ed042388317cc42550af074f2e16e63b61ff85cc2879175d3ed4baf1e7bbf424

Analysis

max time kernel
147s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed042388317cc42550af074f2e16e63b61ff85cc2879175d3ed4baf1e7bbf424.exe
Size

1.6MB
MD5

b55f4a9ce70e550f35d4df71d41731de
SHA1

28f1f7e8b6435253ba7a2027bee7d5ceda27c4ff
SHA256

ed042388317cc42550af074f2e16e63b61ff85cc2879175d3ed4baf1e7bbf424
SHA512

6964fdd8224409fd009bc4332e051088b3ade0f2fc560f087aeccc9ddcca5840e5a46318c82ca205c5e3d3cb2f08df28295947ab39bb8b30f12a247bb726a40a
SSDEEP

24576:B49Bs8NDFKYmKOF0zr31JwAlcR3QC0OXxc0H:BYsgDUYmvFur31yAipQCtXxc0H

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 19 IoCs

Processes:

alg.exeelevation_service.exeelevation_service.exemaintenanceservice.exeOSE.EXEDiagnosticsHub.StandardCollector.Service.exefxssvc.exemsdtc.exePerceptionSimulationService.exeperfhost.exelocator.exeSensorDataService.exesnmptrap.exespectrum.exessh-agent.exeTieringEngineService.exeAgentService.exevds.exevssvc.exe

pid	process
4400	alg.exe
3312	elevation_service.exe
556	elevation_service.exe
1364	maintenanceservice.exe
548	OSE.EXE
1680	DiagnosticsHub.StandardCollector.Service.exe
4000	fxssvc.exe
3300	msdtc.exe
1052	PerceptionSimulationService.exe
4276	perfhost.exe
3580	locator.exe
3180	SensorDataService.exe
4628	snmptrap.exe
3988	spectrum.exe
3956	ssh-agent.exe
2616	TieringEngineService.exe
3964	AgentService.exe
1824	vds.exe
3188	vssvc.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 22 IoCs

Processes:

elevation_service.exeed042388317cc42550af074f2e16e63b61ff85cc2879175d3ed4baf1e7bbf424.exemsdtc.exealg.exe

description	ioc	process
File opened for modification	C:\Windows\system32\SgrmBroker.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\spectrum.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	ed042388317cc42550af074f2e16e63b61ff85cc2879175d3ed4baf1e7bbf424.exe
File opened for modification	C:\Windows\system32\AgentService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\vds.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\wbengine.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\c0272699b3e2edcd.bin	alg.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

Processes:

alg.exemaintenanceservice.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	alg.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe

Drops file in Windows directory 2 IoCs

Processes:

elevation_service.exemsdtc.exe

description	ioc	process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

SensorDataService.exespectrum.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TieringEngineService.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

Processes:

fxssvc.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

656
656

pid	process
656
656

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

ed042388317cc42550af074f2e16e63b61ff85cc2879175d3ed4baf1e7bbf424.exealg.exeelevation_service.exefxssvc.exeTieringEngineService.exeAgentService.exevssvc.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	1244	ed042388317cc42550af074f2e16e63b61ff85cc2879175d3ed4baf1e7bbf424.exe
Token: SeDebugPrivilege	4400	alg.exe
Token: SeDebugPrivilege	4400	alg.exe
Token: SeDebugPrivilege	4400	alg.exe
Token: SeTakeOwnershipPrivilege	3312	elevation_service.exe
Token: SeAuditPrivilege	4000	fxssvc.exe
Token: SeRestorePrivilege	2616	TieringEngineService.exe
Token: SeManageVolumePrivilege	2616	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	3964	AgentService.exe
Token: SeBackupPrivilege	3188	vssvc.exe
Token: SeRestorePrivilege	3188	vssvc.exe
Token: SeAuditPrivilege	3188	vssvc.exe

C:\Users\Admin\AppData\Local\Temp\ed042388317cc42550af074f2e16e63b61ff85cc2879175d3ed4baf1e7bbf424.exe
"C:\Users\Admin\AppData\Local\Temp\ed042388317cc42550af074f2e16e63b61ff85cc2879175d3ed4baf1e7bbf424.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1244

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4400

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:556

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1364

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3708 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:4520

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:1680

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4180

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4000

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3300

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1052

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4276

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3580

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3180

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4628

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3988

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:3956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4292

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2616

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3964

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:1824

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3188

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
PID:8

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5096

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:3876

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
Filesize
2.2MB

MD5
08fdd74b94c6ec3e7c42880b656ba501

SHA1
c4c2ce9ab3a05e32d4df46a384010b0b4ed214b2

SHA256
7cf7f63e82fed7d130419686dc228c5c31f85eab9fd0678b921117b4d779ce91

SHA512
c756c8782ae6c8014814a39c844046478b5d49ad4ede023598f777adf75bdc835241862645e818367a392a9d10e65107b11cc061a1ce55e1d9f072de1837fd11

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
Filesize
1.6MB

MD5
e57e7f42b4df7a7d45a3a91a7a0b1d15

SHA1
c8d18a4e472964778dc6cad8bae4967971b23645

SHA256
da9a49fa566565e31d4698e212ac76bbd0b25465d0f9a5c70f45703aa8a04614

SHA512
c48942f952cd075180f1b13e582eb70f59a247ff1e7dcedf859607ae27e257d56469326d1d077526e7099f4a6a3474cf489bd7b601f144880a2fc53fdcd005ed

Download Submit
C:\Program Files\7-Zip\7z.exe
Filesize
2.0MB

MD5
c7dda83220e6040f938e11eba275c28d

SHA1
d56e09b3ae30b430e36b55612cd79aecbbef7c76

SHA256
6389b6a6741bdec472dbedfd94cbfaa02ded53fc6614ac1f1a07e82584583f72

SHA512
996b9eca0d6be65fa77a2e3241e890eba58f4d3b141308f7cff441989596bcc9262db2e010fec83e27c9560805220b794f40693f71bf93aaf566955552d1f051

Download Submit
C:\Program Files\7-Zip\7zFM.exe
Filesize
1.5MB

MD5
2d5de3fab1c3d0552e7e06523c6f98a2

SHA1
09b643131ba929904719fe1245cda02d9b192d30

SHA256
e16ad55c53e17f330f50b75b19f2597aabb2483ff43a472b828eb8b38297484d

SHA512
84b70081266bba241635ff004941512d9760e45277e89b2b0788158b810024c321531cfc4e08ea7244038ee03aac8bf04057d8756b7f42fd2b0500fac25fca4a

Download Submit
C:\Program Files\7-Zip\7zG.exe
Filesize
1.2MB

MD5
b4d5287ef333b27b3027373eb9ad9b60

SHA1
991a8f604517b8c9f37f6af202db391424859bb6

SHA256
712c1cb294f19e87a36c955d5373a844a4c37a37b057043e62151cb3e26cf256

SHA512
43fad2778cb7ede285bc2507af16062cd50316b93a4c4d8f20e2550d0c6f233d922b9d89f29b81fbe0d0b37e9a61300abed227338111c8f24614cb430cd290b1

Download Submit
C:\Program Files\7-Zip\Uninstall.exe
Filesize
1.4MB

MD5
d133491390ae3ef705adfd4526b1ceaa

SHA1
e7708a240b65dd6c97a0fd6b5121e9e8ae7839fd

SHA256
2b956c2992111072c53e16c8b651d085d7d2579c92ad2c362046210397379146

SHA512
3a5c00d3de477af914e1396aec132c20a1698b8f3e2ab4c9ac266bbdcf2dd84d8f36532beffa4ccf1fdbfd88f234272a63c77c8091218fd12188f79bd1dbb4f0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
Filesize
1.7MB

MD5
70f0ada5a49ab8edda4be43559826bda

SHA1
37f22703d387015afad051ce39a6b62820f38819

SHA256
a48554d4e454e4deff74c47a438aeceb8c7b28642116e5f49973038d42b25d28

SHA512
e0bba8cee4dc1f59d0b342b678d458f339b900bc2aebb5d0f3f3f0b58e6671c3ab516fd17175265c57c139994ae05ef457b66edc1ceb03541b8bbd018aadd1dd

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
Filesize
3.8MB

MD5
6be6fa8af53c14b438d1bf49a42356d3

SHA1
bee25c2ba0ad1c59bbbd593e83b166215130ceac

SHA256
59bafd15972a0051bddbc5ea2188235e982aebc6e91cd5215f070bec88fbcf97

SHA512
37810f280796ea61e2506b6531036656f26847b5b615482fd8c958ea81dbba525804748e5a4f8c0fb06cf9ebdfd6088e6296a3d88d8b6c5fe755d78f80c427ec

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
Filesize
1.8MB

MD5
5a02d940bf7872452948c79e209c1f1f

SHA1
58386d4079799dccdc74a82451427c7551911618

SHA256
0c4826863c7d47ab9cc286356bf0f32ed9d88d2af973b6ee4e197dfc3523d0b7

SHA512
a3054c74c2024c7a6af1adb546702612bf6e58d142cc848ef3ca30bfa6fee88a920443b1c19c214abec6ad5e1e9a90cc35bbd5f1e46ff41dd4cf2f5a997dda24

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
Filesize
3.8MB

MD5
fafb754999734a33b9c551ed0f709991

SHA1
a0d43a0e1f039914fca1559c8d635db3892ffc71

SHA256
bde189f68e1dca0ebcf36248110e9cc2682a8b7892bdfb3818d3f9badc865a61

SHA512
3905fc21772b2b69da77d84000fb685b3bf9e84a65e7067ed05051779378bd70412753f53d650d613352f44d10853d107303e2449565eadb66850615806fad26

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
Filesize
2.7MB

MD5
fa4445f8af20e410a652f9bc88cf825c

SHA1
85205b0d8b350cd963621fadc711dc574b4eb208

SHA256
3acd1b1cc3bd9b7d011ca5d55fe8d237040667bd23dd441327169de2afff77f8

SHA512
8023bd6b01fc1474f65214428823bb324aeb6eef0b3062b38457d6349ba7150fa313e4f2cc800b2d863bbeb9fa9cece0e7beb2052f1026d17088b07fc0de761a

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
Filesize
1.1MB

MD5
713c7ad2a0105eda452e3eaef7e2b112

SHA1
a932f28bea69e0d8aee94e8bea56f4b73f8e222a

SHA256
44c276968a36a9b72b49b3497f96a8e0859b0ea5692daba6880af069df7a5620

SHA512
94ccf764425df0594f659672480957cdb6589fab5b5079e737f966452d2c8faa7e9c0c7deeb4ccdcc9f8ea8f0cebb0a48630db190bc985faa28870840129c651

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
Filesize
1.7MB

MD5
0bb34db432365cd58ba0fe097375a9a7

SHA1
30e3798e9460b700cbc5673fed8bbcd49ca8f6f9

SHA256
dd7c3b6169123f116d03684f96c938b21270516b89ffb14506f918ecca682b5c

SHA512
d390c3a5ed343fa92fff1400d582e93ff2fe3dd0c3e654d4d6b3ad600d5e46f2f5317e907ddddd0945aafbc82f9d0db0a609f0b86a3f8629b859949a9da2bdcd

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
Filesize
1.5MB

MD5
5d886032d3a3f66d9511c784e589d497

SHA1
b195108b62c2330335bc415b1a19a612740e0e05

SHA256
9e9eccdbcff9bc3b507ae4d59df3eb711e6d8e062ebfe6cf9008ff7443be50d0

SHA512
37b536df9ce44d8f5df1aabce808e4dffc880e38947dff5cbf10000546f50a993482d30b9e10a442ef2bd62a0982e5ea11fe7362555f6831963f36d079ca10c6

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
Filesize
3.8MB

MD5
c8ac11799412e857f91c96d6d6be4fd7

SHA1
4a3e85ee8cd2f4725b78d1b028e02aa1c5ff7c02

SHA256
ef43f9fa82559d0f25865ac4b439195a619efb0f1275ff15cc7c88337c05f6aa

SHA512
a7a72474fd052edf94313c35f63aedfae113594ec989495fc4fb069c6316cfd572fdcea8e9c98b04f09c81cd277eb1bc2fbe3fe8b43795d9a629a031065a8717

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
Filesize
4.0MB

MD5
b14c6b6853b999999d83b3cda086d38c

SHA1
7d6fa3e9d780ef8680450b5d09b30d41d43df0fb

SHA256
ffb238c7a6c00883ca97906ca5ce954ad98d07f8ebd7fb22041255264162cac7

SHA512
c6224ad763c911b41f6f445cfebeaed588628b099a257a956770c0c0263c808e1581d8f0b7092176b05f201727bb9b0bfbfdf73b83d2e4cc0ab553f47eff26b2

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
Filesize
2.2MB

MD5
f422aed71497daba65fb533c5bb38844

SHA1
cb030624b7436d2ca1dbd0e7bb2eb382728a508d

SHA256
65915abd5ac3cdde81755a5e678815b281656f909d9db82a14ed7b8765bf1cfc

SHA512
42bedf001ff5bd3b31980ce8753dafed7a3194d68bfc2ef26446d20ef1bec83461388a9a4c053f2e3f372e28f9e63236c4bc1a15b0581897ee2af5337573a5f8

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
Filesize
2.1MB

MD5
af05bb5e1f4a13ee20d0095d7e90c02f

SHA1
93667f201e963459c1a08fd07f2f344f86ffbc49

SHA256
aa4996ce138c51fccaec2d264d2544d9ed52ee6080ff06710f1f635eba91d750

SHA512
a8886920f736aca265123f26ca431ac870a3aebe0f60fe25301ade4ce5065261004063b466be65da12432d01cffbb50774c74ffb6b3ca7fcc8b0f733308cf9ce

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
Filesize
1.8MB

MD5
17bccebfe4e669859ecc5fe1c3c31697

SHA1
be4136b0d295ceb60de5d621a35fb7e26e75a3c7

SHA256
345ffcebc3205965d1c228612052cd897a834ee75e577aad2f9e7366f8c838cc

SHA512
982ef648902ba78f0f0c5f87333ece3d441dd01e9a886a33e991b468c49048c6d8ca7c64752b94ca1512c57b2a570ae6486919125baa6f40ecc9e052c7b67b7a

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
Filesize
1.5MB

MD5
399a0299937b7501f78f2c632bcc35ad

SHA1
f00b50b93e0cad9cc5c3611bd409ab5c078270f0

SHA256
1c8c3a8d187a0c7ce9b919b342588a464d8e56af34387555a2b18f0903134384

SHA512
0756998be4fc29e854d9a3fb0bc779ab73d8f158e1c976bf98b9f88c9bc6325d7447379ee1983d19e28326f96d930b2e7d6b164f782f6e6da873c4063591d01a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
Filesize
1.4MB

MD5
81ac193d53dd7b9c4757c52da7ae3a68

SHA1
e74bb08670adbafca25c518ed16213c024222c35

SHA256
db438169616fb5732ce7fc447e1d11de646d97ac29f941cfe2f512c47d67d09b

SHA512
596650ac5735666f2ef4bb19fd9f46eb42d16b6ea9ae3810c4659577d294fa2bed0dbaeae68de64df18aee761a87c5a69a6a7d9cc01474cb3daa1dcc7eff247d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
Filesize
1.4MB

MD5
d6ffec22a90f664e8198ad2b6cbe8845

SHA1
edfcad9758790528dd941d15730de9657725b5f3

SHA256
b6d3bed1d6e7ea148f69374461ceede9a702a1a3a7e601f5be5b1dbd5a3cfdd3

SHA512
89c83fe1a25bb5e817516b9ddbb6b0434a07d25c0708c27be12536e94b25b60ec75cf34d9db42ac3f79726ea697a297d646866535224192db63f44a8d96fa66e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
Filesize
1.4MB

MD5
47ea1a1952ce001aadcb3bcab2842945

SHA1
01cf49831542b678f44df453252ddca9431ccdaf

SHA256
b1bcb360e5a1faed2624e509645103ceff28daf7a63a5174318e1cb4ec2ab1b3

SHA512
017e425119d42ddea4f057aaf3045396753b1f04ec56515e34d0edf6cf17c7af0e2b4e59a4a00fb9518900e2a76aa32f76eda96469db2210e5d147413886dfca

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
Filesize
1.5MB

MD5
b5dadf3e6f543b11724f0b5e4a86fce5

SHA1
6cbfcfada5e19251ae55c974b1bae13494b24170

SHA256
55a9df768be5f3415e08e484bc8429f3e95d078d10189b11441d63ed10cac6e3

SHA512
436983d5fad8d6b0788ea298c29934137eb511a9d7efcbc601086db65e1cb13ab1b2f8ead289d576ea9282f885d17406064e9560cf1d1fe226bc1f65e5158a55

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe
Filesize
1.4MB

MD5
ab4bcfcdf1f7c13affd636c520af14bb

SHA1
591b579c76881d03502800eb5a2576255f2e4069

SHA256
b0c4a11e64031131b3099b00ae433d1a7dc3b504b09a9f99596561986fb85722

SHA512
a8e1ae455a7b08ad7760af35cb31a7a274de8209c2a3d83a752811889b09e6814f11387ba89d91d94bcde75131f642c2f570fab9b24a625ad16f10793d6a58f2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
Filesize
1.4MB

MD5
8d67b6a8536d00cfad916d7bb36d6684

SHA1
16da92031b1398bb01057373e9d526f8488e47a0

SHA256
0ffdaf39dcb87851d90f445412384943742543a9d5d58873fa5047f72f9351a2

SHA512
cba6acb9d0c580429267082dd6a148b35b79fe18802115210d7cd7c658f8e869db6e90277d9b6a791b8beef631a927fe74d479d420e13357a49f32a28d7ed315

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
Filesize
1.4MB

MD5
bdfae35a46da9176aa585356b052602d

SHA1
9cc2065a418279e1bc787660f9d11302b3519e21

SHA256
dc5412939c3238503cd1c444c706bb59bee08609f1242ac37b81d5ca3e87915b

SHA512
c3612158ddabb249731a63167d701edcd6ca8681bd2e5aabf431d02cd2558825942f1c32e68db353f802834fabd0e12e70139e4e64aa02474a12a359e22dbb8a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe
Filesize
1.7MB

MD5
e0f22f4cd0ef155f44d71910864d7e31

SHA1
e4fdf00a7f2c2c5705742a4033c94f132c208c9e

SHA256
41c58dc612bd32ee29aa95551c468c789f4867624454ca7cb2b2077f4150f4b0

SHA512
bc2dea6db73d01571428467a0c744503b2aa86806e0ab26d1f69175f813b77ad917693952a94c4f8ffd1ba5f52b496ea6bf419e1fb808fa7a4e73071fdd5c64b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe
Filesize
1.4MB

MD5
4ce6f68a7e47e717a3b87076e23438d1

SHA1
2cea76ad964fc3e5500e3f17a803dcd93736d299

SHA256
826c29739723674051e66d29a85f87aa394275be3595794f7d0a915f4a9b31a1

SHA512
c5dba67f638ecce125519b73baa66f83bdc06914502d58f0a8ad42ecc483b91db4b054b550f2a0c69755e78151fd5cc336f9a6dd581d950f705d3f467b33877f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
Filesize
1.4MB

MD5
414568571c5aa80fffe1191fcebc4aaa

SHA1
a6bc874c56064efe043634395dc860988b579f74

SHA256
d9e7179f05c6c9709aaac26aeb7a7d4e76547e5589ebe958a7da79ae91d45972

SHA512
a2bc97ed7225eb01708ea380b51ec6d36bc01dfef773277d2ce0bf80508a6ceec827f5280738ff6108d01705af232145b6978d8bea4c6d7416f417bf375c720e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
Filesize
1.6MB

MD5
1dd9dd4ff047c304342a08d4f39ce08f

SHA1
05deff3caac92db8567f7816a4ba3b9906467e02

SHA256
2ce125e40a7b0b11de0b5bff7e831d700d089037fea7a3a3ba3d460b43e73920

SHA512
66d88e86e7369d87af15849aee1d1a9107d27752911ba2ee7383c0dc5025da140efd980ea2ccb2ea2c9714117e0847181134bdf997fa23258fa6e0b98a6eec98

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe
Filesize
1.4MB

MD5
1069d4a71e1a14ab5d7b95c9642f207b

SHA1
36f79432499791c44d20524a70aba254221c0a83

SHA256
82f605ace88d07985a40cb78891c686b30acc94c7d0821612380745ac1df14ed

SHA512
e81d4d7555a53f2bd7d384e7c36f03d0e31ccf6cd865596636347bf0ee16b9c96c29fc842652de0f2b496b2cfe6280ee4221e330b90272e18d48ff6d661dafc9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe
Filesize
1.4MB

MD5
cc6c62b423b77c71e16e2d0080109a45

SHA1
993e430645125193ea4ceda7723023b1560673ef

SHA256
857ac9b64e00554f7c93b37547d8e06431ecfa65cb466cfae98473787d3bccee

SHA512
0af3c5bc55fd898279c36cddc1b660d3fbca859b86ab6e85560e015ee07d8bf09cdf3fd45962b5e14c91ecc05b6b8fd8a02fe96d31bf8dcc019353ac6f8d56ac

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
Filesize
1.6MB

MD5
3b9c2f32645e0f80b4d20941dba8443f

SHA1
52a6be2395508ac0bb2e6c3e12282021bfe8a9dd

SHA256
b8e7f667aeced89a7d0e3aabdd171ff9a684dafbfbd693ea4e1aa0065ca297e7

SHA512
685264744702dd51e7d40d5e67ed75e6627b11fa94b9a7f3a39ca367a3e8d6956f423798ab122b4520eb930b7e638820df8dc2b1ad427da809ba3ae1c07fc1e8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
Filesize
1.7MB

MD5
c40cab792857514fca427b8a4ccd294d

SHA1
025a3273eab302d6ca482b2c35cf9007dca80212

SHA256
bb384d8b0126d6fbf25826b67d77ac8f1639ddfe0c409289db59fd34f59188e8

SHA512
ee4854c55e15fc90ef2af7f729d0223a46d480a37e2217ae7461bcb0c9eefaf5c7821c7289cf96198a5d22f77c163e09d920b3692785d72896aab20f60876c5b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
Filesize
1.9MB

MD5
1382e7e35ca56b06dcda7fe8743bf4e2

SHA1
0954b1077fb0ce4ce2f9570d793ec91ecb62f225

SHA256
759fa8e04fbf3478df0e49c0cf495dd4a624436c8908eafbc44ad20596903cd2

SHA512
5d463c6c49b04bd3490e8887be2852a2fbed4124923e678e529416ce90877a2091394981279806d7320f419ef86d5b8af99f2bb131ff09fac2db5888271752f0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
Filesize
1.4MB

MD5
7d900bf95beb35aa7331e7d8a06768c7

SHA1
7df050e99c7fed075f7f79abb01022fed7d938f9

SHA256
6581cdcf169fbfb6c18831029f7dc50a68d70e3f036109b4d0772b16aca22d6d

SHA512
444bd95d8f04a9c8e5fe312827f2ce4311ba626a0e1c0ff9467edc906dea5acc733a87070df03a37d97485834ddcf41aa6492524cdc4a5d0df7255e4d9b78837

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
Filesize
1.4MB

MD5
c09fd0fb4e0e5cde478314042b9df101

SHA1
6ad9a5a00085d32cc85ac29b9782d453ca0684a0

SHA256
13dee99bac3a68c7a065142dd132827026c6f7c0b8069e3b89d9ab62b2251f1d

SHA512
e0e7342eeacd79b3e2bd049978054776d5c4b4d9ebb48b2ebdb7e6a9feec9ebceb179bf30af571123982f68219727635fc2f1735d7ea7b97c39f772b87cb047b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
Filesize
1.4MB

MD5
f6700f9c33fcf80e6eb37d8c3d0c29af

SHA1
e270b74db7e20d5743f80d92c81a6c26ea1fa8ce

SHA256
545bb00ddcaae365f1923734cec046b0b7f9343c0c38b8d436662376d72103ce

SHA512
ca567258f01cd5ee74ff375139d3b8cbd72ea822c383d590e0cbf6ec84ae358f0b84accd4fa0217b76427f76cb01a69c200f8cb6c7f26b4d48e87533862a5566

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
Filesize
1.4MB

MD5
c89a7711e005ff35679bec664fa39a4e

SHA1
d325c0065990b8a31d6711384eda5e3dc1c34e50

SHA256
cf80f6c57e1a8d2db0a6ec2fbe5ce5ec03a47e59001b3a14ab4f50bf44c30b26

SHA512
51e93aeede783adb581ed62656b0608bf0d32ab599ec53dcf8ec4fec10568d9d85f58804d4f443da8a6c1c244295d1302ec0e3195b0c8db4e31beb84fdf24123

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
Filesize
1.4MB

MD5
2ebaea39318ff97ba549556a7f623d9e

SHA1
dbaa66a2ebdb74408316ec2f826c66130f7b912d

SHA256
7e407c76c8674494936ceb17dd1b9e8f234eab1eace1b39c810542a735c14465

SHA512
6f44447f3643df175eef33de28cece4682945ee78be275a1d913139a04a928d513da92a309507e6684b6f4fc5ec1cc114dcd3cf1807615e5cdafc678eb61b7f8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
Filesize
1.4MB

MD5
2accfb165a230765887acdbbb3f53809

SHA1
102f5d8ced32e29000a0dd25191bb7e0befb0ff3

SHA256
35ab77961f3c70570d9958e1338bb8488056f4ec31b5190ec28767a405a63003

SHA512
a41ebe667d7a4f1309d1996320d9d070b61466dc3d9b3f83e833279dcf76944ace702dfd8b4c65e8b7c542e27ccf63c1762b6b7840e5cc5efae2963c203a22e4

Download Submit
C:\Program Files\dotnet\dotnet.exe
Filesize
1.6MB

MD5
891fa7a1d9b82b4a75f22bd4b1d45849

SHA1
125e86536dd066a6b1cd3c7d72bdc134bb8c7975

SHA256
1ad774ccb3541ecc9c4eaad664347b9c71284c26a65a83e4aa209560e57dd0a2

SHA512
713c4bbe536ac7c667c1bb4c051e234cd15f2e4a99b4ebf43de6c5f14b863067c67cc872d2246913b41ee00786a7d651d5d0deeb9b1a08bd7ed374b771e2d702

Download Submit
C:\Windows\SysWOW64\perfhost.exe
Filesize
1.4MB

MD5
688109215b74be231df0bc5b25bd831c

SHA1
48bec92f48faaee2aa1db5407447929bbc4a106a

SHA256
99ebdba0612fc38f673b26637d8785de5c318f61eb287d8a67899dac3af77b81

SHA512
d30bf88a229212415cbad973764efb985b891e5fc12e885bd617324a07273e06ca09e00ae2cbd257095e02d9ae18260797ae5ab776940bbc51e9fa61915c5568

Download Submit
C:\Windows\System32\AgentService.exe
Filesize
1.7MB

MD5
2f4a9048fc900ed98dd69bf7bfc1d6a8

SHA1
ba4b6ed280826d4c6f7499d62dccf503bab53c86

SHA256
24fe2594076583bba564258133a67309d0b6c9c7252ac7522eebc0c682a6c7fa

SHA512
15aa6561fafee4e4c37a64c1873d0e4011b2a9806d6c5b91887a48f280443511728e8101c8e2a03dee8ad46bbee1ad1627dd684003ba9591c6b29b2ad1dc82ee

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
Filesize
1.5MB

MD5
a2ca09240d2519422c191d223c896d66

SHA1
077d6b2002174c936a289403f400d59ecbb874a9

SHA256
f691f0344730ad4574dd274fa275f27df6c67539c855b0daf7ede87e8a40c98b

SHA512
11b4a7b182b09ccf7af3f4c3e1166ef0dfca433f9e48732753ab050451e56815ecbf7e8ad12c20e6eee21afa26604b4708575391a858e5b4a5afe71e0611abae

Download Submit
C:\Windows\System32\FXSSVC.exe
Filesize
1.2MB

MD5
38133848df24bb462fca8c0c765017ed

SHA1
a3e94e9f3e91f52414e386a9522cf82913d1b9f4

SHA256
ea1e6f72b81d628c61a694a672660e6256109d6865e48df45a6e1963c441dae2

SHA512
51645ea61c0fe2cb5c5fdc7979bd8473919cf9b7937e086ec9de51c489419043513268a2394093400212c2edfc5f35f90b272dccd8eef45ff6c2c4d427447aee

Download Submit
C:\Windows\System32\Locator.exe
Filesize
1.4MB

MD5
200dd46ee739483f0e1c6a88d16a8097

SHA1
80dfbd0e99b01f9d2b6c0d3a3c46df2fc52eae6a

SHA256
0ba462d5125db6ed8af58cc523ae8f19a381a749635247f7c48d0d91684f5071

SHA512
de7076fa5af7cc8591a04efb2ac410dc35863d4f335613ec4e850b081d742fd52826883d776b5952e3553e0f368ccb660d759f230bb473a628d98df1e0cac9ef

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe
Filesize
1.8MB

MD5
51f855faf1a3ff2977406bdbbdf181f7

SHA1
e322c15677ae229c8ba385415ee8be28a7e73a9c

SHA256
5ca531adfcae9a6656c459cd4b82f0a67a2f2e28077cff65797e3364a04a7f56

SHA512
26419f0dfa013ada8f2e55e0a0a090225e32e5ab1212e631c2ab71b455c10e8b5450d588ead25aba980a915bbd5410b3db9c5f6053dc15f5b2c9667de064a318

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
Filesize
1.5MB

MD5
663f181580c78ec623dc26e18c7d6d03

SHA1
3dfa53a8e0c84536abb5f9961bfbf41175d89e85

SHA256
a9e5b39f49dbe446c38b19c0f4e638003880a98dbbee3af3e188fcc0fba6b1ef

SHA512
43821ba3e9683070e5d8ce0e32a54093f73f40cd1ca15c013801d1b8930edb87a349a2e10c6e1d14ea820b36bb3736f1ee2187590edeea86e8daf8f853b60def

Download Submit
C:\Windows\System32\SearchIndexer.exe
Filesize
1.4MB

MD5
3e71166ed188cd85e8b8325c80c36ab3

SHA1
4dafd07a823b55a6e2c3a44233fe63f8e545fbad

SHA256
ea7a8ec8c01148b55aba0cb7bfbbd53d33e52e9520d98128398b6bffb5520c47

SHA512
608d639dde318508775d733f768996c208db93ecd2f91b37482947ee7f9716c521359e5cfd53101d6360fd184553f5d12c50389d333bd371376340920396e1c0

Download Submit
C:\Windows\System32\SensorDataService.exe
Filesize
1.8MB

MD5
a2e11eef9524e22fc487f209199127e7

SHA1
33c730d69ff6b1993aceeea216babb7a4e29e659

SHA256
b11705a25a71cc344ed47ab098b9b982fb6e8e8749414beb8b55a27ed0b3e970

SHA512
d96b0af6b4020e090ec4fbce079a0fa9ff4fe246bce30aa92e64d76a7749872ed9961a40a3237c40a7856641aee38c36c24dbac4b04445e6a8b7fd0c658b2b4a

Download Submit
C:\Windows\System32\Spectrum.exe
Filesize
1.4MB

MD5
f586c49f64b589136a346e3b4704448b

SHA1
0b693752aeff722ae6392722c48560ed0b051f20

SHA256
d1612617f2ec065f64f61fb573a7b1501fc5e3e4978efa04bf5d0e8444f761b6

SHA512
55377be7b10c1dd6d44c8796d68704d03cf2b4f78b6af8497d8c8d6fe8c2279a5fa7b8477a9976567e3ab88b1dd2f824c3e65662f8d00493d838d17fcae41c84

Download Submit
C:\Windows\System32\TieringEngineService.exe
Filesize
1.7MB

MD5
4a8141dab3d5ef8577d03b5e8011c94e

SHA1
16aca04f302621dd27a26d1b948226599e0280f5

SHA256
9d208006d9717263bc990b367fb3da5199562fc153df8bb0f1fba4d271960aed

SHA512
faa9cb04086f6796f3391905494dc728cb5294b11bca2157ec88fe85b8153bdc082f688654da08e13bc34ff87759a176d33ad121576d33345dbfd79ab4786b7d

Download Submit
C:\Windows\System32\VSSVC.exe
Filesize
2.0MB

MD5
8755a3550c1677adb25e1e625ef7cd65

SHA1
9a2b1fceca1d4844ba6b7e0b25c79b207a35abba

SHA256
40758e22703fce4a938a3bcc85f9a3a91d9142b47ededef95bad432231534848

SHA512
f4ecbc51a11b448795ba781a5cc767c0d4f865fdc427268e0d34829467d693472f52e978d408852b492017b7fc4b0a0245ba37889e37b2df69da7637acc4e714

Download Submit
C:\Windows\System32\alg.exe
Filesize
1.5MB

MD5
c181f1a1541950cb5ee4375075c6be05

SHA1
aa74abc10a36ce1274c4fe8541582f64ccae5b79

SHA256
ef3df7f189313e75962916a98d03fae722209e61b14231d81a5a45a13b632bc9

SHA512
0fbc159e3124a88b415203c7424eca4ac8b19efaf9bc669b1851467bd31b045da6d6dae14ffedc7cd71fdcbd166fcddb3f91597fffdfad8a1439796842eea1ab

Download Submit
C:\Windows\System32\msdtc.exe
Filesize
1.6MB

MD5
cce217d8109b4d8f0c12a7b00d24e865

SHA1
ee1c7d42c11f3f1d3eec3f9b4b10141aa81d2993

SHA256
7f4cf295d0a847de6897bf6b85dda7f0e584637051ee425ea3990fc14d411d7a

SHA512
fe74509ef9c6b3bc9488a1ccba84519650f0a8c8b210ceb619877bdf5c97df60334c76620389f80a937806024217fe8444eefd4597c7e7a4ccc068927275012a

Download Submit
C:\Windows\System32\snmptrap.exe
Filesize
1.4MB

MD5
852d46bc1a458f5dd0cbc2d13e6258c4

SHA1
3a1dd798a2c2b44adbd17af9f8700252d4665efc

SHA256
de28fd5bdba5180245acdf0ebf905ac0cfb3004df9f03f40461bb5a64e8752bf

SHA512
92bae34311bb57bf8a0b1d1e53dd19e3759786bbd082187a6ddf1dd9abdb5e40e99fb37d7e4871aa72d25ac9832b51a532c425bfbdd4c418d3481815d4d23c32

Download Submit
C:\Windows\System32\vds.exe
Filesize
1.3MB

MD5
a6644977475e4c5473ffc9b51af82ca8

SHA1
5b7666f8f6c81dc01b038960eb5db112516ca885

SHA256
661f70ba729313b7ac374d6586277651f1e95978a853a82e76c9b424634bb353

SHA512
023f2c0385586e3662d72dcb3c1efdf6d922a024389dff42d8a1f465be276216b006b55355d56e409fce0b870d3cfb498246f33dd68e5fb9074e93f0ceb48de9

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe
Filesize
1.6MB

MD5
8df659d17a5ba59092b2d8b7401be368

SHA1
9522bf3ddb6bdb23a92831880bd4c31c9e350e8c

SHA256
d241b940873fc882b49810bd830c2f95653eb65e2389e48e2ce5b8a85f349437

SHA512
516aaf09db5dd504555cd22eca2f282da6ad705f29ab3b67e74bfb34746df793c564806f60108eeaaeb344de1f1a6952d8faa9185ad6d4f6dbad7f51d485dd4b

Download Submit
C:\Windows\System32\wbengine.exe
Filesize
2.1MB

MD5
818bba5b22f09205cd8918301fa00df5

SHA1
c8d343e3d5648fc0c3fd342c8f4657c8e698d0fb

SHA256
e88b919e7da26aba992f28f9f9bd805e2afa7c6c26cfbd7e75e760049c4022e7

SHA512
62bda357b8c52939ff3676d4d32b80fcd7673674aba8396a07814a83af5727e7b7812cc89ab9287b858e5dcfbd4b5e3d382ead1f84546cede2a955d927bcc26d

Download Submit
C:\odt\office2016setup.exe
Filesize
3.7MB

MD5
49980976b59f1235e3392025353b0f76

SHA1
4ec6aa68b8fb57f8a995209dc6b0877816959d6f

SHA256
107eaa11383296f1a806f2fe31f38b51d70b51592cb843d4a3318bb24e4129c1

SHA512
929904a1362f11c437e1a8a7c599ad9fcaf71a177ef447ad6f9bbd8fa82ca86059903c57fb3302596e46caae6147fce25fe951bc21bdc44e1fae040426140763

Download Submit
memory/8-415-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/548-213-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/548-67-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/548-69-0x0000000000800000-0x0000000000860000-memory.dmp

Filesize
384KB

Download
memory/548-74-0x0000000000800000-0x0000000000860000-memory.dmp

Filesize
384KB

Download
memory/556-49-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/556-48-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/556-40-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/556-209-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/1052-283-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/1052-402-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/1244-0-0x0000000000400000-0x0000000000595000-memory.dmp

Filesize
1.6MB

Download
memory/1244-1-0x0000000002470000-0x00000000024D7000-memory.dmp

Filesize
412KB

Download
memory/1244-6-0x0000000002470000-0x00000000024D7000-memory.dmp

Filesize
412KB

Download
memory/1244-23-0x0000000000400000-0x0000000000595000-memory.dmp

Filesize
1.6MB

Download
memory/1244-7-0x0000000002470000-0x00000000024D7000-memory.dmp

Filesize
412KB

Download
memory/1364-58-0x0000000001A30000-0x0000000001A90000-memory.dmp

Filesize
384KB

Download
memory/1364-60-0x0000000140000000-0x00000001401AA000-memory.dmp

Filesize
1.7MB

Download
memory/1364-62-0x0000000001A30000-0x0000000001A90000-memory.dmp

Filesize
384KB

Download
memory/1364-64-0x0000000140000000-0x00000001401AA000-memory.dmp

Filesize
1.7MB

Download
memory/1364-52-0x0000000001A30000-0x0000000001A90000-memory.dmp

Filesize
384KB

Download
memory/1680-364-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/1680-246-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/1680-245-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/1680-252-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/1824-391-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/2616-365-0x0000000140000000-0x00000001401C2000-memory.dmp

Filesize
1.8MB

Download
memory/3180-439-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3180-525-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3180-318-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3188-403-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/3300-390-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/3300-271-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/3312-35-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/3312-36-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/3312-29-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/3312-196-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3312-28-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3580-307-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/3580-426-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/3876-440-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/3956-353-0x0000000140000000-0x00000001401E2000-memory.dmp

Filesize
1.9MB

Download
memory/3964-388-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3964-376-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3988-341-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4000-257-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/4000-269-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4000-256-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4276-297-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/4276-414-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/4400-178-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/4400-24-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4400-15-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/4400-14-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/4628-330-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/5096-427-0x0000000140000000-0x00000001401A6000-memory.dmp

Filesize
1.6MB

Download