b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
Size

1.4MB
MD5

ebecd08e258de03bd8deca66391bc9e3
SHA1

627faa30963485dda6542c6f960cc7d020a736f3
SHA256

b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09
SHA512

ce593cbfdcfdc11cc3d102cd9e2246ec746262a400251c68a5074dd9791d5885fa46c284815e04bdfe4664f7a35cdd82df8596b3a04915e8f65f53081c92fd5c
SSDEEP

12288:N2mvaylw/IyES7zN4kqho3qJlW7puLThWyEIPB44CNTnpjFqQ:k8hG/5ESOhoaJlmUvgAPS9pjY

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 17 IoCs

pid	Process
3800	alg.exe
3188	DiagnosticsHub.StandardCollector.Service.exe
1076	fxssvc.exe
748	elevation_service.exe
2652	elevation_service.exe
4708	maintenanceservice.exe
2436	msdtc.exe
2944	OSE.EXE
3976	PerceptionSimulationService.exe
1496	perfhost.exe
2976	locator.exe
2532	SensorDataService.exe
3508	snmptrap.exe
1948	spectrum.exe
1116	ssh-agent.exe
3888	TieringEngineService.exe
644	AgentService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 31 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\dllhost.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\locator.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\d97d295889a4da0b.bin	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\System32\msdtc.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\AgentService.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\msiexec.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\spectrum.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_101453\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_101453\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3188	DiagnosticsHub.StandardCollector.Service.exe
3188	DiagnosticsHub.StandardCollector.Service.exe
3188	DiagnosticsHub.StandardCollector.Service.exe
3188	DiagnosticsHub.StandardCollector.Service.exe
3188	DiagnosticsHub.StandardCollector.Service.exe
3188	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1588	b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
Token: SeAuditPrivilege	1076	fxssvc.exe
Token: SeRestorePrivilege	3888	TieringEngineService.exe
Token: SeManageVolumePrivilege	3888	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	644	AgentService.exe
Token: SeDebugPrivilege	3800	alg.exe
Token: SeDebugPrivilege	3800	alg.exe
Token: SeDebugPrivilege	3800	alg.exe
Token: SeDebugPrivilege	3188	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe
"C:\Users\Admin\AppData\Local\Temp\b768b6034d3f17c17dc9e8d9dad849fdf223b624f203f69b02dd8d69d2cb5c09.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1588

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3800

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3188

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:1464

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1076

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:748

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2652

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4708

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2436

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2944

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3976

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:1496

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2976

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2532

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:3508

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2516

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:1116

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3888

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
698e65023adf958cbc6f81cf35028077

SHA1
fc84f6c3a06aa2ea35e634b3dc87992820520386

SHA256
9baa64caa7beb774bb62cbaff7d3df101adbb9bbd63fba0139171238a9cda929

SHA512
901a993847182c3a0b2f2bd6176898ee114d7e53970dea2d5cca21b4e154c269e93971f47d039dbbaad3b415729af725e902faecc7d7465c54870ca4bc8c2900

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.6MB

MD5
7a2c4ee47462af3bb2a6d0815aa89210

SHA1
59f3ad7bf764405e827dae1287135c47df343923

SHA256
ae5522bae08dc48974468ca37d3b978f9275f1eb83356fc74d4a3fe5df54962b

SHA512
d59d206f7080f212cf67007fe1946d3f67bcd40034c935b57f230c92e336607f99938401ca51b2c0f53091c632f5cdd74ec2a4f3e9d5f0de2ef6dc45fd574c0f

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.9MB

MD5
a468fcf963f6a902b4267028455011c7

SHA1
2b6155c2504d3aa009864a50c77923e9ce5485d5

SHA256
f6545f650f03161e65485501ec435e8cd4025a83a2955a4dadaeecddb3d22265

SHA512
6211cec7846c23329a30042ac728fed315b68a1fbc33a08c9a8937fbf1f3f6f688754e8ea13fabf54e341287e2ab9de387d9f532b7a6f63c5bd5957a584fb16a

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
e2c45016800d16058ee165fe927ba3d3

SHA1
209567daf6b797a66b0cb7bb81c76750e0b175eb

SHA256
1829d741ca4872a9144315b79c7b180e95098c2a5fea17b8157add6d2ede0412

SHA512
42981f41a36d0c6b183e1f7f55a7783c28cc1bc296faa9844d4675031723a4fcfb3d466404712cb6b975936b0cd96c1969908303d18b5d50435a3d989ba379c7

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
130d30da5c2ebc6f14b9d2ea1b9f6f18

SHA1
0c17612e8a9ace46e0b69232da38954f758240d1

SHA256
c5c727b9a80806f720951d6bc23487bb7940cbeee66428c254ed9f5157454474

SHA512
c7a69f410e60bf5c177b9375170ba8b9378c9dced1356e37c80a0cd0dac74e1a1d961abf4544f0620882e17c0db47aa7affd80061a853f028697870e50fb9d06

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.4MB

MD5
a863e4c60c54524df31b47f60b29a281

SHA1
398d46616d0c8b16629152a95ffa5bfe8abd6893

SHA256
09de8211aac2f0134b90f7050871a0faa4ccd3c50660c1d82c2ceb713d7cdc71

SHA512
beed1b4ca4550b748453c6d2ee477179414a0c3b47ac7eace3eab17388f8a092271147a867f06b8caee995c22408ff987bbcd28d4e87f5fd40ee0129b42d16ed

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.6MB

MD5
e6af13a9956f46d3956607efcc5fa367

SHA1
d0d070e44e6751e937390b5acbccb15c11bda99d

SHA256
1e1be51fe4de42062481937990f09557278230b007fd89203c38e5ee5c65aec8

SHA512
300eeecf1049d001956ab4ee3c90613b93667749cf56d9ad36723ba112be997e306338376ef116420616a035716eae2296af8f1696aa847b7f253edad219b7a9

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
ee4bb958aa169f650de8e82a70e1ed7d

SHA1
e68e601212d1ea9451159f01ce04abf981bcf848

SHA256
e427c96d491504fbd3b7a8dafb39725b2d9dc9488fe8928a43036121e5d25b86

SHA512
209510d7dd6ec50382f74399e71f8b633a6a500588eac4de0333e1fc40249d8cdd4b6c4270541bf7b4cd05f26fb1649a0f06ff265cd5c6b45cf57b3ab53a2b48

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.7MB

MD5
bb6c6981f8132b4a7da1f25c087a40dc

SHA1
ba864480195524a9fd95f050161f4193e3fb5acf

SHA256
887977b0334069faa59a9ae4c12a26d764e4f19d88657d1b9cc36486338df7ba

SHA512
62fb54715fd67e64a3e968b83c793064706c7a4831925a8823c127ef9b143e82f4d65fcdc9a5dd14c0983e2ed0e6bd11ee3f9180ed4c986dc6ebc81766408c30

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
b92177aff99647340de528b22b124a81

SHA1
4253a3ca198b99ed254590510d9d2669e984f9e2

SHA256
d374e2cdeba8b6ca53293e9036b689167e9a96b790e4aeb329e5a3e66089be1e

SHA512
67b402472418643b3b44c76ca192ad4286a63e56f4836d7098fc92a820abecb02fb9b9f9a04181c6f589f35a6c0544c9f50cb611b039eaa3a671858b870feac6

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
5aa342df1d811e81087c6530dd6e1687

SHA1
630624fdb748d466919f38b651d9defcd6634e56

SHA256
1509dc1e3a0f22126b7f3f9f33c3534b8515633d5f683a9fae86ca6c0f72cbf5

SHA512
fec90fd49b8bcedacd38f36ade38be0d10345e1af414e28394e388f686fa83b1a30aede5ac5261764355b62c75f8daff8f25df5df7e8ee084df61e77ce133a00

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
abca03505071439741616ec343de219a

SHA1
5a5c8fdf8687596ae806ab62d273eb89d9cf3541

SHA256
7940ab16665aee446caac57af52fb9c662b8c11da30cf278bf51a98ad2bb1de0

SHA512
6994977428ee1c4c70c53a8e7bf5171b7cb220eb609940b4b44f11051ab272f73b1b8d920ff35d33dbef7c5c7ac114312eab759687241e4a4c27b126e4e2cd01

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.6MB

MD5
ca9c7bb2cba26ce8e3b4fc4ff484514d

SHA1
7b9b504cb796ba97a7723729ff96a4628004b152

SHA256
50f611b3ba1f5d8dd7c75c6ef64c62b380259eef0cfa75dba0b12b7c87079a01

SHA512
66458c09bfb612fd4fddac9d1b6ee8035eebd72007f48f505439412e88bbf6898e7a1925f8601c003bfc55c55639bb61d3e248d382c3f0b858e2856471478475

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.5MB

MD5
2ef4a44e3b1ece4f1014d4933f18bf91

SHA1
eed3c94215efb248a924bcfbc40a98c97d3c0710

SHA256
714610f742f4c210179001279461852602b0f845414bf2684ae90ed8488f3425

SHA512
a725b30b0c1bceb0e1c1f72901c1910bae3eee2ac023c313a5c417ab866dcaba113ed36703ad8c941f1524881100b5f9063d49e16f8c446ee22277eaf9e3bcf5

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
69173a0411739b508e5034e8648c4afe

SHA1
019169b92d3c2b6f1f87578165d7db66eca79136

SHA256
43f4d52cedc6dc63034bcc72be9f5e76545773f1b9c6a35c05f44038120bf438

SHA512
11c5e57ac23c43f80d19235f2895b1310c8af0bbd8f3a00f3050c8badc89ee64f48f72c1949caee7c0c267a36c9f7cf5e57c02a6e44868c5ce17d0f12f90c50b

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
accb4456e75b2f01af0eef4d9b709a94

SHA1
3443305b81bed6a2429d0c56fcab03c376e4e0e8

SHA256
71c57b0509558c3dbf66cd189bebf39c9cd26c8c23dd99596b58132f4f910c73

SHA512
6d232b088d940f355d99d3a4abab66b876fd322ac8957ae415aca4e56f06ad99ef886e226de44fee6d2e73a38f7142636888fbbaabc24dc0daec0c8372675fab

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
53cc28328700442033341dec149710a1

SHA1
26d3d32095e943f532c6bc5d75d227c33b99aaa8

SHA256
2465f7d901f8afb05112a536b900db4c8d4d5367fc2fa04491bc1c7f3f04b8b9

SHA512
ec5c6cb2cc60ceb772cab631249d7c66bb78071ff062f07a8687819a3cf80537c13373b2da877ee4cfd75d3a770e8ae817f4c2fc6fe58a0c7945d420e6c53b5b

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
3a128e6c64f7aac7f367530f10eb051f

SHA1
be69a5121d33a86c96f30b7d509fbb525747506b

SHA256
9f33cf366e4d9b3c1273ff81aaf65ffb78e604d26390a757f9ef2970f65955ab

SHA512
9a2e069a2fd2d94b981216296ec68f74d66b93d100b600ceb783e773c5c2991f452efaa318bcc8b16a2229bc5fc4b0fac5cf656921cee8f984047ebabe22f947

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
af47db24640a2f6f57edfa291eb6a2a0

SHA1
c184c1faee0085bc7c887a4e9abcd325f193832d

SHA256
b801944b8178203afb0854290cc75e4c74d7d36d000d4cefa12e76ea89659468

SHA512
58076b4e41e6c08ce2cb9476fd93546ccb877d0602a41eccc3f8e997ceac172db682461130beb142476d8fe03690463ec0b25cc978b2229d9399ac7f04676a74

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
37883c614bf61bb62c9f5dd92f5ede77

SHA1
500054162e607e9b8940676e67f4360bc2da9861

SHA256
345f7be7ab46d58a5e778e4f59ecc92456c0c6981a3045585eaa63d6392150f6

SHA512
ee3fa7afcae62c06dc3c82321364d857c86a2741174bff2785bd209f4e4b0531f3d46e4d80d9a38873d801fe4f3e424967e7388abf4a21cf7eb9f918ad3bd46d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.4MB

MD5
e5728ab9a7f30bbef6fc182238d8720c

SHA1
93673a91fd905fb98cecff98f54d9da238c9a1c3

SHA256
e89be445259eade20ae0c2acec85d6f7cb4f50d3aac55080fd41c4caad3d806e

SHA512
f9b6e4427d2a14566605be8665066ecaa18cc41c477353691dc5224070c45382822f6ca19556a719157ba371c0119b7f5069679d04c08be41050312d102a290c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.4MB

MD5
b8c3f8e6a498146149be402a6126b179

SHA1
305d76fa6c1a9841e90f0586fb263179614a91a5

SHA256
128e20d08cc01b811b850d701c9f669cb12e8a776142540e289154980cdd2bce

SHA512
1283bc048e0d8766393dbc205a2d57e4382f29fa2fd14000be81aa80727e758902ddc2583c4c687f8e1375a9aae4964789d77b0b851a1361265131b1ea86cb1d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.4MB

MD5
d467cbbb976cfafd695d91706a955f4d

SHA1
6327df0ed922eec3d51a7607eb5a63a4870733c4

SHA256
7da5161c55b43eb1cadc78435d23ad74e827fc5691023721502e00d0e39bf3f4

SHA512
77b5ced3d43f4904ebe9ac947a0eb592ec866987e4dff979322670db4c73435a6c0d33cde16b48fe2eaa076afa7cc14d778105260e891b1500581aeecef049be

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.4MB

MD5
d546a97c21b673761419fa2b0330028d

SHA1
f0117e1ebcc8b6ed9bbe12160e2110a2b6722245

SHA256
652ce5be64f4956350862dc9635127bbe14f690f64fe4d97fa9a157f6df2a74b

SHA512
f8c3ea4c90f0fd669d82c5aabebd8fce025eb9e0b84bb5049076a02c91754a6b2723deabdd9dc2cd0625ad0d06b75a8a8339d350d0406b5e37ed70ade8b55c2c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.4MB

MD5
a0946e382e28194ed41a6b8e8c15747f

SHA1
af9fe73c2cdc7ac584082dc55d7c95ffd75fd87b

SHA256
d2075771dd325f171041a0843cc651436491dff8859fec8db35a6f8089533825

SHA512
70ab4dcf05331172a2687c81ee2b70e965a520aa8429f9a89005bfbc5c8292595c49ca6d4ad93ed1f1033aa33d0e057638ac0af2e1e8e0db465498b1033b7a20

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.4MB

MD5
6c966443edc6a8c65725596b3034ce51

SHA1
320cfed72c79837b4fc8d2e4d906201122ff862f

SHA256
bf0d4c179d83353f7477c532e62b71b4137433976a05b988b72cd6e196d4e159

SHA512
ea224e9dd000ca17af01aff4d160985aeb74870e42735bddfbe082f0356b9869cca3c99441ba07e436ef0a325b78fab2350461e46dd6e6fb67d2c8db8d2ed070

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.4MB

MD5
a4b83b3671e36a42d06a727c794cc0d5

SHA1
44117e05cf7ba477687c1955183e48378b07b92b

SHA256
d86a9a4d1a6a0d6ed1dfa021a5584a07aa427ff9a62ea709df1f89c98257f83b

SHA512
8c5a6a828b62194db2e2fdaaf90bd14d35c05b71e41f34ef5c2f952b60ce2926a1ce6938bab26396daabf30ce944e3266c280961cc1203c4d80f327367752f6a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.6MB

MD5
e37fc2cbccf9bc48031306926e840c35

SHA1
db323b48bf8b9ba950e5023ebc2cb6862299be9e

SHA256
911ac976daadb113025e20559802917004d2efef69fa396917a13a1ad6221fc8

SHA512
ac6d13ee4ab3c09b3751ede6d2dfb5838acc6b3206d4d51585d0910333933a95e4de175998634a51bb316a4ac524ca196f255c4c72b32356e0b4833a7f96c5bf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.4MB

MD5
17187e086a2756628f42c150a1400c4b

SHA1
785d633930c00f851beef48b4ae42e638c89ca3a

SHA256
1f662adf540ccc3f8b8d9e4a0686ff135373ede02215a23b1a2a29a59fc07684

SHA512
c03c3f8b7ff86003685ce5acc6d43c962898690857cda8c1023b0954902f8dfe6a3c5458a909a8e123dcfb55cdbf477c510f981e64026bcd95b43875bee02bcf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.4MB

MD5
115ec4932a0304733a9dac3cdaed0ea8

SHA1
7cd9dca4d83264d77b1ccfb944998360088f4586

SHA256
c4fe9ad86361d8e1f3b73be553530a8b3ef0abcaa12b7456dbce9c20de5857da

SHA512
842a897bc9290b8e333567f7da38c7599fad1f2fcb286b65519cb0ae63c2ef2e3e3806042aac627d6b9dfcb684e297b937bb2c009dc1781630ceb5d72bf0c669

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.5MB

MD5
aaf35672c5c870d1f5d57db6e09a2f18

SHA1
c22dcebfe13aaff4b605f5a91e2c82e3ee54b5a2

SHA256
34debe83409b3a89ddf0cb8247b7397458b2373556e90ffd6e01de2c7e78e21e

SHA512
f42a47ed2963d78fa0c93aa66a29a0b322e7d62a52941b4dd0d4acd301b4a965b6bf6739a851f6d944a081f1216a72d246639d7179b7ab06c53da2d97a468791

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.4MB

MD5
4e198b3b8ac4fab0e6f9a8e37e0b2ed8

SHA1
8ca24f215a15f0723178056bbe526fef02a1354e

SHA256
e0fad1cecac5281ef7c4a03ea964835d4dc57e28ebaa2a7526a0ee8d181be1c7

SHA512
2db593df9ab7e619cca08a9302c76bea135a0c0604db681b14346b5282506476eda60d58b15f36c95d6cb00324e552c4baf39b568b3213b239e49bcc8b20414d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.4MB

MD5
8db2e36dcbf6e5c7e6c692de845220e2

SHA1
762577c0ae05d6584ce0e3ba7b7aa5bf984b762b

SHA256
b692119e97f66221faa5bc74d167b0c0c3c94432129f0cbba13b86b730a08be1

SHA512
e9685f8c3cb4f56e5689a86dd61ff6850a4f543e96f637282efedadc7392b35c9cba98fee1a619d8fd27184e4361a2e88f921a2635a7765129127c8fbed9143e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.5MB

MD5
e7a45959d912baffe245712bed551981

SHA1
3e34baecc0fb43a4b1a1ee797190591afa59fbb9

SHA256
11decdd4ddfc4208d7f98eece0c79944699be63ea9d453ee313da989f3de1ffa

SHA512
51d03fbe5946ab1dd6fe4c772844086e9d164d217fb1e046b9b3277d7c2810e43b1893ca8b24d271d180bb6162745d4f597443aa71f5bc4648edffdadd79d6bb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.6MB

MD5
26cf1cc58720c632c911d2017b09e633

SHA1
1a37118720fb283fe60753aa6998f0d07282b6e7

SHA256
07b37eea28037778bb53316f2cdb72e409c2a2a37546f1c606b7c64df589044a

SHA512
e0b5c160f9bfe0c04a7ab04a941d5c47969594d14e0064f1c391f5388710480f5796d4fa4c09f7456ab24804b543ab2094e09a6de8e3e1ec0f91e5ab87cf9922

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.8MB

MD5
1eb73c713eeb04fcdee78d07c6466b7f

SHA1
cb573302611517660d30c5a8128d40627fbfbd45

SHA256
22f438b55337e06fb1b8b17f1ddbdcff3ba94d493664610a88a01d0b01417f8d

SHA512
3d811f6d3ecb241f57383d855aea90d38d65d3c590bda1d757d3d28cc4d8db199b37abd51abdbfbe170908125c90cd53e0a8298d6521508be69e7885226f685c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.4MB

MD5
c58201274ad55047deac1bf8baa0fe27

SHA1
5d4a1e375ebbc9e5c2d562e9def058428b11b7be

SHA256
e3f45e7752329d02e4d6d43e2eb3f0799dad20f0989a588b08b5c8649045d2b8

SHA512
c83b3378be1d9ac32087ec47c6ad2fc49be29c802ee5c8be93775cd33fdac3a2fc4f3ef38fc7ab0a6cfbb2dde321e9d260baa130f68708177ccb035c630e50f7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.4MB

MD5
c7990a6599a1e0038d194e615e3194b7

SHA1
2587fee6d8b4a1b7912f934d3e8c3b81f44824c1

SHA256
0a0155fffa409358c2c946137cfb7149857d0ec5900ce63eea9b164feaee5312

SHA512
9ccc6577682d92b0095f97efb8cdaab317021e45e8c8c04cca8013ed2ba453743f833552185db55f08844a5091a35b9863a2c375936c69b886d0af292fa73114

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.4MB

MD5
3e3f16f1976fe19c0a49ee53becf3a5d

SHA1
f6649fceb6641bc25ea5c0c71fb6be7880fed4ed

SHA256
cc22dfa3b44ef2fe1cd95b3e4b5c4420d1ac6ff1cb36d1842bb7bc9d20b85f54

SHA512
25c690f5409025521384960eb708c3cb99b2e4a9c624930bea66fe2b143bb13838acaf1548225cb7c75bb785ce330665ba4c5ab31a9e85143f9fbab32a59bdc5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.4MB

MD5
8133aac6a97512898995fbe2bbfc5021

SHA1
62ee126fc0c3dfeae66b20ed359ef8ddcbd55808

SHA256
9a30376f5c1fb5d65f9d2cca7a1a787cff4050f1219988b0f6f1e02c8d71f31d

SHA512
0c33cd4bc0ee7b1c7be73f2c664fdfbb805c772641565a71b2bf0dab45aab9c15b75bee090f57bb15caccbb61b615304f7c372d949b3d0212dce794828318c8b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.4MB

MD5
91a420eab2724b69a1b39fceddc6c535

SHA1
05f772cb861af35a7d76318edd59722620b8d6a4

SHA256
870254657de0bc2fed24999b2afb4de0bae7bb82caec82bb71004824e2250ad1

SHA512
87aa16ae63c54830280377c54058623931126147d75c4deff4e00beb7267c252f50b0c2aa4962040e492a65f45ff9886bedadf8e288070fe598f8ed3cde5dbbf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.4MB

MD5
0f98cc3cce21ea757b1204f546f355db

SHA1
89e1963be28b68ac913270d707f3389465066fef

SHA256
f834db3c2884abcc2a7dd4f13ad4a4879f2863d9cf6d216127e107e0e9d0cdbf

SHA512
a6ade4bb7253e817d29d8c2e24e773eb062fc9dc6427755a9a068b81c3fc9291edec339e5ceefc17617e644a9e3e0847e70ab8f9792bd4d70c42c524972e29d9

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.5MB

MD5
bf7d4d09f2cc94678d386b30dcc24b2e

SHA1
464a5a28403766f9e4c0c5f893702f2b02d78555

SHA256
3cdcaca36e1b40473106028e90488caf8ff4825f939d59e99ec11884309cd316

SHA512
af43438b84395ef0d0464a684cf2978da997c2b29822b61bfcda45dda16e77c6daa6fb738c8ffd24f1c719631206d5e70da05b1ba38e49a02359da3a79e99761

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.4MB

MD5
7e8e56ceae3b33a1fb3bd0ac3249078b

SHA1
799915399085dd96ed6393b86076d5b8e95e8e24

SHA256
bcf4966e89ebfc0aa5b6b5ae63c373d74b47965e4ecaf5c653302e90703cbf28

SHA512
d751f586e065d5c79e0012e18ee60906e0d573ba60d4a6a50c9fd52fb6127c8ac8779c62728d34a84c269be9fe7c4779315b8309f205e236f7f90fef1cca41ba

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
ac3834deab7f50bd2cff47f72887c2cc

SHA1
8a2db3bb622150c53196cb2bc98829d503c4cece

SHA256
0fc00ec31c08816c0ca334dac37547aa2b7600d142c5226123738b01594c0542

SHA512
4121fde9c9da6445ee8d9b13999833d4602ae87c2582177bf16f87a392d8b68a8915852279fd0dc07dd0b9fca8c279b13256e0ca88a88d8d841426305bfac6b5

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.5MB

MD5
3e6777db51555160193b3b5abbe6f4fe

SHA1
6ea7b8b99962afd8fd606809dc58baa873cd0b69

SHA256
fa9095176fc2f27f67106b867de68fdd2ec21980f50d60e33619ce3b5a81b753

SHA512
0d21818079a1cffcb1d08fe9bef06628d137804d26d522d99ca47e6efba61009dcef3089acbb4a71a804dc1ea842b5a5b1cbb74f9649cd3ee3d3882b567b4ff0

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
4d0263cbe9ef89908163a61cbf570f11

SHA1
6cefc8c66cbe08f65bd30e35c55d20cae0e5cbbc

SHA256
494167f89948b40f463068d0bcaecd6b9e1736504125fb882f5dc1fa96621a03

SHA512
9fa10cfaf438d0f6bebd508933da7f56b15c6d0ccc4793a2d2cf8d6fe45ec83a57af03b9c6ef6f73fa9ea2582ad1d4ce4919a9abf18b2ee6440337fe5f974de5

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.4MB

MD5
5b7b1d0ccda63be3d551657404820eb2

SHA1
5ccb8adb05b9a86277d4371eca3a2b54d7e22d81

SHA256
969e00bf3074023bc0e945b8322dc942f55c9d5ed7e467ebeb1e9ca0a31a706b

SHA512
b9ced05045e13aaa2edc6e7d4721500251e13536f7d2eac55c012dadacdf4d3cbe30eafe8467e830ef44243f266882c7fb077ae82243c4ed6e81905b5acaa4ce

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.7MB

MD5
6ab334226562ce4e41a3f56e14913470

SHA1
3a02d223a753e96e9ad4acef0b69bdb010808a08

SHA256
57bf4fd67aafe9f1301aa7f33e93448c6bf129be68d10b6e406c8d2ea56e3612

SHA512
bb3a771d2e59011d0ca7f65705ec78dae78692d510fafec1ba9a33c86e782393dab0e71cab59c1c6ed499864682766b3b6179050ea36362c247ad2f632a6db01

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.5MB

MD5
9229674073eba7ec2bef8dec73e1e105

SHA1
df75fad33eba43e276721c606acfbe49164a72df

SHA256
92852e288875afc9478231031ae0a3e4e3fa3531c2f73e9c7b4385c9315f7e45

SHA512
ced8292963a26f466d72f212a7e0375763bcc690713898b84a8e9a6587dc59a41a70ad3cfb85ee3b82662c2de22cc5fe5e2ce812dd37004a238898dbd1d7abcf

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
9fe59af7929f5fb077da4a9e0042bd6f

SHA1
cbb7004a166219c4d57295c5a6283c4ab2c182a7

SHA256
e3b31447972c919f13f7b1e1a0d4e754959511f106cbc100ab25d11624722a86

SHA512
06536c7b0eb910f1b314e2e982154a172d455773de2ca225cd0c64bfb6590f2390199427f094a546219e46f863a0a8c8414c11a9557d63d1ebe80c6cdc03c6f0

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
845413962d784b7031b471ee9a61903e

SHA1
b1a18f906a586305f70a10863da0fdb12b9b980d

SHA256
6deeb7e274021e7a053f2cd8b7b78131c5eb7f726b798df0ecfb521da8dc0ece

SHA512
49ecb4744477a9bc9fb9fca594d5217443ff47f2cb1a65f642c2757c10908be2145f4ee9fb08f209487e8098724aad0002238ad67cbcbe7c222cffff2c6b66a3

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.7MB

MD5
694ef6b2be64cd115314dcc2f7b0e64c

SHA1
d64880143fb07dc1bd9b2f348f468bdee8df3125

SHA256
a04834fb8ab23db856001105123d944b240c4cc520228f7cff3b7291ae232bbb

SHA512
5f04acb3fa381907ca33e2acc71ddb5f75b3f70c27c1da5669cb576e63b957ff183e725c8169d7f82f200dc3de703fe6710fd2cdc8a7bc4fdc8613057bced127

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.5MB

MD5
cefe6fc8b92778caa9874c43f7307231

SHA1
58af19e1018671f653842f73e0cd0d582ec5ff09

SHA256
c8de34446084a62f19f166c4534c0ee4b37056ea8bfd017dc2472257b7ec05fd

SHA512
4b70e2678598aadb0fd423658f2b250c4b7d9ce695b71733318b521f390b6c344796b599a4570ef1814f8034aa8439f1faf2a8387347cf9bbe83e515c3a4c5d2

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.5MB

MD5
0a3785b543c89430d398110542a7c535

SHA1
9bc17d2c9f818b02abbdb878085889906ce70cfb

SHA256
e5b1a0abe11199904f06d9ae2dddbb6f12b13864c86adbf1d83978d769ef99a0

SHA512
978198d661b8a784f4ca0e1af156c29be4537cc6dec64149816dc9745d7b0ad5c3f4000f1758bdfc27e76ef77416a51c6a0e9f3d5786505496840218690f30ad

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.4MB

MD5
a5e9c1e2c955d574290d250d230526f1

SHA1
b0a20fc5cc9de62f501c4664c283458fbd8c006a

SHA256
0f01c94809d8a785cf95606d6a95296efa08def0ebb0514fbbe3525946774a55

SHA512
7b7c93c6aeff18061828e9fbbaea5c5cf97b848d4e5b52d80b36f752918690a482f2f4cd8c03ac8108b1f9cc218e1b09af08c01199034e05bd5cdbc8e8fca3c9

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
adb85cdf58bfdaebf36984c012620bab

SHA1
fc2b4e761a6ec94acf699033b819318886df2fd2

SHA256
cd68cfa1e0778f8e2db3fae7b172c0cd79ce6f38d95910999badcdc0e46446ca

SHA512
c1780a92069ab64f7adb8bb41bd2101b8e1b82107d49bb415ae791cb86ee9549e05de4114afd29b4d42b3ab6805cd3d905e2145f8db1653a2aad65e394809d5a

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.7MB

MD5
0ca1231cef441c81b6ffd029084dc764

SHA1
58ebbc9b27708f2c5d8f5c97f5ad47ad19205bd1

SHA256
936f43bb9db621cf7d62596d5756cec36a2afd30bbb03f8b803a1cfbfe92214b

SHA512
5db5ec4065cd31cef5d827d5cb08478e766f87fb8d47761e2338e05ed655c23c0e6386b214b3085fc965277ac37d9876358b90b657897740fc4555f3bf9f582e

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.4MB

MD5
4cf0a533c2be294eabb524202b004f5b

SHA1
bf422ba62539751126d0eaee24810a0e13779ba2

SHA256
47a6038a702136bde5f3ddfd574cef716a780fc6084fd72a02ebb2bc08a16c41

SHA512
486e8e2c95982f4b2b5051f9b4eb31d133ebfb6995888a29de49a6d239b7e9090c3d59e21274651081fb38747ec033969910b7313a825e9b9bfb65c747b158af

Download Submit
memory/644-228-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/644-221-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/748-58-0x0000000000C90000-0x0000000000CF0000-memory.dmp

Filesize
384KB

Download
memory/748-178-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/748-51-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/748-53-0x0000000000C90000-0x0000000000CF0000-memory.dmp

Filesize
384KB

Download
memory/1076-45-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/1076-49-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1076-36-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1076-37-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/1076-47-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/1116-395-0x0000000140000000-0x00000001402A1000-memory.dmp

Filesize
2.6MB

Download
memory/1116-186-0x0000000140000000-0x00000001402A1000-memory.dmp

Filesize
2.6MB

Download
memory/1496-389-0x0000000000400000-0x0000000000636000-memory.dmp

Filesize
2.2MB

Download
memory/1496-136-0x0000000000400000-0x0000000000636000-memory.dmp

Filesize
2.2MB

Download
memory/1588-0-0x0000000010000000-0x000000001023E000-memory.dmp

Filesize
2.2MB

Download
memory/1588-225-0x0000000010000000-0x000000001023E000-memory.dmp

Filesize
2.2MB

Download
memory/1588-6-0x00000000009C0000-0x0000000000A27000-memory.dmp

Filesize
412KB

Download
memory/1588-1-0x00000000009C0000-0x0000000000A27000-memory.dmp

Filesize
412KB

Download
memory/1588-73-0x0000000010000000-0x000000001023E000-memory.dmp

Filesize
2.2MB

Download
memory/1948-392-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1948-181-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2436-208-0x0000000140000000-0x0000000140258000-memory.dmp

Filesize
2.3MB

Download
memory/2436-97-0x0000000140000000-0x0000000140258000-memory.dmp

Filesize
2.3MB

Download
memory/2436-89-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/2532-149-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2532-388-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2652-63-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2652-185-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2652-70-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2652-68-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2944-348-0x0000000140000000-0x000000014026E000-memory.dmp

Filesize
2.4MB

Download
memory/2944-110-0x0000000140000000-0x000000014026E000-memory.dmp

Filesize
2.4MB

Download
memory/2976-146-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/2976-390-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/3188-33-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/3188-32-0x0000000140000000-0x0000000140248000-memory.dmp

Filesize
2.3MB

Download
memory/3188-116-0x0000000140000000-0x0000000140248000-memory.dmp

Filesize
2.3MB

Download
memory/3188-24-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/3508-161-0x0000000140000000-0x0000000140235000-memory.dmp

Filesize
2.2MB

Download
memory/3508-391-0x0000000140000000-0x0000000140235000-memory.dmp

Filesize
2.2MB

Download
memory/3800-109-0x0000000140000000-0x0000000140249000-memory.dmp

Filesize
2.3MB

Download
memory/3800-11-0x0000000140000000-0x0000000140249000-memory.dmp

Filesize
2.3MB

Download
memory/3800-12-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/3800-18-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/3888-396-0x0000000140000000-0x0000000140281000-memory.dmp

Filesize
2.5MB

Download
memory/3888-204-0x0000000140000000-0x0000000140281000-memory.dmp

Filesize
2.5MB

Download
memory/3976-382-0x0000000140000000-0x000000014024A000-memory.dmp

Filesize
2.3MB

Download
memory/3976-126-0x0000000140000000-0x000000014024A000-memory.dmp

Filesize
2.3MB

Download
memory/4708-82-0x0000000140000000-0x000000014026E000-memory.dmp

Filesize
2.4MB

Download
memory/4708-74-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/4708-80-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download
memory/4708-86-0x0000000140000000-0x000000014026E000-memory.dmp

Filesize
2.4MB

Download
memory/4708-85-0x0000000001510000-0x0000000001570000-memory.dmp

Filesize
384KB

Download