007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
Size

1.5MB
MD5

abf7eed7549b004869478daa88b0401a
SHA1

f446c643f6bed5788152e9de2eaa1efc1cab0c35
SHA256

007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3
SHA512

60910dc773aacaae8da5b93931fcf19208e6bd299ede7a8a71f1b57cb5e311eb20d022139a70ebd615dea17ad2ee24f8c719f6ae146983711897f81f67cf7156
SSDEEP

12288:Ywz2DWUtwYeskMjFvm0qKWjr/pMoVx8JX8it802q3LZj+:vz2DW1sRjhm0Ijr/eax8JXO02q3A

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 17 IoCs

pid	Process
1832	alg.exe
2340	DiagnosticsHub.StandardCollector.Service.exe
3792	fxssvc.exe
940	elevation_service.exe
4828	elevation_service.exe
1384	maintenanceservice.exe
2564	msdtc.exe
640	OSE.EXE
1200	PerceptionSimulationService.exe
988	perfhost.exe
4864	locator.exe
3504	SensorDataService.exe
1392	snmptrap.exe
1968	spectrum.exe
3036	ssh-agent.exe
2892	TieringEngineService.exe
4192	AgentService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 31 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\snmptrap.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\spectrum.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\System32\msdtc.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\dllhost.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\locator.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\7832d3c8b3e2edcd.bin	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\AgentService.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2340	DiagnosticsHub.StandardCollector.Service.exe
2340	DiagnosticsHub.StandardCollector.Service.exe
2340	DiagnosticsHub.StandardCollector.Service.exe
2340	DiagnosticsHub.StandardCollector.Service.exe
2340	DiagnosticsHub.StandardCollector.Service.exe
2340	DiagnosticsHub.StandardCollector.Service.exe
2340	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	5080	007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
Token: SeAuditPrivilege	3792	fxssvc.exe
Token: SeRestorePrivilege	2892	TieringEngineService.exe
Token: SeManageVolumePrivilege	2892	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	4192	AgentService.exe
Token: SeDebugPrivilege	1832	alg.exe
Token: SeDebugPrivilege	1832	alg.exe
Token: SeDebugPrivilege	1832	alg.exe
Token: SeDebugPrivilege	2340	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe
"C:\Users\Admin\AppData\Local\Temp\007188fcd73f52e0d3389be1dd5c1884fd870fb091cb05445e8bb080bddb27f3.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:5080

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1832

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2340

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2748

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:940

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4828

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1384

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2564

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:640

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1200

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:988

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4864

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3504

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1392

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1968

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:3036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:3376

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2892

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4844 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:1368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
2.2MB

MD5
a23f034dd05c8e5cc413fa5356fb2e9f

SHA1
b2f18d729bcb53da38d3d7c12c785f4cd51383e7

SHA256
1f5d85b209c0e9e6d65823f1a126ae57ddcdaac1d0401369afedfd24130d1e4b

SHA512
6d6f2139e5b89d36e8f0a9ba902122b74bb484df2c31e5428b34faac9f7acd89be0f9471568ce9d021d015ab8e32a81d1ce93bfcc6d55955018d2c3475eca689

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.6MB

MD5
a59ea75870d1a705576deca902bbd2c2

SHA1
24029c3b475353fbe76e12d6c80a481cd037b3ac

SHA256
eaf7a716f979324bb9938590245e029c50138755b376ce8eda9152938852a728

SHA512
91d75285216e916a5c2afb9d02819a6ff79e13cec3a6ecf0fb68c640effa69a1dbcb8b6e2283efbe155750d2ed8785cbf6a30807a7fcb5f513800ea16fe8b6f6

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
2.0MB

MD5
f798b6a8b878567b08e613b0cbe965ff

SHA1
24fa50ffabd3f63aefb8d7849aeb24485d828f45

SHA256
4289c7d00d0d823652d66f3e9cb345ffcbe4069ccf33d74819af05f68e0521c1

SHA512
ad0dc5e8cc12f6303c067c8365f49ecb0d0153b1d6cfd341aed411a13e2f248c7bd1d8df3a70264659331228340f0e69e2ee25a32c4a997e3e8477c2eb37714c

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
1fe1e5b70904f01cba37a866ea576c4a

SHA1
e52aa73d77cabbde6d9d756afb2bd155df39930c

SHA256
631ef1d97bcc49bcefe60f8b859c5cbd7ca3b10fab7be2cee4b5ebeb46a495ea

SHA512
12a40f72d99945ae688acd9c17df0896d5928687fb7ed8cdb6751e705e09768ef374197c8512f3bb139adac9a13a6632ae26ebd88670bf8d5e4fd26a75ef089b

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
d850cd7df802282d70cc7cc033008963

SHA1
8dee52a86773c470de611a531357adf2005e5229

SHA256
c4f2258a3bed85df5a7bb0de6be7701410f879a7235101c1e25d95d2ffe1501c

SHA512
72a1e6cf0bede3ffef8aea54908c223d21e744d330cd8274268e13e6d447d73c052b8d3910607968b30059f4e92d2432a6b25a0dc590b49ebdfbea77317d2024

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.4MB

MD5
ba95360794d39e26d03aaffb13be5433

SHA1
d50b41fb868dfcf1c8aa75e0ee85bebdf28f55db

SHA256
9e5c2a6a84ef0958125ffed38264a314165d2a70ff0e83de34336c393c73bf78

SHA512
452bc70f304619959b6557c2fc5f3d63ddd0bb8e54dbdf86d46d649870bff25c6c4ab81b54126e2f7372cda2a1bdc60c29b8094a2b6bf3c41a0a63278ab010c0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.7MB

MD5
a805080040a2ce0e3e6c1f6a7c5e7e24

SHA1
b3377cfdaeaa32ab4c0e9059193ca3a0028cd2f5

SHA256
f627ff551f71826b09ce013becc76a0fe7cb47dc48dcb263171fd58deba079ff

SHA512
e30fd3c6728529e86a7cb2fabad61bbef0f2e0042123f80ca40298d7e3f43e23dc0d816c0f7ac7b2d0edf89a7bcc4c0c5da771ab98d2361c92b459de5d4b14b5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
418292b5f29581dc33108e3996f7204c

SHA1
b9de9abb4daf21506fadbb1afed1a643a7e5bdc3

SHA256
93fd1456443327374aa7f999deb3871e9bca58d1bcb0552582e16ea6c8486361

SHA512
1df33f53bb39036d814836f07acfab1d63157470418ae7f329f42ad1cd8ff62fe8d96ecbc3a3d8d3ca246445ea95d2d7cd1705979fdd8813347d7dff1d077b3b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.8MB

MD5
bc15d3f9428e7c1aa276341b3aec1ec3

SHA1
2827b3ac42e4f2c03845c80f5dfd69a83d4a94d6

SHA256
910736e809912e350ef91984779740fa173cf9626b0b8c7561a0493b7ff41c25

SHA512
e443bbba9b2ebaebd8a22af4766df6b4b5f7b82f9a4f7ce35b2d80755bbf916f6b1143a6f162b61f5c7571d4b79afd9a08658ecec1c4048e0692d2668c6479c9

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
e8054ae36d6bafd23fa96b9f5d68e14d

SHA1
8967945b2922924c3e957840c679542e19c788ef

SHA256
02f8f0bd65ecc0509cc17d3b2b28f6a739d44641fd895554634590250b8b6a0b

SHA512
72565020755452f6495b184f3d1421655cafb0a3080ff918bf4de5cbbdb9340371edd4f0af4eddd41c2d331b38c856b309e16eb48b8208dc191ea57e53c8291e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
96db9aa2aa355f488efb998fe1499c91

SHA1
d310433d155f1a103af980d389b80711122b7b9a

SHA256
4a3b106364f2572c1eb9ae952d94ccb811890ff990d02a7c198b52f9f8f37872

SHA512
6b1155088282559738c326e129b7146a514036e58603cdeaa771b6866387536f0c1d8f21d89998df48d084b801dace530973194b4dad73eb96d313fafdb5e37f

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
3d2a6382ae4e67f3a639adb7876e6058

SHA1
03ecbcdfe9851bdb7833cc411ccbfb2f9eb6dc23

SHA256
6506c2232a7ba7eee217d0203efc9233f5c1722402d877bbdac38e8c504c9a9b

SHA512
a4b582c339d4aef80320020f5988bc7912fae6e23321b2ff9239ad967d31f4b02ff8d9dc5f49308e356773c45a55ec2deb9591af91c5364981f5d55c870c938a

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.7MB

MD5
7a1cdaef1851c6ae09fa7829d1859924

SHA1
3c553324f4aa2989f8d40ec8e41a378485cb6aea

SHA256
98d58081b6d9e666ce446695f10c457147f1be75c79634c934ac9b2c0c772d0a

SHA512
590ce8fcac21a3e8553948f0cdb749047e85c69ae43069834dfc2d7061b52fc862bc5d8d54f2f9ab2e62fea5e6203ce376de7e6324df938f7c6716b40847a72f

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.5MB

MD5
d2bc428b205e03ae0eb552ff27887fde

SHA1
0e1600185e676c08338b66c62e7bd6576180764d

SHA256
9bfe644580fab60c1fb9d7ac42a5446bae834bf79f914162dfc207fff109e53d

SHA512
9f9e650678ae3185647212d907345d31f649da3dcf470f4382a58b1ac343f5366f5c0a78dba31406ccbff5fd67e8b89e805ca4bfa44056e8cccc2caa7982abe8

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
de0b09b6fd1a4195810629b69ae23b21

SHA1
56ce23359723f04b789f42b01107487d09f14077

SHA256
8c6090cf2a48b58a9a6a27cf6aaba5f444ce46e37bd0bbb128f91d47bd246981

SHA512
1ba34fb65df2cca645899021bbdc585573507b674acde6ca6d3676979ac29f30894d1e92bc64bc06999dd0771c1ee7b180ec05ff41304a54f1483af8129f7167

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
6cda0aa26e3f40529e3b789e95749be7

SHA1
788a781c6fd09dd240961cd752f4361e83362acb

SHA256
da77e1635b2ad614e55a69cbd29301aa2b4f255deea8c8a579c0e9c33190d29c

SHA512
8b07b5d336e0c5808e602a443d76e16a23f6f09e0ff27871d7e0b5f4c17d343ac86a8c11f1d44d6d39387555d3462a335ff8c088876589aee26e830776ef2ee0

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
ccd9c21a6dd975b310baf356de494f55

SHA1
feb6f5e683dcd7783ed14af728a4704c643ec338

SHA256
2b3b83ab3d0dc54cc4a86bd7d86695578a34e45ee3418849c799759d3dfa6577

SHA512
59b32d47387cd6195e82ef61125224bf22a44d94b507c7be316a82f70a53eb12cbd897585b6655a1884ada1ad4338401236267eba934eaec7147ea63501452b8

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
fc87501fc6913207035655e4c6d19139

SHA1
223535730845471276ea418e85bb79c306964d91

SHA256
0b0cad3a32ef70cd45e0f807cc5dab0ec28cade436b4b008db4bc6bc6520559e

SHA512
53b751d53822a9d035a5c1ec8acfcfd229d9074f5358dc4ff2d6695fff55280caae68d2cc19511f209c5aedb4511f4b3d61579f63ad98247585e2e12bfb9b3ab

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
144eac8030be38ba9c8cf25990e92f15

SHA1
543bdd7e6ff189e50b1e965546de625161ab3454

SHA256
07cbcd62d97092d39038bb19cd7f1096d6ab26981c46cde953c593b62b499f69

SHA512
a0e1cca4f9c85f4c4a32832cfbff9c8f9236d0fb04320277c29b8a335b5606d4075bd9a37779d5ce8eb52c148acaf027db2f7a95f665d2de5ba64ff667d699e8

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
21cf6e9680f2c494f454302f4a6e3436

SHA1
9a28d4ffb16f6337f4dd2e6aeda07d6732645104

SHA256
448c1384047eba5541db87221e929feb88762c0f19ce3acdbf56b5992f454395

SHA512
c29f2cf64828c95bf81f8806d6cf9409cfc11a866956dc0a380ef5af62ccb6fa03413d4c916379b2514cb312f1d2b01c630ba00fa0d613405fa078e1281d8c03

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.4MB

MD5
cf6390d075572b6c0383cbfd4c19dddc

SHA1
eeafe8e12a4d2fe07df9a742f83ea8e12be539c2

SHA256
0486120266d2bc1bea69bb0c5017240cb61806321002dbdd69baf7bea4bea7d0

SHA512
f3e0b8cc98ce761b42e2da00771f3162d8b04d4096c71426125bee4b3f6f2252e094174441adfe9f7eb775b2caa483205ea09a1587f583751231cc0f3550263c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.4MB

MD5
574d5191ae54fcd85061a2578710a5a0

SHA1
34d3dcff9d5301f548ee5e57aa088b71aeb97c35

SHA256
4ca2c6c99c921135cf79a7cb4dd7bfb70f2292fedb79e758b3a20f044275c24e

SHA512
7adf396b28b01b181b482ca3f257691d19487f3e392aac489a0cbc0d2f8a77d8b025909c35641411179f26a639832e837163fcad1a1b890eb71aa1252fa30f4b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.4MB

MD5
1a0096ad91162609bc2e4e644895cd2e

SHA1
d547375ea691251d0b4e6ac64b811f63fb0ae084

SHA256
42582c8e6e0b43e40df9484cea24e68be63ce62c845ac287d777abdf8533f431

SHA512
924285fceaa57be602a347583d957fcdcdc71bccf551f52bd1fa4a4bfb9b118d64ce575f35fa50742053b55c96cc8124b3bc7531ef01636983c39bb7e32dc35d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.5MB

MD5
1722aaa2fd5238041ef4d4e19782c82f

SHA1
11914e4750d85b465ce9174b20f19014e9696fbf

SHA256
f265b3862c1ee4fd2762e4fd86e81b28d60f4088f2821c9dcad0f9ca0dc49f99

SHA512
30a43e2d016f49264ba8976750697678883a453fe49823a989a47b4eb8af194162092e257c2ccbbb4b803ce2b3cae97aab45c77024c14cb6f3ef992f33708c77

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.4MB

MD5
fdb6ef65753507c9a60cca345dd05af3

SHA1
e30fd419ea703f0df47672fd03e181dad5e451ea

SHA256
314e6aa48f972432e0c820bc03d0c4d26314cdcba2a39f04b58d8c7d3fe7b5fa

SHA512
a203c046abd1abf87ece692033a26b2d4d952ac46c2ab26c3d5542883c15c158dc33883c800298c09044eac36130c0fd632e85b0496c8508abb67b8545a3ca5e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.4MB

MD5
6c61fe90f6bf9a7404537380e8666907

SHA1
e7acc9649d371cce64d613ab2fdefd33aba13e54

SHA256
282f30dfbc7a418b2b1c3c7e7ef650786feb7fbba2b4584786b52998f49d82d5

SHA512
8c8523ce850cc126a11d591b94ccd04c84c576583a875eb7e574001926b75e49eb5b3c4c5aaf8c3b7600e728033a97fbdefed52d66b7c1c2b7c0b2c3e391a92e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.4MB

MD5
c73b01971a47571dbd8bd2e5997536fa

SHA1
76b23787d6f354b178146b7e204329010f0da787

SHA256
1777e9b8a24f713046d0491db0d9531b576acec9d03b2812383a63f590193a76

SHA512
0fe2831700bf10662c2d5c560687ddd68c01df0f2e33643ee618b890c0c3f85d4b67e4d6723741e35fff058fd5ec45ef616761f77bbea5fe5ddf8e64a3bc441c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.7MB

MD5
3845b3f37259ee086aa06c61880fbbe5

SHA1
6c15764330487a30b93878d930d2f3780d5c73c4

SHA256
5b1b48cc1ec9cc50354398392c09ce2933c8811a35fa3dde8dbad504ff73db6b

SHA512
2cc07cf4db1764bc7ba3092804890e8164b63c4737358882209c775551c3a97f363cf8c858af0b52e1569e2d72a731cc7dcc88f129eb032884cff1f27a5f0cf8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.4MB

MD5
c9cf0357d9c59937d2d88402cdaab9fa

SHA1
4c15bcc9d550263a17828e2fd3800347d8e92413

SHA256
a4775b21c1a28115fcb7e0c6d04bfeff946b9887726c4af09ede543a59b95928

SHA512
f980d0816e509a180df61312794b1da6e7754188234ba5eb7f86833343b862e8c8fddd838df30cd4483340d2798c36534441f5562fc953d21c2503a087d0ea02

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.4MB

MD5
2fddef4597ab9341fe7869b4eb914cdc

SHA1
1cd0e84bfa6958223671289e5385ea45ed1f4b3f

SHA256
5f696377f78f8282cd488fcd7c8b722c01f409fd263bf3d740848e5f1ddfc28f

SHA512
2af66d8e47c82f228114c632e7dc5126b28fe3754d8e05aca0a9b3cf554d7f0e244cfb8c7681d95a36c1e71fffc91919f590ee4bb9c0fc4d0196f0b01e121660

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.6MB

MD5
921763ecbdd605abbee52231af5fb4e8

SHA1
c57dd47208c540ad7346a1625d0ce5e573eccac7

SHA256
dd04813b511f161951337ff7edca105e2b0012f19e059b851c30b29552ddf856

SHA512
cf4b5af106820f740004a67c3f27bb7a01f960dc7184dfc8d8eb7c8a1143e423dbbcb064ee4b01421a034966e090812ba11f8235fbb442d286f7a1f9470f6970

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.4MB

MD5
78ca6db678bbb0c4fcc86a69a69da09f

SHA1
f7d57501930a56b55d598cd2e1f123b3e6cf0a61

SHA256
f8bc0f68e9d654b993ab1dab40e75fdb7fc8c6969e199c8bb99c6b528fbfc1c2

SHA512
d51cb411957dfdd458fc771aa739d256b52c6f9860bd78b2384fe8728b4573bc586ced6e77bc8df3f5c4b2506b47a35d6141da9cea620faeb4c729ed5f8944dc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.4MB

MD5
1878d4c9e5da131daf5ddcbffb52e783

SHA1
7a02bccf3577bd659f4698d21267ea23466908f4

SHA256
f76a1f9c085fa690725a57b9d8c73a54f2e865c980e69c24ee344d91f57468a7

SHA512
1baa300cd8366275f1d3838e036568a871202641a790e122a94276bfc678cc67ec80702e059bac38d63ae19f720cde9c8749e43a3bfa9748054ea9a3e8af9be4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.6MB

MD5
f61309e98c418eec628a0e8483d42c1f

SHA1
3d469667c68362fa77181453cfab256f3974f745

SHA256
607e00d47f51771fb9144b834f790249b4a7be63e207139e8b2589358f4d15ea

SHA512
9177a9b0028d62fc6218d5c2205891bf9dd2631e1ba140ff837799b3583cae0e57ad35e3f5f82068dcfd4983d3eefe579d1a28eca0b55021bba7ed2612e179e1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.7MB

MD5
dda2d84cc26b6dc078c90109b8a66dbe

SHA1
15e4920803461547aeac2918fc9b5cad096d5af6

SHA256
6a19d97508131ddb658dca1c2cb95365e7d20fafab6d76e2c895dda69b05516e

SHA512
2051cece8aa1c6e2c5214dedbfda371bf3e45b2f0337a470b022770e8b5e8ac9532b3a210691a644053edb0b6e255cba98a866d63cac3e7ddf664a0c5199bdad

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.9MB

MD5
13b63fda19627b2bf8d5ba1d67af3d1a

SHA1
b9f2918623ddbbfc8adae337a452d695e01ee02b

SHA256
8c32b591459238bd17225b91bcd34988af718cebe868065a2190bb5d640eb074

SHA512
8994e4eef20c4f8b8b9ffe662001b10cb5b18dabe8fb83a9ddf440fd23a73f58592df493251edbdc93dfe5e6a8b6890c055e5f638a104332eebb1bd48efadaa3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.4MB

MD5
c0617279ce882da15a124a794c139946

SHA1
b4105a15d4753e63a2cceb206699913c7021b04b

SHA256
7115e7fe92b2e43e04f0b81ea4c06ceed9f107aaaddc90315d033fc6bd9fae32

SHA512
3593ac09cca67ee3d30f23275119acefcffc9883878423c31c1d673ee1a44dd9363087eb9cd73a0bcc6f67df52b9760186ee388e67a52087f9beda0a6b1b4ca8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.4MB

MD5
2f0efe727c859f05c396f46619c5dca7

SHA1
53b338b0a3622f211974eda89532030e4e312032

SHA256
2d669499f48d12b0c761d0ff407cfc8e6f303d675c6534d1e9d3620b7b965133

SHA512
7975f82d50f46bc18a2dd87d58d154a079d4f3ff32793839d8fd5d64c779ccc156cde423104d5157055d11d7ade0758836c6cf71a4e9a3ea534e036f380e6b99

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.4MB

MD5
ed4ecad0b8fb626ca3974810002111a7

SHA1
1837c2780c4b6c3c1dd7be46674bdc968c56e440

SHA256
a4d5feb49e5c1d189bad867d21edd8ad0b82b42ddf497825d48f91a7f41ded48

SHA512
0e2fe40fb49d770d5c6667bc932c5115773b2cccef6ce7d87472a9f7b5df315424cd3f251610ac86b016a3f213d08773e97e0585d14e1f19177d3b297e2e8bc4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.4MB

MD5
1210b0cd7df68670424cac846e783227

SHA1
3a2d45c7d339956273cdfb3c49d7d985982d3317

SHA256
5f5f30adbb7ef9d2441a72821be56fb63bddea7c46d7ef7dcc04f98cc12ebda4

SHA512
3dadc630978569a6bbfcf60ba9c7f8988a7e66ca3234edb5e97acbed2764c177b6974a9ac6c7a314804a46a4e68f454222e6773f1663d271d1b8973e69191e40

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.4MB

MD5
44a1fd86f7a9876408411107694025cd

SHA1
cff8b75461e029e1cf821ecd251aee00ace593cd

SHA256
c1088803f4de1392ad05c23a53dc7b799943a4000e4f4b953db8da0b9537b5d6

SHA512
6928ced1df806889eda0e92035650e3a020817c90958eeb051e80e9204e2908660445f4a947d78fa42dcaa98d491139f686380fa71d7531b811b68b641f460fd

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.6MB

MD5
d816b2757eb97c0176ec5d99f21d2db6

SHA1
aba38c29aec45642e0244a8844b6a47f781b21a9

SHA256
ef2d903e295e4e99d4e47c996ab6db9da1c99598d66190ed482e2b0d0697044e

SHA512
2f2f31ad4a0d85c0ec9b0fa25c2967dadda51e5f5dab457c1191189a76c958503723092403e142bf0ea8471fdfd7591a9497489a8c53e60c911091152414f6bb

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.4MB

MD5
f1a77661d34f00ecdd47ec84eeca147b

SHA1
f247c24cfa41b8fb8588d182eb1eac81bb34392f

SHA256
de1bb71673b156d3de67dd3ef1f5e71a774b19ff216c6961de861b907d4ecbf9

SHA512
8546cff7c19edcfc5b7f8589ecbe63cd373bf674ca143df0329a73e22b866b6c0936f3423ab2bd1f76fc39f5713562a54df6f3e85a2f2f942b8efca4021ed66c

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
b7dd7d71df73f6b39bcbc2c4bb645189

SHA1
59934cffbf6aa441f7bc5653eb889840d4178e3d

SHA256
d560d8abe70ee8e13b3f41f4f1a1d39aef1a34f0f23543a6677acf88431c8c1f

SHA512
52ec219c68aa8e1d0df6dc29b2deaeee982734412d13e2dc11ff5cfde213fccd055ec1b2ccd0ee7c739beeb05eb6661aaced53a9d6736422065e6702d093e095

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.5MB

MD5
0b75a46ce468e46967fb9fadacab1403

SHA1
d11bf50ccd46e8cd5696ccd1589b401d3ea63891

SHA256
841f1db39895064570c7987ec7f1564894ce4048514f24380f5393de64999370

SHA512
b2229acbf8bca3657065287266767b74f4f2bb2ffc7ed1772a2546a236876e118912f973551b83a3d417eb903f4ee4cd06f879dc45299fa573c59cf1675ac46f

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
16c5a9a7f589496d9c371d6320c09635

SHA1
0c39591c6d3b4e9a7df64353577ecfd169af4c2a

SHA256
52c8e2e3a160c5d85fd43dedbab646b0a273f4fef1020698cd27bb51c21a53a2

SHA512
e61018dbdd5cda0bd783fd09361d2c04515733314a3b008011c5e9c291f1612b10ce52d3be4feceb6215c5852af6063ddcc4a69ac658a6230695e51400d2ad15

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.4MB

MD5
fee175c455a0d2de1eafc69a7c08ef17

SHA1
a699a5c73b00c172a919af4cbc55695772ddc9f4

SHA256
ad9aa3b0f970346c31e35c8823ce17bbd7fb28ff11e70dabfebf9cdd8062984b

SHA512
a318092b603b59d1ee5df84ca37868aa4a5e9507d6ccc74a753586cb4063c03c4281f1a48782de62d18c58a8a28698f75e1addb34c95151da0dec14fb059f92c

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.8MB

MD5
0f63f39b4853f0f12f765fac868cff3c

SHA1
29c7bcafa22e9d4daa34e8251ae2d289e6061612

SHA256
ba0a3ced2ab61ec9279af0820198471b368c51a3dc9067efc2c77eca1306ced9

SHA512
da7a7b605bcaf3eaf7703b45670d01eb992cdb20f9ae9818616d516d60f46b013b578215b3a5db0575f643b18594a8b287358c1b6c85bc3559c3c9c3c63f899f

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.5MB

MD5
126d248fdcf8e028ffc5bb674094e96d

SHA1
0403a4352b74a0a36d52b5c5755e138f1098d07e

SHA256
1adc02d7d92d679b04b0e969902c5df35ba7bf97dc9d81ab4de71c3dd36b6911

SHA512
f92e4cc613f1560cc381ffcc4734f3b347d55f660c88ee21140147be0a7138f55d9c9c81299a92a879673e8a7291ecf96ec44f653b2a67016538af3a7dc0f209

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
26dd00447e9ba3a57d0549faca3f14c1

SHA1
c81fb69b10e69e086c8c760b2eee1074e36d2829

SHA256
148f6e1a0044f3710cf074dd44fae70be9e678ca917e90963e71c2ecc398b5b7

SHA512
7390eab30790415f2e6c170da7b4047588e91a7671dfd5c0e9a4881fb9191352e0b606c7ddcfab63cb27a5e6628141d18cf4f85036f2cded9e8a74af651bc9ac

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
941297aa04da62ee902734f8e86f018c

SHA1
5014e2ae19b0cd153b567e9788f492e6eeadfab7

SHA256
a84c2d1be800db2f94d60916ae8e89929c4fa2d30b7c391dcd449b57ae8b32ed

SHA512
8706e5815c719ea048c618eb139ffec39368931ae68cc44909cbd3dc18063a0ed0f384a588305b8bbc84b042f29cee23916de0bebb651936d7e58d4041989e15

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.7MB

MD5
4e4a4778a88fe1a1894e39438a56301d

SHA1
babbc600cb1d3b06168bd85aa8a7e68bf7317763

SHA256
9d7e21996cb8eab2b0c5a4a4c3e10a7ac142f74212ca09900a7ad1ae7de28a4e

SHA512
cd990d736ebeb482f4eeec99144646ef4fb999763cf8f49287c40ee46052dc1846326de704c973fd3725516d15d37a08123e5e1f3143b5a6062c527a42f9054c

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.5MB

MD5
e2763c4ae623ca4c527f494980106a49

SHA1
6fa1c8ad01fa41507694f0f294032d752e88b05d

SHA256
14535469551239d716a4bfb3aafd8d7db01652cb7f8c9c09b5f67db3e3c01a03

SHA512
e19171932571bf440898c55b043c2b4dbb4f1f444442974f5c2df7ecfe1cedca3dca0be3be2b292f435c33221902d9bcdadf77582d2d0c30706621f0e88acf8c

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.6MB

MD5
ac4e53c854ac718ca26e710fc4038381

SHA1
8d38b361219188337fc3796703ac34eb4b595e3a

SHA256
0142373dbe0e71bdf8d1d17286717a0f01721b4eb3882967897d6a3c16a5d447

SHA512
49bee010f09bde859c4373cf73fc8240067ebc42e770195aaccf7975eb7dbe377ff408ce32f38ddf714edd10fdd8e13e165365d52b6f1daea5cdcd790321aa8e

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.4MB

MD5
3369a57d567cfc715abd2cbb23c3ae35

SHA1
6b595483a778f9e81d4efab88b7292e3cd005160

SHA256
fb1f01a9ab8f0d051ae81cc646cb2be329704ee27125d07186ad612922cea67a

SHA512
6f1ec5dedf7b8ff33431c841662ee75ef8e05e66f47778b0b369e4590880b90d8f3221ccc272dd8926b90a51405549e426a06d89ecd8c46a071470f8561a49b2

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
d875273a527017fe6cf4a93308443159

SHA1
614babb0853e481394c058ad175875610882f960

SHA256
765624d9ad86dd7947759bea4f29789ba3e12804c1733673737300f4a4dcc42f

SHA512
3703bbbc00b05353ffdf5db4ea50f57e0ab87a893616d83ef11791dabf16da6add4b0d71aa13ee1d6f91a8bdefeb0906d8f72707110a48e80ca04fb3e9cc01cb

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.7MB

MD5
730d1e7018efa1a4006d7a95b6374e76

SHA1
0f33e0ea71d88cf5a6cbdb49db89062700bd47c6

SHA256
7c9f501662dbf4f1def47f62086f9fb70925f1cb54755ee7c21cc7c2acfd2dde

SHA512
eace5b23d1a6af98430c656b1ebea11a9c05bb00def7ec6c14b2e77d6daf781e87f522c47f7c1fdf6808806d34db3c216e344282d60a4bdd60002482740f1569

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.5MB

MD5
cc50f83c9f8ca822b374920f50acd304

SHA1
2932d7c6c8e605ae2cac9a0d6ab438cbb2a8425f

SHA256
c10e37b4d836c27df0dbb8b80bd33e84411d52577e87a8611cd4ef279fb20f79

SHA512
259dca0033aef92b2d688cbb3084996f1122c1ca1457c05d83681128d84c9442ed26d9b48e3bb8f422e97a76366a80ebe913ba9a0b01195a6bc98bcdc307d17a

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
d8c2bf301a2d021fecd6efe6b570cc3f

SHA1
acc68dea87977cebcae7f260c2d80133c33a9817

SHA256
d520b09781fd2429dafc195fc1737fc3f64ea290f2de2f25d4bede17e26825d7

SHA512
1d509dce92d4c4f4d75de42484e7e45a805901cf3413dea586219b95becd1597291c7a1c9b69def3743d6a57d2bcb6e2f056a6dd700d593666a88ad6cd9f2001

Download Submit
memory/640-247-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/640-110-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/940-53-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/940-47-0x0000000000810000-0x0000000000870000-memory.dmp

Filesize
384KB

Download
memory/940-55-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/940-164-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/988-127-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/988-344-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/1200-115-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/1200-324-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/1384-84-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/1384-86-0x0000000140000000-0x00000001401AA000-memory.dmp

Filesize
1.7MB

Download
memory/1384-79-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/1384-73-0x0000000001A60000-0x0000000001AC0000-memory.dmp

Filesize
384KB

Download
memory/1384-81-0x0000000140000000-0x00000001401AA000-memory.dmp

Filesize
1.7MB

Download
memory/1392-382-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/1392-153-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/1832-12-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/1832-19-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/1832-13-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/1832-108-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/1968-173-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1968-385-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2340-32-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/2340-26-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/2340-126-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/2340-25-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/2564-88-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2564-200-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2564-89-0x0000000000CE0000-0x0000000000D40000-memory.dmp

Filesize
384KB

Download
memory/2892-197-0x0000000140000000-0x00000001401C2000-memory.dmp

Filesize
1.8MB

Download
memory/2892-390-0x0000000140000000-0x00000001401C2000-memory.dmp

Filesize
1.8MB

Download
memory/3036-178-0x0000000140000000-0x00000001401E2000-memory.dmp

Filesize
1.9MB

Download
memory/3036-387-0x0000000140000000-0x00000001401E2000-memory.dmp

Filesize
1.9MB

Download
memory/3504-141-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3504-347-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3792-43-0x0000000000460000-0x00000000004C0000-memory.dmp

Filesize
384KB

Download
memory/3792-58-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3792-36-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3792-37-0x0000000000460000-0x00000000004C0000-memory.dmp

Filesize
384KB

Download
memory/3792-56-0x0000000000460000-0x00000000004C0000-memory.dmp

Filesize
384KB

Download
memory/4192-221-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4192-209-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4828-177-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/4828-67-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/4828-69-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/4828-61-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/4864-362-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/4864-130-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/5080-72-0x0000000010000000-0x0000000010187000-memory.dmp

Filesize
1.5MB

Download
memory/5080-0-0x0000000010000000-0x0000000010187000-memory.dmp

Filesize
1.5MB

Download
memory/5080-218-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download
memory/5080-217-0x0000000010000000-0x0000000010187000-memory.dmp

Filesize
1.5MB

Download
memory/5080-1-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download
memory/5080-7-0x0000000002290000-0x00000000022F0000-memory.dmp

Filesize
384KB

Download