811

SHA512
36e3aec0ef04f14a2e18c47289cf938d9b082c1283a743713288a8549bcf132c6511f4635be000cc65eba9f3703ab0cbe232c1eb76fbdb9b4b40f9fab9fc907b

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
21b16a186d386100d250b64b8676ca0f

SHA1
8387a2c10c922542b5a2383f934f635ae05fbd26

SHA256
1d0b95dc6143ea99739e41746df3c497a50755ce7c7a204aa2c440364092d19e

SHA512
544f16d3ba6394629b844b45ef5b2d8181494063012e2c5024e30de277906c4fe27501296e1a8e0c69f1f922d16d6bd1175f61a991879d16b026a1082146fe19

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
a69388a46bbc97d74e9be16d2c40dac9

SHA1
9d5417fceeddf0d59e1a8217c0b28e0ea09b6ce7

SHA256
354282ed9a191c0c92780867e8fda21395cb98ee911649c83dab164292029b1a

SHA512
13a1b199575f1d75753e30bfb21a0482790f6db7e753116c98bf0c9446238430b1d8cccdcc126d3f2045eee67a196c09a1b608137566afdcc3b11f2d35f23efd

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
ec13eaacd8ae34e0644737aa9087b9fd

SHA1
2e2edf5231964702a16d7e8ec6a4c64a5f07ccbb

SHA256
73a7da33a21d76b8176e7fb8c66739a7ed1b8fc4c968d9dd259825b8f382155a

SHA512
90f38433fc9bf266c83642c2252493d88ad839b183a9f5f505790c45a5604955d3ea09bece7bd133517d7a65158ebdf533cc5f68dc8c0446151868d836841703

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
f704a893ea50785fa3dbeb8d8d9b1ac7

SHA1
7e6f6f00fb054ec0422abe3f30a6942a68a3a6bb

SHA256
0bf64db68438b49fe269d53fb6520109a39ec5c5818825beb391c50f1c107470

SHA512
829e2c98e59d40f455da32c7de526e5d1bd37883f1b8431b9fbefa98ecb91a59f55f2ed783e0709ced986f962281640f6ecc8e1b4f48d537afbf308855403ee0

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
3965580bb7a248a63d13e37d4dee2399

SHA1
ed37f801a9d6eb9cbd9c59b8f2efabd3afc80539

SHA256
ff1dc3faeb816ee9b7cc430e3a48256ce379e30e5eb18f7d8fb608ca6b7041ae

SHA512
4a415aba01c18841aad39349db854b40b5ca94f285a3a6a690c113b226b56d3c6e8a1b522e983af34a15c0542cb74b5a2994a42b2dd849315767552c88b7bb1c

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
51ce211cfbdb773000380b812be26747

SHA1
9e10fd1697817d4e20c1e6fda10a957d8de05bdc

SHA256
2c4dfe08dda1b0982043312bab5e489502116ea5b85e735ecbd4dbf884c68ad0

SHA512
bb86e22dba760efd0c16e043aa907b48f3824ce06782d49253f82f3dc1987eb58401c112bd29dbf9095b1f4079b6ee428a583f7f4677dea38250db2989def29a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
708c642095441d7dba13d1eac0d5fd9b

SHA1
7e207b3b413acfc865fa0fd8a587d2cabcfd6f8b

SHA256
6a36fda209095f613b56b1b73d31f22fafb6bf0fd4f8f7f8f2cd7a818c06bbfc

SHA512
02f5fa3e319609e6f9d7ee5a04831b11edbd14560bb63ce05bd582bcebf58c4ad0bbc0a5ab3b19e282b39e8aa6fd154257facbb35a608bad8b31d0d8cad36363

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
84b67c0521b5a4d1deeadf0c92159446

SHA1
f8f44b81fea56c3dd4b700223e0c395d545fc7e0

SHA256
2e22b718d5ce5b2fbeeb5da0578a8fa876536452e0060dd44ebd9c92bed39b1f

SHA512
0ef91bc1bb28500fb25aa8042b51914151d2d3e24dbeefcd58b764b80abb45a84dbc6318e405d9e969ebb78e1cfca0bb6cd8e55a1730820f3a568600acdded2a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
4fdf5c2c5de9bddb2cf81b3784ac821d

SHA1
ff2cb7883e49027fb1b45233fc7aaff2af3fa029

SHA256
b9ea066cac8455d64723e4e2c996419a0089fca18508cad244a1ffd657213c9d

SHA512
4a17ba095ea8d5b92d7c025e113615e7840e092f4218cb34ffd6ef6ce03fbe1db093ec985cfbbd14eebe790e24ab8863d3374ce62ee8271b8c31546d6d93bcc6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
c7294fc775de1cea935a193fa0e425cf

SHA1
2e18f3423e3d6f1757b5effe64cfd52e08e5a6a5

SHA256
f2a1f803692be94bed98aafc8a798f7446e3f0f0ab8b638a7efbfbc7ee067b8c

SHA512
9eef3c3ce7eab1008522a0226c0e38f3026b7c077d914b9506ef4160af032af3e0f13937e2cf41353a6da89ecabe89f1c298331ab9ca21dd4e847fd1d5259def

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
1ad8bb552cdf25daf9e55f242814aed4

SHA1
889270081a658a9ea059502fe80f90b5924bd26c

SHA256
cda52d85969d23e3d7bc7e58c2d3d9cd8fa3544c598fea7704c3366932fac08b

SHA512
946a851f2cecc57febe3cd85d4b605bdbae9631a805b9fc0f50ec8f9432c7521efa2e83d5113c10f66f181ae8b90e28fdc77bb6b05b636364798f4d82e6654c8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
30ab15812ad7b0a8feafd83183090981

SHA1
d4bc255af474a1edb8ad33f9520223dfa69a91b6

SHA256
e5c20056f9f57f23582b879d8c65bd5afac1454b3a4f602abdd760c537be3ad4

SHA512
85973390ce14031642e8343f37976b8127d8858ffd233c3a08d2d0e35daf09980cc6f549c7691f77927f3732d5a6e2c074bd230a50c90e6827a2d83accd7b92a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
748740c8887a561fdbd5efa6a2d6c69b

SHA1
66cfde6450e49abe84e3229d3a33a03b8ef7087d

SHA256
e735f317d3574762874cb9e0d563218f9b503aa25875b95642171724a5ba8124

SHA512
5cffe845cfc7775aef227506f2d0418f9d18d158f140d011b8d7e62fbe8519dd8b267dff2c1f2d8c84559ca78c96556c078f9f233b2156cc421fdc50bc7cb2f8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
ac0d1db2d32eb0137ca7cc236f076615

SHA1
601382a58d2532b6e4fa9d95036f57bf6fa6b06f

SHA256
6ebd9a5bfb8bd3024cd6e20ebab00c21a5de384326b893ede3cfcfb869b19ae3

SHA512
2a884020677a242f323e235f993621cadcd9f8d6c3a5a9bbbb37efd4390dd650f35e0c9e67e1190e33e2119617925e4ca63418faeb23c2aa25b636b16e3f4c61

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
bfc1f05e01317486db538de51115f6c3

SHA1
b5fb6e69e036498387e8dd5852b0f76caf984e58

SHA256
8f02854ec89af5001c7048d24c25b898404a1f3b2cb49e0c22a04f23f8122555

SHA512
9ec872983c03a442eb2dbf576d60f13ab9148855faa9338b6aa8c9df0a50c8b337f5570690055ff6f5d52692aafe26094d94d310195d6485100b766cdbc0be30

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
6b344df8dfc369f56cd0d5206af53542

SHA1
44a4d9e57432c11df4f57c4e3c4eda3c4e42317b

SHA256
b0bf4e6e7e59861606890a35c004f82af0aca0d1e9c0571ebb76501576bd3213

SHA512
8924be6b57f19835aad5860dc70db2ac11d421461abc8e22ff46bae6992a2d4d4a1a9c3b19d3bb96056b33a5d96c39fc5fd050012605611e2ce3ef17bc3adc4b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
54b89d660bed75298310f59a291e4786

SHA1
47599e1c3dd33a4e7f75b5fa45cab1d0a072e81f

SHA256
ddc2520ed0ccbc4a70e919af9d1bd99dd96cd594ca8b1059c4c95fa0647d15a8

SHA512
a194d1ca4af48b8a2257cb60dbab14714e014b1a2a9d799bd8d423406134f967aa3f6e2856bcf5bb5a5cffefc7bc4ff25434708df1d035377956b7fcc6bbc30e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
b1b1876af3a6103e0e92e1dd7b2d67e9

SHA1
268b45b6f8146f181c8cc397e2404c2981ec10f3

SHA256
ea5cba054e887f9dfd3d624c2b6986d8562db6b45bdddf84800cbd9e8dd61cef

SHA512
9c2b241ce76de5ffdeeaf454a135de94abe6649d3ce73df122b4670e45056f2d839a090885dc4f6cb3332695d6cdd8d3d87f8481b8860a095f38aa64f1b3508c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
da90ffe286702610cdb5fa693bc5bd7f

SHA1
40c9a26522950e553190fd3f25968efd2b9fa966

SHA256
10f531d854f63b4c421c2119374a0922175aa119e4a4bc34df12b9bdc4152494

SHA512
1ab9e32ea7f92ddf73830651fa3cc27a78878960cb5804b771e66563806809fc6564cb7d1fb52b9cb87246408ca07fdfe203a69faf4c115059f8a7551150cc2f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
836730b45afac45f6af70b589856c46a

SHA1
5a52bd6c2a830ec6d2f1c4c8c93e7449fa168f5f

SHA256
ddc69497ac3741b3322625c0dd00f51494839163aea9157341340447a597f2c5

SHA512
28f9b3aee2190a09560271346bda9d11fb898060fc8b8e1130c325c98850587ee60bd92b9d8b270354814d7ef560ec87bfe426947ab8c67bc337fc8955f81347

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
80f12ed2ebe9266b369a49495667cfe8

SHA1
5ede6470de1afdede63cd9517ce2a89d52e9c4ae

SHA256
8f951ce671be62fb799f0aea1c60c7931f82b52b16d328b661ba79687dbb3add

SHA512
a01de4bb03ae339540be8be06e419d1926d6f1dd2c0b163adc3fd64f1f0bcb2c314412a887b072ddfc280001d382f89132f2e7579a9020089783d86d2617a44c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
7da42f84ba11949ef8f754d3dbdcf54c

SHA1
0f0f52176e43cb1006ddc561b3b1644c58972776

SHA256
6e566d092f17423805f7ede9b51abe0a253f14efdd8f62aec701325feda0d8c2

SHA512
cda50abef77f0ac6017f38cd1366587dfa7f9892bb1eaca5a51be0a61267cb39cb08fcedb78628ba15b1bb720b11f6e8269970851076d0ab7d51e4acf0b0bd72

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
9c8804252a63313a58de663aafd07205

SHA1
50d85ccd4f7379d2a7d48ea51992ca4e09a8bc74

SHA256
9b24b5a5adbac1248a3b2080574136d758e8fcc1b5b3bbcd677fa3253de7b6fa

SHA512
d75d2e2ab71d7608fdd998f1df5e69f3be974c0f4b21fd93e8c77071f75eead051eee5c6defe02e036082750782b192acc9b2085bae05ee05ecc1253ebb3cb64

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
b3f0f7dd1471a2316967ba7d1db06389

SHA1
b8776f38b8236156103ebb7bd695de4ea262c7c7

SHA256
c676210d0cb352ec781642950fc5b539007454b20b445c3ddef9eacc505f421a

SHA512
88eaef8d0ef2b5b317cabcb0e60a51690e7fac2dab1dfc40f2c722b71c73abcfaaf5ac9eaff80f51242be2fcec93cd8527444563a443382fa60fbb1c891531e7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
fd7ec54a10eb1afc70bf22de0c437449

SHA1
15b7e0795ef01908c9341833be0d3f4869588d4b

SHA256
40fba8db036c013ba7677da6f7a77ecdc9cd8d925e001b1760651982574f2bd9

SHA512
7fd5357f3a8761b6168b2bfef66bd34c8d59b54c0f99a6d2161f359f5b67b020676d7b6c32085e599539a5b32bac97c1140b0d477f374722a9b2385a1e73a9ef

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
3b3ecbc3ba796c4c84de630e4251e91c

SHA1
cd93a9c49929dd94b02a1b0db0842847f8dd567d

SHA256
9a008ada6acbf9b75615f2260704a4f9071a36cd787985582318b8b5e991c02f

SHA512
a5fd2e426db93d868ca491c5baaf0743d9a423f24b1847761f33605270a2921036dd5de87410eaf9c49681fbe3f0f9006cd827ca5ba56f57f8ddc7603cb1f14b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
4efbfa11c5c8a0f61fea79026017ec8e

SHA1
a219e45e3cc119401dbfa7892623411817e16232

SHA256
ea82ddf39cc2c7292bffea20ac4996f9b3b0b5c873debf0acad07f59442a060a

SHA512
45aa2e7b290936d4c343a5e1074437827951a1740669b09346a2f1e4e97363dc8758cf82c5db3d7aca4879bf668aaff6851f010be9fe197635725e1275e402f5

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
696KB

MD5
a200ff91cfa29608f9c6ef92c59f977d

SHA1
d5fb5bb99e3321c0e4c36ceb41f0dbf7fee42d1e

SHA256
f8039a20f55e47b46a4a0885324dc61455871626fb95482d69837c54a63a0b3e

SHA512
591d386711830f0e374a7ec6d4faf505e908d1edf11048e1412344249f2e4a7637566ec3d45344989f7760a67f89fb6579451bbe024b94fc752101fa78b88c69

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
a3cc2bfb959f05724bb8142357077b08

SHA1
6fe1cddc0fb4d715f737eb883398034ca495b791

SHA256
fa73d1489ad2313653ddcbb828e33a53ce72cd5e7a7c9da21465479c6d62202b

SHA512
9b7587a065cc3247e9e2b85279cccc8065ad57342c32fe60b8093ec2862277845947595c82a3da130b90c4ae5e1ae9a94c744778c22ab8f357322ef16b923929

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
3fd678775d929b5d9061418d008eb2c4

SHA1
5b85c57e56168ae35fa610ef94ff8e153f1c1f4d

SHA256
ed88c623f38273ed8734ba056e8c2b9d06dd98fb5e4d47d2995398d698436ffa

SHA512
1f90001c8d7997313b37faa0ca3980913bfcacecb2af6f4fae3e17aedd4907a35f57a8bb1d1e896315018868d4f2d1eab027b9aa2c153fb50591b55ddbc16075

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
779ec6ef7806977a07d3039181c7578c

SHA1
511465d528717a4bd90e04f97003ebe3d333ae26

SHA256
48511dd1530b80f27c2cd25d2e3df3d0158d41855c5c5e937451cae033f9b692

SHA512
4d10667341f46bc7bf52174534724d304b80adbe70d3293828ca5202b10c375b71ad8b4963bacccb255c9a36d28924edef12be2e73fe375e7f0346b65eb270c0

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
670836a90553ebba1b7fb106abed315f

SHA1
41ce17f9f9f88d5c0370c43980a0f2689607a198

SHA256
5beaa81df0b102ff5ffc0e9e74c0b56ede00d51453833edaa02a94e693e26997

SHA512
9f5a1ca6434c6d85692086c40a2eaa01b8e4df15f09e65a993cefda393b4ad964c882f315fd878764d005d373fe5e52b33ab2833e380bd9fe1ad45765618e41f

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
c607b501d279d7a370c79f84770f4733

SHA1
b1baf1d144e45d4856971988f0cb7d999f3f5b28

SHA256
8d4d4fa39790059083d1b069525acff1075445a0a42060bca9217a897742a212

SHA512
c27f639b9c69110b3c2d71ae98d17dcc9074b01b92aa1bcc3b5a95c7e042c94f643f636cc1672a47d2102888cabcf7dc257f9f3de041f4aefe5f104e4f91dfd5

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
12e29c12090465b47f64753fdcf9a462

SHA1
cbd6a40692e656b28b2ca378fd46552e8583b867

SHA256
14790f7682f80643c28bd3809485e83be25d2e7cf90039b6d29a8f21c23ee9b7

SHA512
f6bcf560736bb38313733771ec65a75977bd6ce71f777ec5b246695aa7a772a63afb9f8e66f93c111144fa165cca20f2d47424f8c6080635ce97da697edb5c99

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
47bf42f24bf0b454643670b394f9db05

SHA1
767e6509ec28f574a34302b5f4c84ea22e113e1d

SHA256
15fe1c5da6ff8177636e7310013374b2120cfe92f6f8313e5711089cc9d12b54

SHA512
a79a86433affdbfc684a88f2017059aa6eb02f342d0b4c0ba910f44f40126acf7f44e43e863dedb4764d03db47bbbc16237edf05a7c9dc557c30ad4413f7a26b

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
1bfda1af22e72f5d22c92c7a11d1885f

SHA1
7bea6dd239a9c78ed7c7c8bf3a6e14e9939798d9

SHA256
3f531bbf6981cb962584f2f9d0feae2cc724b10030ab924ba77c18fdf947ac47

SHA512
32a408ed1f7acd27262aee4fc57b6e8594b4be2f325cca95f370666380540cf036ca4566589a321947470c251cc691feb403807e96acbc8b3c06888a221deeef

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
818447ed0c845a0452e4da47f87a54d3

SHA1
dc0164949df03305deb150a818d2df197761e95e

SHA256
e3e08fa3e0eec0f7ea12ee65db6e9fa6dabc8d307613d936d36c99e306b1d757

SHA512
fdbafc8b586f81d7b4fb3c337b32c14761f63c955543b0be7561393fabbc5ccbeccad925895b81ce116c6c49bf096834c9ebf8f4f7ec897ebeb4d60a76b0b907

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
47029c034d932c4a751e73357cb71493

SHA1
28c8f6a615e14b0299cda55cc78417d28d886fae

SHA256
f9a8da1dfc8f392570505e3e86cbf8f82e646c1dd91d04d1e6eb2506ff7480ed

SHA512
713e01d381b2287f1fa6ac6490009ecc1dd64ae1b0513bc8dc0538edd919e72398ef030dd3c8c904f90dba9d730ba8b52ebc7a4efaea20fb2d1a0fd87c9e2ea9

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
17dd835c771f96943b8e086a8a421c28

SHA1
f50d49bf18d557bb8044d2c67d1cbddd5be28381

SHA256
587628ab0e6f695503ffe69e7dd276eecaa3202cfb0de5715b4ec5c8de902666

SHA512
88d4d46e4162066a3414c549bb3e6e198a45a0ff69b49b67b8c956225b613af1efbda941ba49848a6002683413e789a1a716d9deecb53e1757ee7d07d32f6ea6

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
d5286c38348ae8a5db8fcaa32cb14c0f

SHA1
144156701b43c9d31d8ea2dd7b7b279b9e942863

SHA256
d79041f75ba1f8559da6376d631de33903e5bb1e08f9f50447f82a1d2babacdd

SHA512
ea14092c305ce8d293e5acd2d4d1c0aa14a05f8818dae14b2187e002272b51f7fc0479d9daf44398aa509e524dbc6ff7bf7fe8e2a561c64b26f821036569abe7

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
5bd12948e9b6eccd25d16c020580d618

SHA1
ed900f75e9ac1bc924ba393450b69d7f715dccee

SHA256
8b1b3eef8fb8e7afea0fc41fbd34173703ec968b9aff5a9c434f06a386caaff5

SHA512
46ab921e17c849df1eb23db164ad6403caf5d1626b7d6347e02119e3eba319649e13a71c65ac550a0c32fa23197d83b73451881e73e2d22d8cd7d0815f3cff08

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
332c6074636cdee2229f4b3764a411ec

SHA1
90fd7bc8365042448b2e2a1b31a843791ec7d416

SHA256
aa7fbe254ea13b0bec04d07bf353cc3d5eb09765b6f6da3f16f50b727e43c9b3

SHA512
57125a7d94172cc9029774964a9e4a476529a51f656d9be4f8fd9d7be861f434e3d062e5185ffb6f3d9d0d7f318b961d3d873b5cd14b24c19f16fa917efd2be3

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
5afa0822a8ce08d08802abd63c73e948

SHA1
6b28b9339d3d1abe9b7b9ecb24b42f3ad3f417c9

SHA256
278877c10c9085b2138512ec9cf5a3101d8bcf780e72c263229d4341853c74eb

SHA512
b50a7ee4b43360d3b0c2fe734f38f97112db0e964b23a47ed0f93f60eb727e28e6b4ca47dc3fd64d4f7e5208a3681bc50a4c63b8675679ab4ff7932f13a7f9a9

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
15ae0b7fc4d70c5fe2120c1bd5b28280

SHA1
0d27a8a7719b328c1d59e7f69c39832743c7e16a

SHA256
1255893a58aba58e368c1cae301071822034dbb3ffc8151c1bd4f42734a50c59

SHA512
7c4986b8acdf9ec0671450597afa5f4913609716260a8016f59b3bd0f68100c531909913851c0f1aade4eaaa06d5ed940bb850955898223a40d69f34e0c4db81

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
5d2b5e25b38f87eb6d85f44f5e1377c0

SHA1
ac699965f3ca6565c1f0190d192f2590447d39f4

SHA256
16b960d4a45b930039a6624a180ca3bc97a0e37dc55665a386ed26c1ae542e47

SHA512
1a22a6cfa94cfa2372a7cade2f6a1eb635f95ffbe054b3359dbc14b967fee62a78cc562bc9d43fdf83ffcc5315e87e050ffd5b9d9ce65a14fcbbd090499ea4ae

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
01e7ecbe418b73f8e89e871c02836f1c

SHA1
01e9155059fd85037130af363de51b5565504398

SHA256
a33fd74c8fb6a09d2de4d4b38f6b10368f55963fe8624d8cd76e445fbd6b4aa6

SHA512
1ef03e5f4d46fb90c474303b2c32233c024796187248d7eb50d88a4a95c4f983ca742c394f08b9d9a8068ca2072b074bdd80161dc9135dcf6abab5cc16b0049d

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
c71ad77828ef6c39a0a6df6a0ecbfb35

SHA1
30c781cc48760d53e27a1cf30485dbd08203b44f

SHA256
c2f7f4be6c93e0339030223cedc7c603a41561bac6b7761c5c87d61d4e493fa5

SHA512
6280603f8a9717040dc58ee3252c194ca45545f5f18c4ce63bbb202af0d1a1bc50cbde47f7dc8439175b21cf71d1fb9c52c1f810827f6500a1785e9c2785b235

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
ba3af37270a5699ed36e87fd369686c8

SHA1
574385b3c09d2ad39e98f610a4c05bc61d995eaf

SHA256
2c2a4d8d27c28b54a08d6618a5611bc4d39908aea47a4e057f677e7a031759a2

SHA512
3e640b0dd518d1e447e2eacbee4ae907f3509ceae1a1eac851f3c32ef614788cb163927a3f6e1eec9196fcfef46856389e44dab1dee7e02bb03cdb42650571e8

Download Submit
memory/184-342-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/184-529-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/224-272-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/224-258-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/224-257-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/408-428-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/448-174-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/448-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/448-21-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/448-13-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/452-38-0x0000000000D80000-0x0000000000DE0000-memory.dmp

Filesize
384KB

Download
memory/452-198-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/452-30-0x0000000000D80000-0x0000000000DE0000-memory.dmp

Filesize
384KB

Download
memory/452-29-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/872-378-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/872-390-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/964-246-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/964-247-0x0000000000580000-0x00000000005E0000-memory.dmp

Filesize
384KB

Download
memory/964-253-0x0000000000580000-0x00000000005E0000-memory.dmp

Filesize
384KB

Download
memory/964-353-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1184-284-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/1184-403-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/1260-377-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1260-269-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1524-69-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1524-70-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/1524-76-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/1524-234-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1540-440-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1540-525-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1540-319-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1900-54-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/1900-64-0x00000000016C0000-0x0000000001720000-memory.dmp

Filesize
384KB

Download
memory/1900-55-0x00000000016C0000-0x0000000001720000-memory.dmp

Filesize
384KB

Download
memory/1900-61-0x00000000016C0000-0x0000000001720000-memory.dmp

Filesize
384KB

Download
memory/1900-66-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/2412-331-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2412-526-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2584-449-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/2652-392-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/2656-297-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2656-415-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2696-6-0x0000000002370000-0x00000000023D7000-memory.dmp

Filesize
412KB

Download
memory/2696-51-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/2696-0-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/2696-2-0x0000000002370000-0x00000000023D7000-memory.dmp

Filesize
412KB

Download
memory/2696-7-0x0000000002370000-0x00000000023D7000-memory.dmp

Filesize
412KB

Download
memory/3012-308-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/3012-427-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/3480-366-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/3480-547-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/4304-355-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4304-530-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4696-50-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/4696-41-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/4696-49-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/4696-214-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/4740-404-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4752-416-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download