ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf

Analysis

max time kernel
0s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
Size

4.6MB
MD5

b12c559d2a9162b7dc2ea61a522b6a65
SHA1

4a9f86567eff6f44b519a1a80de2ab85612fc98d
SHA256

ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf
SHA512

1ae275a9415ca7a96f420a083b191aa57e81289ac116e9ff6cc7271f84d2bf8813550295ea6fe6fe6a27054d552b605129dbad22801156b8a366fbd9753cb511
SSDEEP

49152:XZZ3v2piy/Gjw12Z2KWUEC8s1gDK1zPuWDpXGMKpBQ8iBjcDoDLNnrFclC/qtBkz:tQC3pPuWg8h8w5GJnRG

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
396	alg.exe
4228	DiagnosticsHub.StandardCollector.Service.exe
884	fxssvc.exe
2768	elevation_service.exe
1332	elevation_service.exe
4336	maintenanceservice.exe
1084	msdtc.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\fxssvc.exe	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
File opened for modification	C:\Windows\System32\msdtc.exe	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
File opened for modification	C:\Windows\system32\msiexec.exe	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
File opened for modification	C:\Windows\System32\alg.exe	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
File opened for modification	C:\Windows\system32\dllhost.exe	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\a4721131bb5459c0.bin	alg.exe

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3564	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
Token: SeTakeOwnershipPrivilege	3152	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
Token: SeAuditPrivilege	884	fxssvc.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3564 wrote to memory of 3152	3564	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe	81
PID 3564 wrote to memory of 3152	3564	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe	81
PID 3564 wrote to memory of 1360	3564	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe	82
PID 3564 wrote to memory of 1360	3564	ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe	82
PID 1360 wrote to memory of 3440	1360	chrome.exe	84
PID 1360 wrote to memory of 3440	1360	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
"C:\Users\Admin\AppData\Local\Temp\ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Users\Admin\AppData\Local\Temp\ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe
  C:\Users\Admin\AppData\Local\Temp\ffe060661cb8d7fc6158ce5fafc246ad90cf4823229f2424c9fd317dcfa43bcf.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x2bc,0x2c0,0x2c4,0x290,0x2c8,0x140382698,0x1403826a4,0x1403826b0
  2⤵
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
  2⤵
  - Enumerates system info in registry
  - Suspicious use of WriteProcessMemory
  PID:1360
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f93cab58,0x7ff8f93cab68,0x7ff8f93cab78
    3⤵
    PID:3440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:2
    3⤵
    PID:4276
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:8
    3⤵
    PID:2528
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:8
    3⤵
    PID:5108
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:1
    3⤵
    PID:3944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:1
    3⤵
    PID:5116
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:1
    3⤵
    PID:440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:8
    3⤵
    PID:1900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:8
    3⤵
    PID:4432
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:8
    3⤵
    PID:1356
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:8
    3⤵
    PID:5196
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
    3⤵
    PID:5636
  - - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x14044ae48,0x14044ae58,0x14044ae68
      4⤵
      PID:5956
  - - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
      4⤵
      PID:2708
    - - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x14044ae48,0x14044ae58,0x14044ae68
        5⤵
        
        PID:5124
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:8
    3⤵
    PID:5836
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:8
    3⤵
    PID:5860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:8
    3⤵
    PID:5872
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:8
    3⤵
    PID:5600
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4216 --field-trial-handle=1912,i,3714918048096993001,5681954958386104880,131072 /prefetch:2
    3⤵
    PID:4604

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:396

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:4228

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:740

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:884

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2768

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1332

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4336

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
PID:1084

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
PID:3524

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
PID:2996

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
PID:2652

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
PID:1808

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
PID:2196

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
PID:4612

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
PID:5032

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
PID:3428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4076

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
PID:1660

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
PID:2152

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
PID:3004

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:452

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
PID:5156

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5260

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:5372
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:6032
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  PID:5716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
b8b448409271d16baedf54d5a0bd57c8

SHA1
d520bbe08e9df0d8506dcda0e6d3804dcc0b2e71

SHA256
924f552920e2b27e8d7ea2abdcaf361804554f48657f23190ae6e5e46ea62782

SHA512
60c1813db3d7ff6eaecebcfa931273ad72733e1083c5c7b63c7c23f2f48eefa91119b57299bb402b085e6cb9583208934eabcd2f3224dfebfbed4aa9a80024e2

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
5b05d46d67aa2c116cfcf5cba471644b

SHA1
624079ad69912f9203cc3a9113105f6f89f555f5

SHA256
40f0dfd9b78d052f2d6153265e5fed9c58fee316cb6aa12918090adb17bae610

SHA512
4b290eeccfa54b8ca567777c62267747b26b5889c3945da95ee38f0f1ea04e09b13c9785c18aa1f5f28312cd1aa48cdccb7561ae607d181aeb4a471d4a28bbf8

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
446ff4500b2eba4189165c2c0a1844cb

SHA1
870c42dd362d4735d194fe721f1146743df4a7c4

SHA256
4e05a8d73b6dc25f86cb238968c7270e554075aa6be8f87ec5486040e56524f2

SHA512
ce624fa258567ab7c017ec3fa35372077c573f8d240f901579011db1111f7f4955a0d68db730f63018b360106beef08d55f8f8cb4e6906dd9e2d9ec0da4b1272

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
8370356c22f53dc2bf549d23aabfeefd

SHA1
3a84e3b11708d46af07c5a86d985cb23a9d004e5

SHA256
b5b1a95135e0ee0fab96e060e3049a323120ec7ce6e5056cae7d744e7c878d5b

SHA512
982749e9a58c2d6dacf89d2cfbd3c9307aa6c31b23213dc70e805c32146873e6c222bcfe15a50ec9427fad025bdef70c5003d8d496cc6e06db47f870a17156ed

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
6c1b86a3e4c11c13c258cdbb41d2c831

SHA1
1b3f2dc285b7a33e0d4e3c1d4fe3dbda246a3e53

SHA256
e4b2e82aed5ab601ca2eaec9eda8fa7462e5d7f5b280a669cd9abbf75005924f

SHA512
d6318ad4ec3352e7eb22a64957ad8008cbbdc46634fd5a220ac8946856e14985cbcd7f39d322c172360a6d738e89a2635545a318ca81af3f0fb8b05278d684f4

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
e932501552936d872ddbad22aa7c8df6

SHA1
0bfe63e9b546c71d77a3e77e91ec9bedf10d14a5

SHA256
598e06b6f51be7c4d35d134b167f9826faa257883b051c7c93e6705cd3adde2e

SHA512
a6b15a35fa162d5b605179b1f06946f06190be83723553ebd2546d749034d7d0bfeed8bb1e91c9c8046ac1a5863c8f9a30842f5a3ac26b5a4b563d1eaacbf1be

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
f2186fb22d55f814be7c4e2472b99622

SHA1
7524c92a70d5c4827fc8d218ca461cd515c2af0a

SHA256
d43e4c4ec68657a97a213e52eb851b9aed6bb99e3d3ca32f6379f5594b1ec70a

SHA512
ca8a79d9031eb1732f67b06e630692435f2ea172379b62a4a95b277a44d074a8a82c0f811dcbac2a401505af4af91e89ee1acf323585f51bbd9dae3f41d9a490

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
10a2bbf23c64374f1b2e1e4b954cc210

SHA1
ad29e3743b1727c0db0c6c7fd0cdf14bc3e85da1

SHA256
c8c604401277a3ce3014ff07d339f88151d6734692522da8c19b949798da224f

SHA512
c51c80422f906c8b514e652bbd8851f650f34cf25e6655a8cac57f4d641677450d77f9ee26717ecf7d2d962100ede9d055bf2a5bef785580cbfd910e1d5a6f16

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
1456e57036e97aaefbfa66ce3ca69812

SHA1
ae3abfd30603706e70c38eed0b85f8299df5c220

SHA256
c226a17ee3e93c1a4f4007058cd39757583ce46a2c2e8b43a8261d0fae373e52

SHA512
5dfa77326a032f95cbb1ef029b980c9eb1c5f6cd2a9765c591134914ad1f7e4a5ca4fd6edd99b89be0e5d113a547715ac9f109d251feef7d54c67c3635731d83

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
66be9b0bafe9be1c46384a4d36dfece9

SHA1
7a60d192b9fa2807b917834561e0bb4816c38ec9

SHA256
68bd6a620f1ca6f1add29be90309ff74bd1f583df6f3c2267e8403e5f8122c2a

SHA512
c0de2002826a35ef2f4ffcc056cc1eada6e47d3701d3f44f87e31a9914f2e08d9a11b43ff6aac0e07bb744fb60ceebfb9c797384f625fb2a89e4eabb52747749

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
222907652b0b4b5f857f62ca8b046821

SHA1
8bc8c2488c168a118cb91bb4f95923578577ca54

SHA256
21e1911873445baf23a7dcdbd0eb3571d1c316d266f8623d5c8be27743bd9501

SHA512
011a2e7126afb88582092611a1c241a9d4752568db358a5fbcfd47236c99bbd555fb3ecd6782b2ab6badd18d0e3cf1e45f72b62e6599c865ceb9a233dfab4b48

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
3.6MB

MD5
141105d216f4ea66cba506bf6e69ef07

SHA1
41b1e5e7fb79c51ced35d20743b178acdfd4118b

SHA256
503f75a87796d00fa72fdf59e2a0947be6a9652457e52707ef0778d38323045c

SHA512
25a36b34d5e1ccde580b13a1f8f2a0075e2f6abf30fed6a00e21e76e2e62c0dab9aac50151e6ebc425802a0a125f7c36d5a4925ed4f9dfd28537f5ec7aed7ec7

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
525269c70cf0d3e73411212b37afbc3a

SHA1
735b4c7e25438aab6a411ff0048a5ac37d96585a

SHA256
e89057167c17fc72dd865b2c1ba651f8f41935916a3e2448beb5c97ea02b30ca

SHA512
6fb928b9e337fc197d18d912270519ad5c3d69a6404e1f22964994892bd5b3d5c93b157d80b03de96d262bfcc6ec04cf1ca4f2bfdec6a2ac5ee1f75fc766d4d0

Download Submit
C:\Program Files\Google\Chrome\Application\SetupMetrics\0933e18d-440d-4989-bf8b-0fc90e7ec6de.tmp

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
1.5MB

MD5
83f9da67785cc65e67ff99a33c7461c4

SHA1
3267e3c9381783d67b300048eb2685fe8d580b54

SHA256
8fdb4a468e13f54a6a7c6bbd84fa9f6902520b2522bb3ad885589ae92d877d37

SHA512
7700670cafdef8e1290eef6d2412f80023f1f948fccbeda88c6915d695a93e34d95704755b762b5d5c1b5f7878fad1d2dcbbbdcc9e538d4125379a02ab1f26d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
772424160a740ab46f10d75ee3f72e87

SHA1
ce1d08ca4145f6a14ce3727642af5a997f73d1e5

SHA256
00ee43ab7fd127a5e0b86cb4db053f67544834eac165db5b54f4b1d406952b84

SHA512
920600c6e67f96b735a40de5e0c4bc1c585f49dc7e92bb07295bc0fed6b1ec3814f5813690d169d574b7184a6cad67cbf97718c224b0cd95cf7df239ab536d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

Filesize
193KB

MD5
ef36a84ad2bc23f79d171c604b56de29

SHA1
38d6569cd30d096140e752db5d98d53cf304a8fc

SHA256
e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831

SHA512
dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b12d086cf427839091715606831f1a17

SHA1
02bde976f271ba1a1ee7e08444f30d2060a2506b

SHA256
929e0656ccbc933c264508563c5600dc156284bb81c3cb5c408ae6678a34a34f

SHA512
a8b6c8958763999952cd83e3d42dae4bff163ee5e05610d7e1cb97dcf689cb03fb0c2706112c37bc3d0968e5d6610ee42871c8db70931867342d5d07fc7a2855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
37e4a443b81144e2b1b54aa8dd5f0712

SHA1
a88cb472c7fd165fa87e63486f50c63fc9e23c0e

SHA256
c50dd557af5994b53521faa032ca616482b11d2e9768e3faa2897b9b90fd1e51

SHA512
12e9e8b94b6039b87612b10bef505db1d4dde4759cb81b727b7abac42e4bff2d5b6face72317fac56f89390becd65ff6898857450102e175b48dcd683ea278a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1a995711cec380cd8a5eaae7fc9395cd

SHA1
0e1a90559d5ffedea2ee284b44254c64626376b9

SHA256
1c9e12af4f1e9e14502f0dc4a06c1a6567636d3403193a18402dca916aa410c5

SHA512
2abf26e64d5c42784cd4801fd9f0ac7d6f0b7284b454e873134b89752c1bf371fbd01243dbbcce1aa2522fa99b2c788979c1db3b646cd5c4e2678fa72a544e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe574f87.TMP

Filesize
2KB

MD5
62ef0b2d931dee49ed513961ece66048

SHA1
75ab8dd2d029abdc0701a541bf3076082b6e0c26

SHA256
2363d110b62787968a21ae43497d60d50ad3e2a713303aa36834d810f996344a

SHA512
ab8379f396349faf8b51cd6ef4cb31c2d16da749b9902654227175423872fa6d81447d28926892602644a35b30f8bcb9412ee90b0eea93108cf6eb1b8dfbea94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e2d8ef5e9f771a36ec22a5bdd1c69908

SHA1
b7568553309857db19303633d3cfeed2553ca5ab

SHA256
2e3de1a6329ab1fc23e06d9af9a7ce0583f99a44d0b8d8b249617b2b1cb4a2df

SHA512
f1e8fb1c949cd6bdc75a828941939e52669342135c90951f273b6b9e20cfc5debe912034e19174815e06f61e5a16e95818317a1458e3920423350c7b739db057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
8ad11c9d1d28722cfc74004740ac79d8

SHA1
a2759bd79102fdd3e409ef3a010a84c8cfc38821

SHA256
1c41c7102e7a071db93adfc0d6c6a640d0f25bb7519aeabb7658b3f44aaa9f0d

SHA512
b26a01ddc4f61be75d7e80c4e43fd66e1223ae687085fab254adf3baa360b44a1a5dddf9b5d1e09af230ecb038f57614b2926dccbd64e2fcbd47603eef5b2a26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
183797eee39e4cb5e7d080fecf5fcaea

SHA1
ad5a2c2f5993228eb3c66129888dabeb3ed02399

SHA256
1087ac16be5395587b775bdb7f8383d56fd9985dcc192845a7acac32604a300b

SHA512
f7872fe2116d0c8adf34ea186c39d8e7e455f0d041194606aeacfb8513d7022a4b916eaddf8e2444c4e09232099d501bcbdca76b9a195c03258e5e4d953cf4a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
537eed9edebe24d472bf82aa381f5621

SHA1
76ce2d4159ea484dc1abbc28a38f7df0ce4f4757

SHA256
31181cc259852ab777901650cbd10f49f286580a8b6e6cdbfe11ac215996d10d

SHA512
17a04670f53361d330e94eb9ba03e34be7c3aa08d56e05f5a6fb3af7c745c1946af14e59dc5669cbd18d13243ef79f4298246984ac809df8824a0eb8e6ef390b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
5e22f97a94ffd0343f558570d1294cf5

SHA1
655b1bd00c21a597366bfb2ba73f074965cac7d3

SHA256
0dc98fc5ce54d8c238fd613e345189522344b54cc05d4f20ebe6f07d4bddeb0c

SHA512
dbb5e3cbcbed6c729fc4218e118df929ff0a1cbaed6f7da7dfa15a8fa5e18571e5c916b4a5fe9e7777fda23ee4c4a09cd803565e3624eade875aaa225a577b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
f8f38bbf456835fa1048a26820511d21

SHA1
f3f40cb67b76669f319afbf5656a9a8cb236b597

SHA256
5ea3855de9b6d85eb5539fe7e1f2fcf6593f3079041be7a4d09fe1e9c5771642

SHA512
9362e40ccfbc303f3ff12248addf7dce101a1637c6d1c1ab43ba850b158ba214192d1c5c9e113a99f3e6ee7d8c1c1012c770f9e24b75f3522cdccaf2e93a23bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c4d6.TMP

Filesize
88KB

MD5
ae9b3033344a3b23a5d0e9ccfe0a3c59

SHA1
b8dba5494c6b73751ab1acd9abde3871366138a8

SHA256
ca643b8e116fef2cff583ef92d31c9987bf3e3b5006839a7ad791246571d3f42

SHA512
93619c04fa114b7ed0a82f00760030979cd5d60cff552bd5214312091260624b2285313243eea79400a3a7a48b1eb515eff14175b8e3ec5fa0a385006ab0c26c

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
7KB

MD5
3c78333eddaa0571cdde72fdbfbefb8e

SHA1
da200caaac1fdaee380d4ea880f6eef59961bf36

SHA256
f3522ffa628f9a175d2c91e9fca7c9a48c0a42bcae5a36d7bd2b94af3d1c813d

SHA512
9c8dff2975c7c9fdcefe040dfb20ba7a550f24e4013296fef8471383d4875a3620d7f276b436c557a31dd07c509f9263e333f4f705c665de8a14b9b8062f710e

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
8KB

MD5
e22c455c3f669df927e181c864bf5df7

SHA1
427ecd4ed2a2446f9b50e6b11cf31eca448d79f1

SHA256
69c57884327ebbed4492c3d781236e88e1dac2c7d4fd2f8c1253b0fd467650bc

SHA512
30e37e5504dff374fa50152abdda91435977f55e6d09399b06d8002693bf47fd16da51f7a65bac449392049acc4cc0040137f900fb065f32ba9b8118a703c905

Download Submit
C:\Users\Admin\AppData\Roaming\a4721131bb5459c0.bin

Filesize
12KB

MD5
0d88dfb466b43512cf8e3e644c63bb45

SHA1
d119d1393979227445bbd3976c9599bc64bbf62f

SHA256
373a5087f18d9870efc6dc8cffdb3bca2dd8b48e96ca1ce3ed777bc264d2ab15

SHA512
b53a288b45bfd5332bb53e72e60d7a6d9d0736117647a21e64738f9203990cde54c3a87f5162551d059f8cc80a82a3f8ab2d8104cdfcc8124f3fa7eded6088b7

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
624ce9479ab9fdd14c467f8ad3d552a7

SHA1
97d56c64ec37731015443ea21cf595ae5e14f9df

SHA256
13da3fa4ad529ed17ea99bba4c5e41fde8b1c5586ac9e79804b12f224454a575

SHA512
69cdba61624cdddc68dd2879b9d4bfd80634e7884a68d4c47e88345f40f54dce7c4ec238dcf887dab8421e683c3f33fca36a15a9c7d1922a595262eb3ffb0537

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
4eb66168ae144683e800a7d285a46d7e

SHA1
fba79db11395e17af3d5cbf7c5dda4306f961b84

SHA256
1b37cac6b121f7e1815826a58cca7f304748e46e4b1431de1a6341ee21052f5a

SHA512
6e4b06bdc97b1ef881c845e3fc49f7e89cf47a41deb8a42858d6dd3ff7cacc6438f181be59451003c8b1de816ed1d161d5b56713a9391d065da95e45f8078a30

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
5493e5333c78f5e287dd01bf5262de15

SHA1
ef47113b9843a0c5cd7cc9adc6a29a403249f285

SHA256
e56d2d4c4f8bcce00bf7e2c790bea20283f1fce87fa716ba442f0de4cb20a953

SHA512
dd763c863fd798950d79df51486ab10ad38715cdea36e96b8069eca460fb88ea605eb4f8dc1c0741245e5266fa89a80fa6acfbfa90f4fe19dff243469b29cea3

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
3f8c301aef188475a6398db13b59fd37

SHA1
ec3ff2204bedff49df0c0670a71fba1bc132342e

SHA256
b8daa61503efcd8caa37ac9f0a35e1684a85060979dfcaf80c0e6a185592fa94

SHA512
f9946e5d76046d4f7a5415726572a6b8a47e5f8691576ad46882bbb84697dd3b2a06d04e83ac4630d0d80367ca833f2c0377d3ed9278b9553041a6f950d3f761

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
0399ec74871d5001d397d9a1d807c547

SHA1
44684af5d231bca9e640c43b7c2b90f49a232940

SHA256
3f696d58dcf3e0fcbf39e97572245279113b1b35c1757a910b0f290370911a98

SHA512
cbe6a4f99691828206fe78b245d18a92a6e96fb8f2f3df201aa2770b9f67612a15afd7a9bb58e54f0d66932e9b8bbf8689b43532599bf7fbc76d5a36148f8d5a

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
4f7a7a6df96c854bc7a5eb05a47dcb69

SHA1
ce4fa02104b005dce0f6c47d78a5091260f2c3c0

SHA256
7d46bee328d73e0b5fd39c07b02f369138f784920f2f02b23936059ae43f3a12

SHA512
2ace113969197b41f6345929c1faa633d07186279c8a5d84e6e2750ff82341dfddf4d6579c0b65c2a590ea25281c40cae4d5b891f9783e9fa43688e37a14f462

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
74bbcf3688376e4987fecf19316ca4b5

SHA1
0a0ba282b08e0aaa05aa8ed95374024d5ce8bdc1

SHA256
1d8597130d21e61de7084c6665db1c43f8cc5d645e135e9fcd1f08d7bbb69106

SHA512
2d0ce581f2d65263394b0d8fa997d826d175ccd2f8a03e0eb77542d8d0a6ec5400a2b19e0aac4b94f2a311dfe999a083c8a7e518d8c3d1b098af8bc5f0af1245

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
63345aa4103732789c76d697406e1758

SHA1
bf42e347490cb061dec640b149733f6b8d668718

SHA256
135cc845d875e8ef74698cd77ff08bd1596b2042784bec410dad121ccba25dd8

SHA512
862b2cd3167296fa420c9fa64a47a5e11844939cd3f777936b57a805690cb51377390e13677fb29d3be4a5c90a39ff76e2ddbb83bc5927f37e80e8019db23f12

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
a98c3e825b326e3cc9b5a210cb16709d

SHA1
bf0e14012a232263aa116c6bdd85b3137a1cb4ac

SHA256
a71c49fc8c4fb63cc936c6bd1e39951aeae6ae7f64aa55876210448ba5f9d176

SHA512
8da4062cacf295e1cd8ad0e6b08991a1d9bc2f3a90cae0e29df6e55295432d915220c31a5ab9eb390a1ab2656d0884bff5cc8e4fb66072980c74082ca8a82144

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
7579297e8c2553775844ccfc4593ef13

SHA1
065741c1d76953a308fdd7cc78769440d9d5890b

SHA256
dcd8cec36b7c579d5da657ab2aee94e358f21d0ef768b2dbefeb95e0744d11b8

SHA512
5bcecf1e6ab32d929ff14866903a5c87c80916721b2e6f4cb2652572e1f793857215ee59208b0eafd561d26cb3fb30484decf3da1df4fbc9ab05168c7eacaf52

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
7e0de9594f2abfd3ff1662c18784f44d

SHA1
ee8e0a24904518556bbd751dada04de68103fac3

SHA256
e21a0e45214c8fd16c67a19f6b46b8d3d9ccf393735bb12a5bfb0f5e79c7abbf

SHA512
e1440d6e0ea8212e4ef7d9b695d1f5e458fcc93bf3ceccae571990f91faa89e6dd8ba2f28b30c51301936e58c69736fd5b382b60385a530c139791eb9828b1ad

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
003c0e5083bcd8b67b31761ace147bec

SHA1
6e6b4dbf1d371916d1f386e33d3d35bcaf534c06

SHA256
662206979ba268bf2840b5b253013374377f3dcce93dd98f08101e0468b7b620

SHA512
4182ead692255fc73c9f26e4dd2faf5a76e83820b1e4884ad5aae7a64b0029de49d55dd9fee981eabc3e4aafd50fafe0698e666d75fce38abba781bfd4c9592e

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
4d084f2644984dedb3538672edc45a7c

SHA1
b24ef6d75e47bbba2d917f9ffdf12e88264199b5

SHA256
3329cb567fdfc41272d918eea61eee742fb288481ce7eaa438763eb19bbcb758

SHA512
9142d405d868d44e6471061978cc50b02d61eaf7c6753a2a0a12ba4d4877ca4618523656dd0158ac64ce69eb0be748bcb0c338022c4924e753efd223cd1a3765

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
ef29aa79e72c2e0c501da6e12bde324e

SHA1
183c1894d350f0b5312e9f75da139e85017a2fc6

SHA256
874a18fff1e9c0bd4010bb8b198f213ff7f0ebe315d8bde5f59383e7ecd62604

SHA512
8d1fac00da51425eef2c26130e9abaf18b9ba40b7cee2ff8a08c911b68e0512fa36ce0f3bbf833a0c486dc52db797eecbf97a5ebb4a1ff22eb889377afa87638

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
04990b4e7ea5b8ed760005dd759e6b9c

SHA1
30429bfa9c8ea39c82292f580672b19701549639

SHA256
e2122e90c155dac2da196052cd950d7ccd6d0731e09b3b7521513bb3278f90c4

SHA512
acedf7de89f6924b8bac2cfa178f275ebbfe4def0ccc3065e3f4132f32347d703b57f59c781144482073d66202ef5f1325d262a34bba5c4f5116555f5b0e9723

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
482f40a8f2d9a0347685f333037874b4

SHA1
36007d4fd2bc3e032051550022047c35113830fa

SHA256
0eb25457c778b2572cc8ab6015ad1a8f900aee35297b90ec3e575f4b8d452e26

SHA512
fb6a4e6184693a0839cd68f13cf75e538d26be4a7d501521965958e20a7d6d3f3ece0010c1330dab2bb6817583c6a33fd63b0f63cdf1ef440ba72d567ddb5f85

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
dcce3fadcf88800f532e0b0fd5e37e1e

SHA1
a05026de453a280d89874981fa4d7b3276c8f4fb

SHA256
8af4dc13b21405a4e8e24d0e9720d35dd2842e494aa5355f3a1c01b9c7ca9f1c

SHA512
c358df279f3d5aea971441604f8817b6be4cee388dd5ea856350dd54ea3d10333dd7ba8ed4e794ca3ce5f7323bfe07509e2ea1286d86133b15401c83c7f8734a

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
87dc1ff0ca3f4f10bd1421fb2796f66a

SHA1
f479f2e9f5534fa0e0caac942b8da8b389abbd72

SHA256
b6951869beaf00abdb69e3a6c0b11fc9770fc27b34748e10cf0a0658783ac398

SHA512
94e3bc39e6756ccf180d7d9af2095faff1b98395668b153f9f55cf7894c2b41693a0065bbf124ecb120e32fab3957e3c1453d17cd7316c72eaa82dd5fa8f565d

Download Submit
C:\Windows\TEMP\Crashpad\settings.dat

Filesize
40B

MD5
257036a0fb3d2768f2801e5d32b9ce30

SHA1
0634d123cc54fe889f179f59136e47357ff7f7d3

SHA256
fe6257986f35787b1ef9628e36a811d3484fff46899b61381086da82e363c462

SHA512
381a451ab3b3c97eb3546554811f0784e5341a7f668b9ceb41dc077d34ebd26fbb29b2e0ab21b2a52b8637b3998943c14ce60380b8525378d37ccdceb0f0e5a1

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
a03aa923f4d0ec4f80103d0e9f61f3f3

SHA1
fe9806d10e136556d8e16b3070f7f974e9a32691

SHA256
ac7dd037decbdaf500aecf4d108b79d3820edd056da3fceccbd30cd87be47a12

SHA512
b7133888234ae1e9c2299473dc273264bf947c25b2692d8b0869a26663917452ffe6f6a67bf645cf26272c73ada2d29399e5b68a68c266139ee017aa6eae14b7

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
7a32d1b937e129d4f4ca9773f37b85d3

SHA1
a83846ead3a7774f3a02a21817606f4f69648373

SHA256
aacf533f71b0d5a178386382858d0ebcd017921ba0a2713de9dc6d7387588d69

SHA512
c64c29f3a3309cc2827456e759b450eedac3daf1fe03bf23d11bf92f19df8203dbebce55243f3ead66c595062402681d552a21768c8e6c149ffa3f473016702f

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
8ff0866be04af4ffa773146548035b18

SHA1
54d2261e85f56ad72bdfffd23699768012ba2df3

SHA256
0818d1613ce5e8e932a723e15e52382ed8f0a075f2109b514000932e03f3698b

SHA512
abd8dc56fd39a9770a05fbe0c95977b5533542f04898c6bb5ce8190a4c1f913ea577e2b277ae53ca1d47d50d873cd9b4233c57291619610fd708107ef55e5a97

Download Submit
memory/396-172-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/396-35-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/396-29-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/396-28-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/452-283-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/452-729-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/884-57-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/884-64-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/884-80-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/884-79-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/884-58-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/1084-255-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1084-109-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/1332-92-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1332-233-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1332-83-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1332-89-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1660-543-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/1660-237-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/1808-314-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1808-175-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2152-267-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/2152-256-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/2196-728-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2196-195-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2196-319-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2652-294-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2652-173-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/2708-578-0x0000000140000000-0x000000014057B000-memory.dmp

Filesize
5.5MB

Download
memory/2708-539-0x0000000140000000-0x000000014057B000-memory.dmp

Filesize
5.5MB

Download
memory/2768-171-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/2768-68-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2768-74-0x0000000000440000-0x00000000004A0000-memory.dmp

Filesize
384KB

Download
memory/2768-76-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/2996-154-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2996-282-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/3004-277-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3004-686-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3152-148-0x0000000140000000-0x00000001404AC000-memory.dmp

Filesize
4.7MB

Download
memory/3152-22-0x0000000140000000-0x00000001404AC000-memory.dmp

Filesize
4.7MB

Download
memory/3152-10-0x00000000020A0000-0x0000000002100000-memory.dmp

Filesize
384KB

Download
memory/3152-19-0x00000000020A0000-0x0000000002100000-memory.dmp

Filesize
384KB

Download
memory/3428-528-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/3428-234-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/3524-149-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3524-270-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3564-1-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/3564-39-0x0000000140000000-0x00000001404AC000-memory.dmp

Filesize
4.7MB

Download
memory/3564-6-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/3564-18-0x0000000140000000-0x00000001404AC000-memory.dmp

Filesize
4.7MB

Download
memory/4228-54-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/4228-53-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4228-45-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/4336-94-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/4336-103-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4336-107-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4612-500-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4612-208-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/5032-219-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/5032-523-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/5124-745-0x0000000140000000-0x000000014057B000-memory.dmp

Filesize
5.5MB

Download
memory/5124-555-0x0000000140000000-0x000000014057B000-memory.dmp

Filesize
5.5MB

Download
memory/5156-303-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/5156-739-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/5260-740-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/5260-315-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/5372-743-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/5372-328-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/5636-510-0x0000000140000000-0x000000014057B000-memory.dmp

Filesize
5.5MB

Download
memory/5636-591-0x0000000140000000-0x000000014057B000-memory.dmp

Filesize
5.5MB

Download
memory/5956-524-0x0000000140000000-0x000000014057B000-memory.dmp

Filesize
5.5MB

Download
memory/5956-744-0x0000000140000000-0x000000014057B000-memory.dmp

Filesize
5.5MB

Download