6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2024 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
Size

703KB
MD5

9a5f223e461390d97c64be7526e7e9d1
SHA1

5dc835d132851547d50dfcd486b1833a18680f9f
SHA256

6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c
SHA512

c3262209f467c0587a0464fefba5191eb68653713b8a62cb77489c96bb934a21944e8579284605dd1885dfcb72d320e3db2f037c70e7b2e51e9485883c0d228e
SSDEEP

12288:lCKHJx523hqFCrNDFKYmKIiirRGW2phzrvXuayM1J3AAlrAf0d83QC0OXxcpGHM5:lCK4I8NDFKYmKOF0zr31JwAlcR3QC0O3

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 18 IoCs

pid	Process
940	alg.exe
1252	DiagnosticsHub.StandardCollector.Service.exe
3508	fxssvc.exe
1612	elevation_service.exe
4388	elevation_service.exe
3624	maintenanceservice.exe
2856	msdtc.exe
3444	OSE.EXE
1692	PerceptionSimulationService.exe
752	perfhost.exe
2456	locator.exe
2016	SensorDataService.exe
4288	snmptrap.exe
4172	spectrum.exe
4320	ssh-agent.exe
4940	TieringEngineService.exe
4564	AgentService.exe
3280	vds.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 33 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWow64\perfhost.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\spectrum.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\bb260fbc75cb61b0.bin	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\locator.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\msiexec.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\System32\alg.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\System32\msdtc.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\AgentService.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\System32\vds.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1252	DiagnosticsHub.StandardCollector.Service.exe
1252	DiagnosticsHub.StandardCollector.Service.exe
1252	DiagnosticsHub.StandardCollector.Service.exe
1252	DiagnosticsHub.StandardCollector.Service.exe
1252	DiagnosticsHub.StandardCollector.Service.exe
1252	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3924	6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
Token: SeAuditPrivilege	3508	fxssvc.exe
Token: SeRestorePrivilege	4940	TieringEngineService.exe
Token: SeManageVolumePrivilege	4940	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	4564	AgentService.exe
Token: SeDebugPrivilege	940	alg.exe
Token: SeDebugPrivilege	940	alg.exe
Token: SeDebugPrivilege	940	alg.exe
Token: SeDebugPrivilege	1252	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe
"C:\Users\Admin\AppData\Local\Temp\6eacf7af3e9997418d8c728088c89180c0ec81bc9024383abf2ea82e65306d1c.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3924

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:940

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1252

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1156

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3508

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4388

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3624

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2856

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3444

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1692

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:752

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2456

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2016

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4288

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4172

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:4320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2764

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4940

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4564

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
e82927408e1d680f90989bbc7bf4816d

SHA1
afa70a7b84ad5a6d7cc22656735877851ad483f0

SHA256
19f2c1548870944639c334a011185e6f8ea64036412adabb7f5989d8e1aa5c5b

SHA512
6997634c2d5fafe629666c9dd19f3457f9890ee35ceaf83d20afb8b61c730f0f05a6b768f1b0d794a8fbca17c5dec488c5e250a99254182ef687d5b7d892b47b

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
5c57b6a6c9077ab164b7d295b31d7b25

SHA1
beb7fa6562ffaa1d42043feb1a191b51a67d2231

SHA256
ea10268e5fdfb9b5155e41c5d1b221d66d88657bca239c57d0aa0b09bd7291c4

SHA512
f30303bff5949aec40574642bbf2f6e80fcaf15f616342ecf1640baf9b9989a98885a56558c839c1ecd0a1240c4fae48e79b93be9c0f998be743ffc2b2c3b84b

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
fd312e066a9ef32fe288ed480f298ef0

SHA1
e9fd55828eb85df35ae98276743194e1238990c8

SHA256
d6fdbd92f124d651c2cfcaac976be9430e0dbd16c8e4adbed3bd96daaf49d9e0

SHA512
1dcba6db2ba29633a204296220a57605ab3ffd7597aea35712c47a2ee4511336bee0598bbc87e8fe0f60dc1ad3bf7f727fe48600e64a5a8700d282783f35d313

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
bdbc60f669d81e6711765248469c27c0

SHA1
be1fbf35a61092e35da48aeacaf5e023f432e0f0

SHA256
98998232270e310668005f461b30d4928c62391ebfe367d6a1384c0e0c282bbf

SHA512
8def79b62c9d3a5dbea5b2cf1f587b6277efcb0ec0ed820d41f6ce4da978f801d12c9410310232f0a179e71d1b79c077d27f69f30ad73d797a25c046064aaafa

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
9fc447495dd1701bb2c19e8395f2d660

SHA1
f8b25fdd70b279694da59e055829eb18b8d10e65

SHA256
96741b7d429b4934e5f72c90554ece140da480b49ec37c50bd93534ad65be665

SHA512
75a2fdaad4600db9790fe4a27bba328c26f7c1fd61747142b6e8bde8433e541c7a44d7283f16557b69d5dfa61ef691cbc1dbc31b7b3245af41859f8ae2abbba6

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
9bae612dde19e2f43ed0d3c50f575ef6

SHA1
5e0098be151b70f7e7ece295a0beec3029b0d924

SHA256
758659b731d65d5622c26b8802ecd1c138e542d2078899e4a375a3420918a3a6

SHA512
bc7508b05462789b0a365e763ddaf3be1db684c7f03b160b397d0ba838a36f50f8838d31a5dd94d8987ab737c58d4ab8f6d82cdc8c64144afaea8c948ad2b92d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
b3639e3c38862769bc1ff2e209e8b1ff

SHA1
91701e121f821bf08e6d07dd804c88bcc9e812a4

SHA256
b7688d86321313f2d1c7cb14b959fd0836a0338f215961c02b52d40733d44783

SHA512
38f20238f6eb1384db1f392e6bc6846db0fc950c405084f1d6ae626b9e4fbc744baffb371baa21cc28bb3346e14255846edcad7764a2640d9ff2ef01cca9838c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
7232c1013e2b8ce82b0ac61473a9caa2

SHA1
bdaeb3412f7d28ddf6c50709e42159964ad58478

SHA256
6ce52e644daae568dd51949feabcd80c11fb1d21c7451efd1c0ce208d0cc91f3

SHA512
86c45e55310cdb85f25c5f5c79532a289d643aedfac2cbcb9ba914ac6936173a48833df635bd5e1abceacef2204e30c35ed59cc43fabb0b6386df86b4e0eab11

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
f23e63b390b47f6a5d64d19812815e7f

SHA1
bc2a1a6fac5410d2d485bd14ec2f699b4b2724e5

SHA256
e2c2dbd5f63625c7351e97f4c260416d57d6dfc31ea339eb665b782a42d02cef

SHA512
b60e4cbd387146550c8c3b06fd8f521db5897a19cfe0bc7a9a778177f28ca072b6fe17b138f1c80768099e6e14279fdcecd6c42e3229c8f6e6332bf8fda8a13d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
f816405110acc9a678132c733ce44a74

SHA1
e001057c57eadce28adb0d3eeb15d94d8ed24dbc

SHA256
1644aa48b069c978f7aa263ebfb0f351e7f10896dfd24fd075d3fed06504a6ef

SHA512
5991756516213d313042ea86df87e853533decb974d61cb72fc79d31e8a77faa31604ce5c9539c4234b0f5c93481d02a7aa8f275439e616cbdbb14c52f265352

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
1b041e58d913118bd9b00a96f28c29a6

SHA1
bba994b29e0a01a011a84375d9615e1bf258175a

SHA256
eb0542b164bf31bcba197744d60bb8247d2340ede2e2aff9c201eb345f946f86

SHA512
a5a5def1e307c12577744bd7f2dc32d01419f5a62560e273157ade3c5cc8f4ffae9e35b176e93dc68ad8e1bc499d345d948c5f675b22f7e9757413a558c59545

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
5d17705a2ca0e65aa8a5aca12db23cc6

SHA1
11f017b4df0175eab540fbe8d40c59ab98a397b5

SHA256
312caf9d83133e57bf2731943696b091f00c7c1a1ddf5d9fdfabfca7b8d540c1

SHA512
d43c46894060972c92f5fbf54c7373d0252c286eb212ee1a68ed2804de4023065cf53da32bca4d65adb6d53d576061c3fa03b0b993ecc11289b099bd99086ffa

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
e64e206d04dca13955a7fe1b53df60c2

SHA1
2f8a6a84d464ca16cf2c6a24259a654160724118

SHA256
a8bcee9b0efbebb7834087fa5695458aee23f7a5cbb1db6582fb7a03033dff87

SHA512
0b907be0d9e4c3a6fa29cccc836780356b7dc462984cd6794b3423c541345f4b837842d99fc1d73a027f37cc3f995d9132a88f03638a2ea474f9273c9ed761c8

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
ee335b5e584d5a50674a9c95d5f638dc

SHA1
cea002d7dfd8defd9b2b055f31f79ae9fe084389

SHA256
bafc5a3b31631d1ab255dfac3a10c4446e24c37341c986c713f3b5dc3614699c

SHA512
ef83912a1fc72e8e8eb2ac0ac0aa6f04e1950b2d76b73cf77af9fc93d7324e729f66827b11afb2fa446c071a63127c1f5feb2068f8a3ff899501c6fcd5982ea8

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
70c2dd0bc593818b51f97707980bde0c

SHA1
4d1957568d10c0181230cac8009c6b1d62cb6dd3

SHA256
696d4dd2aada30da40fcde43d785b4d24c62fe706ac100e650cb642e453d88e6

SHA512
375c4bf0a08ada904e71df6d00332d737b744acfce37cbcbdf9ccc43165adaa14c3c538f496b00e299451b19221a311c33eaff296aa9048758b94d23ad7e3b3b

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
b5b6d18336f013839abd8ae71e41ee7f

SHA1
c4905a10e5ee05c64301ed28325af4995058b8d8

SHA256
086629236365041343c47aa043d8b6770cc9d67f8242b78c3bc50041a7182ad4

SHA512
8c2b422d319251d8d4b7698beb441f2acbe2cc618323af7cd3abdc0b9e84b563201a5cd73966f1bee9b4d049629d59e693376538a6876496bc7b1d583c91406e

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
86c5dc60b260035d2f59e3752c9bd8d2

SHA1
499ba8fa13b5b080b249e5623587c66c9ccea90a

SHA256
1f490f74dfe734cb9a0bb34423df4597080578ef26dc4aab6b2c8c0d3739ddd7

SHA512
2e51049652e19c6a6b520d4ae80fa6680ee201b11bd22e995edb3533c6a52387881c4e1faf15306adc7e4feee6080a2c0c1bf5c7644afa6d495ee3f51eff2e67

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
c7b9b85c37774f2f1fea4629b72e7bcb

SHA1
8853de774976b21c63dc96958c17d02b2d5a0f84

SHA256
c1fc1fd35c29ab2616a262be932d74f3660855115933b50412959aaed9544bee

SHA512
e24ed0e396cbc991f4be19985452c681211df9c8b1755e1d531c062df71d256148b1ef1e22cab205aba7eb3ba90e8c36e65ace9de59ba8c2c0fdd696ad443d44

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
d741a87d1c1030efa5aec6a2c6829f22

SHA1
0af2b1bfdb5ebcd75ca635a20533db3d14863b2f

SHA256
6bbc90c3c3f3331e07213b5f060cdfa1d547cc45e56cc7576e50d33e83f5dc4c

SHA512
8fc783068194c9bea92232c98f9b31f9cf68e7b4d5f8017e25a597175cacbedc6ea375211e0e2b75ab03b18a971da525ffe32752c1f305231c0ab94815bae2bf

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
60e352f1a8cd6693fdb208d402be9a4a

SHA1
98e7807a198b62a2d9af414cde11198ef37a8658

SHA256
f17fd2ceee3af29d5a8455ccb7f89bd59b85327c9a52e23ca98337a978dc0da2

SHA512
e0cf2bb4f3b298770a6f722626f7b6ac3df548250f2d29901776f09bb0989999eefdf317b67c005a2d693d40c41ac9a8710ac8895f9b2076b663feedbf154bc4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
245f32b45f476707656b2ea0d9410f3e

SHA1
2cd7b1fdabb8e6df9ea309fc481aed4c7104e572

SHA256
86c11f6e467352d055162e79f11d52094142cb341cf013fcec3c51919621d50a

SHA512
05fbe0b5e8a48a4be42552d3471875bf2fa5aafc0c716c30de85820f45f4658543e7f541e620bba01b3b89dbea3c623a46cb8cc3f1d8f5ba748448049ded1b71

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
3b1fc5036768a855871c163c3a5675da

SHA1
9cfcc91fed4bafc8c5abc8ad0bd52fa722a1d391

SHA256
1f70dc953c6880976f3a1526b94572fc1e57215e4554ff340a996ddd91018097

SHA512
2e1262494102dae196b9f8e0a077a795187dc683cf8bb63a901d6b889b18ebf6a49e24ae020afe6f61ba4fe10fde6fe3bae5c3078cedeb33b3967ca0249f8a83

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
a72f41909b98c90c375be21903455944

SHA1
f32d597f2a8fded0f66ac9fa0e080037575574ec

SHA256
259d7a6d6fca0112895f21857cdefe236adccc6dd31fab77200d93e07bb7c31c

SHA512
2d3166495377f8f6f01227026f1d61ec3d861e0400bb1c034ba1fb88ddad81b13e6afb10c3dbb8de7bbfb1b44d1b810407bd1a004a07911869709f5974e276ce

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
556bbf5fef8125ff7c422889878a7e84

SHA1
66309d64fe2a89e44f9f22e30dbf7d3c2509b961

SHA256
c76daccebc98a6c0d8619a335f8e90ef52bd46f1b9df658c1cda9cda02369b18

SHA512
32e2fe8f79cb520fb3626d5e507fdbab0508faa70a5714d47063b9cb1330eb9b9c12777dae68b02038c995ca710fc85460b955bf1e2e2011b893bce84d1ef579

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
2a9031623f234278b9b2190d9dd2658e

SHA1
536ceb91337e5065e44b1dd165fe58465bd6deed

SHA256
824d49f03152f66d33511e54f3f3fa1ae7ef2656c34c7f1005d909a4005e3630

SHA512
761e6e255ca8e132a79e80bb30411652ef5b986886068e6c746ad3ee1094889cb8cca4a5e85dbff4bd576cf311013a4c9a7417b9928599decb37fcada586276c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
fcd54a4d3223ef507a7a7695406997a7

SHA1
4f0bd921a6cea06f26d7aa991f6bb05788d54962

SHA256
1db9a34f087ef175bc22e999dc72150da69e651a74d05dcc61f89d5bf9b03d05

SHA512
80f4c3e375b896bbf3ba6e1982d9b576f81b5eff82ea985c2f4b0a3651dd1624cc18d24485a33d07e0e90f9c017b34c4b13361f07a736d13f8e09568eb98119a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
fce28fe9a92b25a3238b7b17dffce775

SHA1
5b9884c1206f0ca55e6a53246d6fea8021c81e01

SHA256
a48b034ef2f1adc1fefbc460080120a5bc8fed27189a0fecb2ce1a1efb0fdb68

SHA512
31e75042728cff1e42ea42c5cb1f8d12170a4e810b7dab1b7dc61c7764bad7b27ba07ee38f0bd85b7a2ee882427f3dafa07ec9eb8895a8dcf7e38b5f6707ddda

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
58aa2890fd9abbe8016c8dfb6710dda7

SHA1
f98de1788225c9035b904e78e4919acb1c609dbf

SHA256
38678c5d63bd4901ba3e843f50400ff0b569b8cdbbc699d7fad5d7901a2198cd

SHA512
5281ae7c222647f190535b4649907b763a0e458c2add2076690e1209759b4ec527b10c2980e26014413040ff1fb74e38284055a2b7785ee6d8233580a82113ac

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
45adbd528ff31633901e30805f9295dc

SHA1
6a7e93bcc9c1cbfd05143844df402e6925653f23

SHA256
f92262abf3660acc3dac8756a351d76877cb60baa7910dca84f40d9c308d73ba

SHA512
2e7d815cad753b16e4e4b22054f4926c2338d9655a5134ad35cee06777af0df9b0d5c88abfa870ed87c92cef3908c201b2d8d9c001ec469ac7e9e4eac95b5703

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
79691f2bedd7db9685097c4ea03de20d

SHA1
babbbc32a2f20f47831e48193f8d391f99700474

SHA256
7d0636c3c58bfc9ab8f2187c49342089b26dd803df8c662537733afa3d6310c1

SHA512
76106995f4fadb2a086d539d37b80c045a43215793370fab8ce79677cf5cab9dab7fb3024466846643696bb14196e5cee0115684a16d2333e35507f67076157c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
eb27799707c2995d5e68cb13f9db3355

SHA1
54d06d0aff1ec26490f3c00b237a8c5e98a6c91b

SHA256
074729522db7a72441cc1ee5f164f3402ce6df70a04a0f96c41def4495a1397b

SHA512
42ae54d53f8b6c70f44e18deb82d7278a33c5c6caed85dd71813210621093ecffaf3edadb211c3fcdfbdc0d903d3fef1bf2f6cd05d64c18a748a709dfeb3c791

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
a1586373d25658847be58ee29123669f

SHA1
33a702f537c08e78f42c413d879ded48f3366f9d

SHA256
0689f103eb0fe66f8d424e9037acbac22c1d0dfafd9e05e32c12e3c3fc9f1170

SHA512
a0b637677eb1ea4b9dca91ed00cc5d4950096b799d2d423810238679665c2b8d95fc501a710c991894d96da7130116ca43334ef23fb8cc9f2cbdb45dae54b35f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
29da735d9cac27b1d797e037e4ed82b1

SHA1
c0d767980e2db00b2f9baeee74bf91aa2c738d9a

SHA256
38c7502d62ee3ac72b7771cf0b165d33f741ef396985fa182fcb6d70cb2f25a7

SHA512
6904a5375c6e0a9bda64143aa844d640092030843ab54175aeed0d112f2623f6bfa3ea30da9b13b95f45edf89986c2c8d2f0dad2acf385ad4b8e27e1a279c57b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
73219fd2ed921dead647790729cd594d

SHA1
5578648df7f17388fdab7e89bb6e8ceba3b4a98e

SHA256
d52594dddebdeab7a997e8ee2b2db45e6b93e4a1b02f1998224bd819ff190a12

SHA512
3b22dce9be87011d7ba06edfb863afb5a472fd02ba66057a778eef717360905045297e4f6e8494887205c85f6920d771d43f7005e8861e751cc57f78d2d4599e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
01b91b7213e46bbf770bc38c9ac66c3e

SHA1
a37ad92c208ebc7405f58ea059ada4bccbe62bb3

SHA256
0efdb4a7b1ffc74248fd022332dccea5edced96289ec0dd10f2254eae13786cc

SHA512
2e25032964f68b35d55058e669766d777a999515f0655ec924c585ef6b2a7706a0438356bc1c5b736f12f81e9ab4a71bb7eb453ec1414dd69224a6bf5023a36d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
08c98eaa17ac68f3a5c29f03c27d9db9

SHA1
846d9209de6b6852adb0b92db781b913a3f6ee7f

SHA256
42703a1122954dd99c764dbb708e169a48179393ca44627ef5767404a35d366b

SHA512
e18442e464607102fdd55bc63b8ce35082df2046ccc635628496f64be8aa7b1d9c302af1a0b1e8b6ea48b8710e7699513939a974dfd6b2c172a676e785d31e2a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
ab4f81b7673924705aa987bc0807be28

SHA1
8dd2613808baabe1e826aed8c48a8acc4ce59afd

SHA256
3a4495bc7d0400aba876a65e9e9b47347e403d51a13c9a94d03a38ea0613d2fc

SHA512
88e7593a574ddc845d205eda813cbded67928d0882fbbb0a48ef3785116078418f186463f64b03fd69901044c1066b0cdc0ee8adc344dc49b03e42327caba756

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
6abd47e1d4259a999efc2e3ff7a43e13

SHA1
05fb2c14d8543f49e99da2a71c0fc1afc2cabf54

SHA256
d1acd060ec20a1d0fc603c81cfe18c39f01697b5426b7f26ddb2c20452669c84

SHA512
c42abe94826356a3be652a7fcf6395c85aa7d67b27ff3b4b234950b8539e9440c2146534ffab9f06704410cadf9a4127ec56a0ea400ce40e9d14f8dbac20b556

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
8059309c07c28a8b47cfeb9fc7193264

SHA1
d0aa9c7d8b1682ab3b1cfa49be7295496d73f362

SHA256
05df65d5c2b2c71c86d824767138a5eb5e851298c633fe2d3ce3f9d0d0bd939c

SHA512
efba5b425aa74f2305f8eb3ac0248d3ef401b0f1ec7f421f5af8d5bb076824cf4ccd81dee3680034b2f0ddf3e2594fa4e05e8b823f2ca19406f0197c6062dbc5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
9c1f87f06c5ba15441362296635d3fae

SHA1
a63796d3907e9fb16f061096b7ab70d4b1aa4966

SHA256
7b2e1ad7a9a10089244c52295722cf3888139c9515d973a1c1efab55550334a3

SHA512
df66d054ff2f1ccd48d03ae75ea49e016bb9ca0da17c08199892008212a03a4c9ba5938c7f7a0f79f18c7b076fd833f2454484c905da02fac8318582f665c8e2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
f5bcea4c0ac755fb4f02c91dde26e976

SHA1
fc07f24fe7c145a783aaf34cec6e92a72495971c

SHA256
feec8573d7e37d1a7cc8fba3a1e9710bdcb2d9ab9c2f346245320edf8d6c6b60

SHA512
8e23a6e8f931206d07a52690f1509b5b8a989075679aecf3f228d05a70258137106cd86334c8e699cb94833642b6993a14f974a46192c3a706315b1ac13ce785

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
b04f39d9b936a3748fa465407a2d4d3f

SHA1
6213d596e8fe64218b03ca97fe41e8f54bc7a56a

SHA256
a6759e3f618506db5ac91131868c547662977d543454fc9c55c218e324c2d6df

SHA512
a6851bb71293ef72bf62fe0a0b7d5af709dc397e4da62d06d7c4d888639bde814255fadf9a9692a25b46a7bb7637b48d79edee45ba50ab61b3f647ce00a60731

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
c4af7a599242d217261fde2b2b974095

SHA1
ba27dcfe105d813248796ab6452d4172eb5b563b

SHA256
901f4efe7615743eee7c0ce479b95eb13e93658606e6bb1ea9e3f37f23eadd4a

SHA512
c6426c744ec7f1f83c9f68868b709675dd8df59d262e9a55a5db03c9ce2956f2fc17e686d3c11cb0bdd6f8f414831f1afd5654e51da6d9c028b9c84ae9ba46fd

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
54887edb0a2d226c8830e03e88a1772d

SHA1
43324e9bebd51c820029dc15c7f7aeb234264b1a

SHA256
873ea61f23214ee9ab7c29b2957daa86d43a1840eff2018d16501eb35e5aaaea

SHA512
0e3600fb6f4902c291f5e23ae42c7ee8cd4ea87ef3e6faa9df595ceb55e288b786f064b63f6f571c50067030af54a02bff24a075fe46efef4a8b7ed8240c3a29

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
8446542ee3f14cfe25c80419809909df

SHA1
9e854a64a668ec271494a43dd3f37da605816021

SHA256
4b2a4cce90f8943fe05ace1916f61fcccefc60bc7ebac4e1b26e671947428af2

SHA512
63880bc13e419b95ba5c5b3493b7fdc2ddf9b339ffe873d555a2ca9ca262d50473a2735a2dcf1fe9fdc18a3d5136b9947595aae69c4028f48815824683261e17

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
c536c03aaa65054cce4880044b3f2d60

SHA1
d7baa01c1b83ed3d6084d238b28f5c89cffd1735

SHA256
abd29ee056774c559a8fc8c0d57559b5f31f49118b6fb47f1805a3744b5af6c2

SHA512
6c75d23573993327b8dda13756e177059db3cf7420eb38bd499c554d3acf68f34d3bf785ad377fab6183543467555538b3265d6af6662e2a043accf114d9a88c

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
3abfa86076a42a8e533420507e20b3cc

SHA1
c254d09f51f7ecd7039ec9b6be678a5339cacef8

SHA256
76524ad54fde74fefd5b3d79a77d074144cdf09be5cc7a25085c1ef4bd92e16d

SHA512
28b839a80013c8a1e87be35c4ae170d006c6029a7639556e0045fd013e4d8c2c3032b3f55660f1967350765e1ff85d34d73e306e5f14f11e0f13c0290177c0ba

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
439eef680a22a736a8e359e3cb59551a

SHA1
5eae44b403a97b84ec97fea340614fef2790da9e

SHA256
ee51e41643967ee855ff4927b12eca4920b8eb6b0ff713ef4e32e55ef4a8e3ba

SHA512
cf2703f1398690bdc8f388f26c98f66388ed6597d4262c6b550050335712c5301ce901adb7e75ec8674610ac04929c2757505185364b87af5d0efce5d67d9348

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
f32a74b803c378178b5981ff66a17384

SHA1
f3e9579a7b3830871e22eef5c631580db1312058

SHA256
96f2d9c54f8c351911971a5000d308e24aca4123273c94159574e6f7245904d0

SHA512
9b6df3f04501444cd86f6a379a2f7cceed7a1629e03e8e07190a68f1456f582f5577b3f920b8d5ad6aa2e837ce0a0333c5d4d18e319ead553cbfb621becef95c

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
a186b6a76e8f6559a8a52d9c69f9aa88

SHA1
002ac2f8e967222e13bd2c8eba1fa977cde9f2a7

SHA256
33de21b02f3e5bbd8cd200bb7093c7e3790dc30bc62ffbf1d7178f4ee2e74526

SHA512
52bfdfe7f6fdd8612a3ab69642886680d2a4efbc4b8ab5db4bcbe42be6b93aec212e479483d8ec1673c65f87e2deb38eeef934fa01e41694ed7a74d437e834ab

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
0b88e05e965371b66d1a913a082cba8c

SHA1
dfb7f30fd1f47c77fa1947bde23ca487c08f2ec1

SHA256
ece684ac2d0dd48060db9d31579e6d0281c427680beba4dcec36bfde7c11cb28

SHA512
9803bb0d618001f214c9f2d21f68de7db88669c4399a9f2f7e10f0382e44312f47b3eaeda5f18e043465238b1a19f5161655807e90f6a5f066ed949978fa2d22

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
87353abee61ff97d04e01d1d646026f7

SHA1
cfacc415a8369446f6df7fe271125ad90c73ce5b

SHA256
268216bf59e58ec5553faf0eb26ec5f2a7b5834b28134c1f8aa1230860c88161

SHA512
96dc902731e341a1e255c36ac6ba44b9c10faf1b71f2885b484e91733ed88c9908fa951c5a7edf8da6eb82ce9c4756612c44099e45ec7e4389cedc6bc5671a6e

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
20d8b4d3b97c05863fd31ca23015e157

SHA1
9eb246c4656223069f7d09f92e6fd3bc84f39328

SHA256
533ead5fef92d862979b0e79048272a8a75c7a8b3ce5b47a57dda77dbbb763a5

SHA512
daec119172a00995643f6e1f929e63c9f44e3a19c9e5380efccd74c3034379c06a82d30d9df145afb1d020182df5e3800f2ff057dd2032151d304628dcfd0fd3

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
c488e2b01a118b59ffab91edfc2d3329

SHA1
0225809d8e19967f27ee40304bb1b17b4939118c

SHA256
26fe7f2081ef78c796349d04accae1fa960d231c3bb4b8583b18ff2775d47430

SHA512
caa42c5a6d4fc8b73ae4dd9c9ff37b26be566de812b291f3c26ac248893fd541cb457359908d88db116944e3d31157274ed52ee862e0bb7bb8ff7415c77ccb4a

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
aa53560f1fefe57b913d775c8f8e3884

SHA1
01b111af7056ff9fd291154de6f2469853641272

SHA256
1c35a3839c28408634785f0e2b0b11de0aafa0cdc9f6290a7364190b2606adf2

SHA512
e7ff94f3e29b7f41b2569c3b19ed10c094f18a78cfaea0786ebb839b4ccf06eafe09cd07e648825f7164c37f7b567bc9cfd4e8ba6830f6a48535201efa485bdf

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
2091af1cc2b08efc6334d70dfc3dba80

SHA1
5e7267dc20c7814485242c872e85f0f8e496e5a0

SHA256
ca4525f38ac4170c08a0bfbf01b5f7407d8b4cbdd538b8bce30610a7f674a123

SHA512
905bcf291775788ee337fb355281eb82bf6b83fccf0991f0bf9e483eaf66df710ced5dbf6a8a7922205c8b70f3f2af06b5eac629f3cfcec9c25e8fd0fcd8e079

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
e808f83aa77b76214dd66b579743db5a

SHA1
ae2280e09a2226b5e37fbec54d35810206fe115e

SHA256
7dd7b93db553c202c47732332330fc9d732f0f05b7fa9dcbe265192ee66b306d

SHA512
4f7949bd2452a0232e3cf4fc2daaa038e2133e4e914ae970f686ca670bc370c46d9524b9ff85ce3fd4331e9823e59b49eec57655aa07771d127e76ae66295604

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
24ff9ddc46728b62831081fcbf805358

SHA1
68b7a05e45c5cbea8be3e24d9f9539dc8e3fb21f

SHA256
64085e249b64d47dae4f5edde6c7c64555f05783aaf16b3d660a6f8d268ef651

SHA512
10bff29f0cb3e7e1c7e60a9362070f6bf6da1e6b77533d8de5b2bf0ac82b77a1c9783f5b26fb5aca64a461f84ef9c7f98146bc7f0ea9bb7defd9d98ce5f36c61

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
3c27a3c806d228f3a89e43c994c31865

SHA1
83f34b7ebe4e67f90f3464cc32d45c6948b63119

SHA256
fd78ca4d8222ea5ffa0d0b11f1b3cbcb7b61437a0165ccc681db117bf56a2fe7

SHA512
8931ddc3edf0bbfd603c8c6a80be0ae62a20876f6bcdcdc44eed467259bb582fcf831a68ced3938aa696d8b40cf2a78da78b1d8c8f0c882fc450ce996d3d7054

Download Submit
memory/752-393-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/752-128-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/940-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/940-13-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/940-101-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/940-19-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/1252-25-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1252-127-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1252-32-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/1252-26-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/1612-172-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/1612-48-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/1612-58-0x0000000000C70000-0x0000000000CD0000-memory.dmp

Filesize
384KB

Download
memory/1612-52-0x0000000000C70000-0x0000000000CD0000-memory.dmp

Filesize
384KB

Download
memory/1692-375-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/1692-115-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2016-398-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2016-149-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2456-400-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2456-138-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2856-208-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2856-89-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2856-90-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/3280-409-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3280-228-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3444-223-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3444-102-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3508-36-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3508-49-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/3508-45-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/3508-51-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3508-37-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/3624-75-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3624-87-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3624-74-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3624-81-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3624-85-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3924-7-0x0000000000B00000-0x0000000000B67000-memory.dmp

Filesize
412KB

Download
memory/3924-237-0x0000000030000000-0x00000000300B3000-memory.dmp

Filesize
716KB

Download
memory/3924-6-0x0000000000B00000-0x0000000000B67000-memory.dmp

Filesize
412KB

Download
memory/3924-0-0x0000000030000000-0x00000000300B3000-memory.dmp

Filesize
716KB

Download
memory/3924-73-0x0000000030000000-0x00000000300B3000-memory.dmp

Filesize
716KB

Download
memory/3924-1-0x0000000000B00000-0x0000000000B67000-memory.dmp

Filesize
412KB

Download
memory/4172-173-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4172-404-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4288-167-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4288-403-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/4320-186-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4320-405-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4388-62-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4388-68-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4388-70-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4388-185-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4564-209-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4564-221-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4940-197-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/4940-406-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download