bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
Size

1.5MB
MD5

40c767c8a961b4f72fb14d9e20980639
SHA1

f9c86a46815cd6525f366c506035665d1464a330
SHA256

bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805
SHA512

6720bbaa615dd8c6233cc4e6973350ebd33365d0b82fedacbb0a3f304362f9f66efdf6bbf2b1659446784373f2e85ea2c57498e2392ceb38e9172bf8abc4403f
SSDEEP

12288:3KZjg47/5GDov7I+U9qWpNnBuwFewCee0Qa+cWMPaCbJyVHaGVZQsWr:aZrL5GDGPU95BuwFv+diaC8/ZQD

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 15 IoCs

pid	Process
3296	alg.exe
3876	DiagnosticsHub.StandardCollector.Service.exe
2088	fxssvc.exe
4956	elevation_service.exe
4516	elevation_service.exe
4512	maintenanceservice.exe
2484	msdtc.exe
1500	OSE.EXE
3100	PerceptionSimulationService.exe
4520	perfhost.exe
3192	locator.exe
2000	SensorDataService.exe
4476	snmptrap.exe
344	spectrum.exe
4236	ssh-agent.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 28 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\spectrum.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\System32\msdtc.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\locator.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\2d63b658d521a4bb.bin	alg.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78812\javaw.exe	alg.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{611197EB-A069-410B-9851-759745A388FE}\chrome_installer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	perfhost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3876	DiagnosticsHub.StandardCollector.Service.exe
3876	DiagnosticsHub.StandardCollector.Service.exe
3876	DiagnosticsHub.StandardCollector.Service.exe
3876	DiagnosticsHub.StandardCollector.Service.exe
3876	DiagnosticsHub.StandardCollector.Service.exe
3876	DiagnosticsHub.StandardCollector.Service.exe
3876	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1776	bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
Token: SeAuditPrivilege	2088	fxssvc.exe
Token: SeDebugPrivilege	3296	alg.exe
Token: SeDebugPrivilege	3296	alg.exe
Token: SeDebugPrivilege	3296	alg.exe
Token: SeDebugPrivilege	3876	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe
"C:\Users\Admin\AppData\Local\Temp\bd293ee4659bcbdf26bbbf7056fcad744a0d0ba006016b4303d504179536d805.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1776

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3296

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3876

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4660

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2088

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4516

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4512

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2484

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1500

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3100

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4520

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3192

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2000

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4476

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2468

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:4236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
c85c1911cb17e3ce7ad656345442e276

SHA1
66819d85cf412b89db3a3eb8c1deb6aaea24c6f6

SHA256
a69ea8a34e8aa886aea5fb11ab24f5a9b7f1b93021001ee5ed8c116073c1bdce

SHA512
22645672c6e271ac2d66e417f0e3e678a68a59c9fef520b996b22c40706ad042581bbbcdb84570b1571e0b8b26d9f234392380bb2b3f4a12d598de9130eb07fd

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.6MB

MD5
139c7d263dcd5fa2312e47bb68063a6c

SHA1
f2421b805ea8513238f4e0958ef3dbb7e0ce4108

SHA256
f240102bd3f093ef42cd3db69fe7177e80a74e9aee1c57178050be8b40a33ca0

SHA512
0ed9baeb98f602350a2308e5e3ba998af5f47b6cef6a8f69d3f1a46d2c84067f42a87faa589404cc0663b2979b4aab08833e7883c1817303476c7e2791711bbd

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
2.0MB

MD5
3b69473c0cfad55ac3f2f689012df314

SHA1
3f7187bcd872d803b66c62847ad9c1a804eb9154

SHA256
b63514f733f5b445c618930d30d0da1b5ca2fbb0a30a870750db48e6d961c212

SHA512
1db5530b2413849f99f3bdbf93c531272eb4e7ce7b9fd46c7614dd3390e40c6410683497272bcbe351206f1f2a7f3295cfc72be8f9bfe46d8e6b01b821b7ea1e

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
23f7137bce0a014a295bedcffcfa8aaf

SHA1
db44fb7a44a8832c3211211618db97171de6886a

SHA256
33cd548fc348ae53a8390e7d2ec4ad061dd062e237ed523681183a4adf4f0750

SHA512
e045d105c1774f6ebb70daa50fe936172eb191af4310efcb43cad67755757197d15461f7fbe9a94b973d2ce589e5b21280b88a1e9f971732f7210945929b387c

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
dc2eb348432d3b2fa0d65d7cb14ebfb7

SHA1
66c0610f3370ab50cd2eb103cb7e4553c4d06fc9

SHA256
74ea16dd4642d02d050e104d7cb9467a293896b80a1309dced486a1db54e4d56

SHA512
a3d851830d799c1c4ec69dbf70eeadd4bebaab6b9776f42e204aa43b4b327822890cf069390730a42a36202ac54ac613e990fc46a65d76a8a5212a45a386ad34

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.4MB

MD5
6668b6f5c0ad93c2320973f9ec33932a

SHA1
9efcdb0c7911752c54686b6bf2b3519834e1b887

SHA256
a6ff141bedae5b323abaaaa0c7a9c87d8797ba6ff497e5f8921c28dfe82419b3

SHA512
35e78d0234339295e224a149cb9fa6eba6a38c739cef729f545402e3e8928dae38ea80faa8eed5585cf0e56255279275a301d7d2ca74ee4979a35eda8499fc53

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.7MB

MD5
b0305c194cfb03acdbbfc306be5eba2b

SHA1
060e4fdf1f99d3da7023b41d2e7967fb3aafd73d

SHA256
df36f6d02e2a116991c5654d629999dff85e937d76a6603e15c359b42cddf81a

SHA512
548acd5d6d4c6b9ee0e647ecb0b944acaf12b79c3b032522b91cd006fbe850ea7e5ec74940ae653bf99998a314d227d1ad949172b8da03dfca7a42a5ccd51505

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
20aaf6a97848f864a4efcf6544e27f62

SHA1
cbd686c6b532c7dcfdd4199abe7f8e1d1f7876b4

SHA256
8f8befb537e704bc9a9a29c0cc3ea7bc563756d15e3f38db1dbb64a5ceef9a7e

SHA512
4dad9ff8273edc78b23156a0d14a9fdef059c23056b1bad4153f9045804efe41413b8a00fa14a4a650142f57b04f05851cb9a2f58c4e3314a851670e95c9572e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.8MB

MD5
4cdb9fc5765ff298d942e6f5d028e322

SHA1
40720ab108f9fafe5c28afdcafa3c295dc651f54

SHA256
843de46e12d7704ab795023c139110cf6e653732c236967ec681e43e4f42def8

SHA512
b764225bf916138222001d06ae92e1bfec56f30f224a2b54c213cf989927915cd852956f12e08556abc17839132270deafad229f56ad6f51afd0740badc12a30

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
36335f748e78d3c24116bb8cab845a4b

SHA1
13eb7db8d6a0493432d35c4bd6619faa0b687a27

SHA256
603cf9f6f462b47344897bb9de0de8154a47d5fc3c985af44bdb6f94b963cf16

SHA512
9da521806c3da4f188c5bfb1d107a4caf24355e2795970342d34556ee47fa339852b88dc70cc539aefcd4f6635d8f81cd833f6dcb76b602b614984e108095c6f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
3ccf04736eec6f615d6ade5ed24d4329

SHA1
1a029ed074caf7733d019cff0088ef899e0d2b9e

SHA256
141681b41f00603c69c70b6533a6c05e4601c4fb1fafa134f24f7fb1edd75cff

SHA512
aff5ba91a1c9e7006a1dca97518003a9a6c6f0a98a6725868c03fd94d5c3073453ce6be68ab3220c3b4460ef3c9f93c9df2524d1dbf7a74c0c44a716e0aa6081

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
6e79f1e10910e2c55b8aa4aa2a033861

SHA1
c3bef21fbe97c28788b7739fd2b57beac3968c38

SHA256
5f554f03f08a5edd50fd0574b3c95ef15de7acd9967be8ab249fd10938ed588f

SHA512
974aa82b1bd3a1beb0d8bf2e5077baffd6968359f3fe0895fe5965134c4f93a79e317282939720804678e728b2b2ad2017c104f3e9502b89dddeea20994fd167

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.7MB

MD5
c2466471384491a9dc91729f7794d710

SHA1
d83f65f4a9377d364427d9687d8057482d8d3839

SHA256
d1802fdeb7948d87a2726bb8a51727f90b561a4a6a7e5d7101766a799292d747

SHA512
6358e315b3d9837c765ca01ddaadf9d0ebe06adb8076f2d95b029914e329e5cf40d8dbf8026a1fe72ad6e5896f26f40570ea520506c740d97901a42ae8a04d59

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.5MB

MD5
a8ed3ad69867ad9a44b5c20dd2e89161

SHA1
2fec3f6034de51533238168ad6aa6e3bba504ca6

SHA256
23af5d1830acc63895bd847a21299849de90673b51c6ca6c82239a0392bb1437

SHA512
731991a161f55064de08005c77b5bf0bb05fd34cca7e37143872ed15faffcb9feb7ad928d466ef18179dffcd0fdce95be6c1ed6d678f898f71db200573aca773

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe

Filesize
4.6MB

MD5
5f7d67da6789062b465b830fdb124503

SHA1
89d9854fdf5a4b51e9506734a2c05d8b37786f7d

SHA256
895b968a4c8dd3975592239309c720a9356e8da8383c3d9a76e9122e14f9ec7e

SHA512
1e29e8ddedce4369289823fd239e98dc48530b057bc08145fd19e9793e55cabaa43edcd9cc0c023a2429f33e62db875259799e6ca999feddcf1aa272c0258fba

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe

Filesize
4.6MB

MD5
cb987d949e0865f566428141b61d614b

SHA1
b0e1e26f7bdce109e627ba74c4b9332b568f2e32

SHA256
013106d418c339499ee3429d690132c9b366ff239716ecd62448ae4e05bc82f0

SHA512
de0c4a0273ace99a6a371339c37426e4d4cbd2c2ac5a2e5734b064f1fd154aff9b66f55f8116da4303d47080409b17ae2d64c12248dd25909687307d4690651f

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_pwa_launcher.exe

Filesize
1.9MB

MD5
017baafd2fb81f168c821b227a0091ed

SHA1
322fc2884165208245321cb0f0118aeab863ad8f

SHA256
bb6419da911c326a2564976fa626fe3ab3472090f3234d29801f32fe3c40aefb

SHA512
f33b0c5c2b1a94e403b2563cf28518fa77e8ad17912b96b8f2e3077fe7a53374e7a0850be2230ddc2847824789c54b17bb60af20aa9df3f1e11183e2963e2a26

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

Filesize
2.1MB

MD5
3dcd89ff39e219ae164ad3a0227c2315

SHA1
e8ca28e5b09f40b9df1457d5070d3fb3ff3d6b9f

SHA256
98b2cd449a81d0dce6e2101708158cb51adfabf9b53fe0d01e92ba517662f2a3

SHA512
a9d09d6299748f4a6c9c81a9a9bd22f47eb582e11909f7c1711d29e68bf2bd07b8b366b95875ac1d9b9031ebd7dd431706b698580525a0d5057415a2cccfae01

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.106\notification_helper.exe

Filesize
1.8MB

MD5
00f7c89955c29b28cadc4becbe6480ef

SHA1
b5c40d3e2ccb8176ffc3a0e88179df76629dde7e

SHA256
00ac0a675bbd953c30e7ea42a05b904bedb2a9c2f69ebce8f480381efb6c7a15

SHA512
070d745d278145f90929b5b08324f687302528a5426cfa52ec2dc0a2ffbb0e637cffa48731d1b558b5eeeae7e07d8143f2ddcc82f066852d14c752c431bad668

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.6MB

MD5
99c369859ffd712315017f69ec397238

SHA1
8bef1c4e321d432ef09c01cb9b58de2465f60baf

SHA256
2236b22bcd03e5fe2295919179529de291edc2cc275457038842d597bfeec4a8

SHA512
be9b8fe2e57681b7c8c45789059afd2f5d04b253f3f98791d77f38444a18291aa285380499fabfa1c6366b871a23963effefa0762d65e76bb3a07fe78752ff67

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.4MB

MD5
f3adf8708455e489994b2dcc8dd165d5

SHA1
cff49a878b4c68cbdaed72b70b41b27eb631076c

SHA256
5144f65167fe2c4853017dcbfadb798fe814743ab478c5cde02b253e0ce779cc

SHA512
8f78bfe1d784eb72b93920a131d65234ef3eebc1f3af19d61936ceb4752e9bb4b0ba47d95a74b1a2757d39100add7f86f7f4c1306c4021806f2b030799180378

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.4MB

MD5
3699c4c9af7a530f4850ff2661fb5349

SHA1
122fbff5b47d012834438954c2659bd878f0e4cc

SHA256
1ab4f37903384954d1c0adcc4f790ef7115bce93ccf67877714cf10b84a9392f

SHA512
d5bb23eb6a047c07079af3cdabd4a6f52076a8cdc4768976090e334e0a550caf29002bfbaea2d25eb7521a57036e3629c4c98a4cc688dfd2a831dc77b714ef25

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.4MB

MD5
572403f97c0157aa5408384de7f7af59

SHA1
0c0fde67d6fe5a5e9e2bcfe1292f4860ac9dfdf5

SHA256
cc77af124f405decbc132df343adf850d87afa856c31b36bdbedc2677e5a50e3

SHA512
227e7e653d8f4949f4db4e4644d291476952373ea523bfb6592b16be1d4172628cabf5d1ef8b80ccfb69f440ebf17d6ada1d01663864d45fbb74cd3aa90bd9b5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.5MB

MD5
fd5eaa0815bb7342b4e4e1ace6065c64

SHA1
46d52117364e5260c849892fbf16e962467b3d97

SHA256
161c4efe8610bfc774991712ac330a01ede554d75d4c449fc7a6d0c9acbfbc96

SHA512
1c5e3530abb095eee05584db477478bdeb64699632b3f6b1ec2e40e26d0fc6224bd6b1067c3d6c25632b63f8546fa453a151761e5659e0a948caab0593dc9c78

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.4MB

MD5
6f18f1feafe05fb4cec195ce84200832

SHA1
a32fd92b2458a53159a16de995f8ddfc31e2d01c

SHA256
302888acac7bc4058d770a26823ca48d2d23d895b242ea763d3cfc6f10b46c4e

SHA512
7640dbddd49b61b0bbbaaa0c7da579df53c8f282bf6de2212324a6db1865edbe9f4788e219d9484519f385fdfcdc93fda7367da8a8e39308422b93d9c8a9457c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.4MB

MD5
31d26125f01dcff9ec4ece1e47fbec82

SHA1
e9ae36d22b6c03a2b8d5b9c691e947f3bf20a92f

SHA256
a4246aab428cebe684c3d6217ab7fbc0229b9ed9e691cdb07823a4fbaf42897a

SHA512
026c7806c17d2cc59a4aa94b678641940a0aaf1a52e8596f8f4c50713699f31dd8856d473e4853a3f6d0790cf66163c89b897451256baf2be4e8d741e204a94a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.4MB

MD5
3c2cd335fd548e24ce064c21352d8908

SHA1
33fa049ffe9235b4d2612b2558c4db03b7e03c53

SHA256
ff6728642e6e9ecb22a9e10fd38c778926e97b1059cdb5c3f97520c24821aeb8

SHA512
8a0df6d446f0cfedeee0d0ea7ff942f0b92d5edafc40e2bdc01cc183731af6acc548e7300246f1385185cd04947d8207cfe44436714397dcff244b450c87804c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.7MB

MD5
09ac0e894b0a7c1b352ae0569e08dd02

SHA1
b83ca1fe922dcb957e99b71f7142f5705be970ea

SHA256
6fdb14de5fbb452a808cce5ec36458ed38dd9fe9f57c8e6171cc9b1dbca57e5a

SHA512
c8e0fedc7e66e2cc848eaf940b2772a10a7b5c1436b88197ce4be3f2d93f57a1e67119ead3f0544064ae36e05b63f7e2a07dd92e8366f2f4c781bf7106143c59

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.4MB

MD5
e39f2b9355c6e821123df89cec0c78b2

SHA1
e555455e33c86e4a02b8b1f11334b1f213cd832c

SHA256
daa19a1729162a4b23a582b8904d6dffbdd42d2f9930503b8736b69b92de8715

SHA512
6fe0bf0cc11447b071dc3d1130499a201cef9f1fa5e8f161fe7b1a65b0aa6e6a03a419fe84fe1fa6ad032f2e2ca17368facb52f62cb8c733e0b6ce30736d5573

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.4MB

MD5
7e5bf91bd6641f3ef62c642226ee68c2

SHA1
51a1dbbd88e954a9a8e9448b9d0b104acf437b1f

SHA256
2a43698dd66e2816d52e638e2723e73207af2a8e0df35451ac9aa99949982246

SHA512
ae1de12e40761c84c738cda20d22a75408ce8023739b3e87e7663f62a1f055ba964a6ecc3ff20d58722c9e8173057edcd99fe082f63e0c59f0a0a6394ff1f915

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.6MB

MD5
b638132609fdc31768ec0ef114d8be3c

SHA1
0f08981f4660254b5d89f12da2fffbcfcdf3f7ad

SHA256
e09ac8a2800c1ad0bd7df8ee922fadf3e7245ae7ab1904ac03adb408166b2dd7

SHA512
63ce98cb576ea7774201f3627263f2801afdf29ddf93ac97780835d2f08d47053db2c8ccfbf70854d544448b007c6a32a0ba3b5f03fbcb13297ef96f114ca156

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.4MB

MD5
bbf17aa1c955507d2efefb7a7a93c7e5

SHA1
739fc7860cafc9b41a02afeb9279dd7034f0f596

SHA256
07dfdda22867b1264794d17605bcbf404f9069e54c7ca9a9f16de597de993d62

SHA512
e4fea5e218a8cd8285e196c4e9d5b3b6ab02b46cc71b5ecabc2989d6ca3412965318b995f849a2d241f4b3d0f7be6c4a63736c4009c3ce3cc6f92e3f251003cd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.4MB

MD5
2f92946635d6fa1e5ed4abfae8a29dee

SHA1
698bfe4b619b7d182106206666c14975d915a7e4

SHA256
8c35fe8d9a67da4e661c56c23ce1cc936d66920172f27b013fd067c538781046

SHA512
c8d41c2eab664552b7dc3eeddd8f04bdcb36ec0a6e7586ee84b09c9fcb3f3d7cc6e92e39ba90266a6348ef820c1be5378eb1b2185efd78a2cacd09c529cb4ca2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.6MB

MD5
f771585094c8ea7008cc0485923d40ba

SHA1
21f2abee4acc8002218b77fb12f50c99ab230e28

SHA256
05038dff2f4ea6376680274ba2e38be0f2551c0a42bd70da6d88c0e888f2c443

SHA512
610c317c89222f5810517253fda4827009a6a73c803b92d121e85e1e7a27232abf4f49a460904537e00127294fdba172b8a023b898b49d9d55e6fdd5cad3ed4f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.7MB

MD5
a2664cad725bb25541e6f05d2c6424b1

SHA1
1f9e212b88b01d871bf7085bd697e8b842cc0452

SHA256
76273df23ec459e11f591bda4b1c93f8353887f6f01e0b5210fc563f37decabf

SHA512
8e7bc9146bc2404e8df5e8726f0696ba26bc76d9f7d1608301e6224e36486d67278c847632f4430b3ad67141cec69ca040212ca731ee484fceaf72da372789be

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.9MB

MD5
505f06bf0bad7ec9bcdb4981641dcc83

SHA1
d8a456fdfea47ac7ad9f287f2b27b54b9f23969b

SHA256
fcb8e659bc12a6186ff670d90c037ab48d60b9aa33c16974c890aa59b7f47aca

SHA512
0845c6fad0e9cb1231c7066e3bb885bca894efd31a6296ac7240f5db0d7d874450c7e45420fc1178e6c501861c8e1a40b7ae6141a1971101c8a7486d0a4d79a9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.4MB

MD5
a8a80064d5b259dda56b0274a3b41a09

SHA1
c80685d575249fbac7bf7ad2bad4eaa65497089f

SHA256
a6efd33a1f3729f4a7b9394a88c12c95ad5563d83324ca27d1134fc0a242fabd

SHA512
af9702799f8641f1b9d835aa3430e3c6cdc5c18192889d2577f5b3cf9e404b36b6ada80518ef3d01a036035c2884052adb2e3432dcefbfd269bc7065d5976f2e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.4MB

MD5
40e1e53e425c7d3d02bba1f3658043b7

SHA1
14ae98e8fab6e429b64335feedd12de346f1ab38

SHA256
7c84213a64c139da21dd0ccb745d803f223ab958df5a758593dcea2bd74b758c

SHA512
4ae6a63e969e707966fdc9602a336763355e608111ede42c216fff53567865a029332139897dfbce8090d754aede6fb27a1b90a1dd58bf0b3a84daf2c6b739f2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.4MB

MD5
2891f6975c25f73672454b979e15cdfa

SHA1
fef244810c01b3718059375aa912f1a6c2416853

SHA256
b6c8ae6b5fc55c194d4ee65ca98bed88fa943af157dcff68a53bcad2fd9fb8d9

SHA512
0d3e2f24e97763189c1a521e47238de177e53c41912277d3f126f5067b79852fb51d318c5ed692d1480479f96908ac02a7f2bd139588da2dba114d5ab3d5da55

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.4MB

MD5
4619d298e2f51e09e66e7fc8696c4729

SHA1
ba5768756be9e89d4d1db522f06ceebae7287ca3

SHA256
a16d17564ad03414715025855796f7954cb4678e7db2606811daa2cfde97e4a2

SHA512
918e281e19c2d11fb84703459700f9895386f48291319983b0ca95d9e0f887de5b552d78a8c64ce63dc39a8464e97b4c122b197bd6fc95662fb37458324ab3fc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.4MB

MD5
b46ce12f2ab074fc247ec040b522cfe6

SHA1
fbc7567c0c50eef2f730bb4eb609278e369dee78

SHA256
2e5fcca005f437baec5977aed593d7bd15bdcf6ef52271df5c4f59cea19ab6f1

SHA512
3159aafe9dbb3e217521468df6d32f487b783401595d59f0c6ef5d53f46ca23e59bbd73f80a487d7e35aa0ddd1f723edda0d9e18c3c551d53409263c0c8f377a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.4MB

MD5
ef0f4ac3c16d03df7a139b95c8838b6f

SHA1
489f230f6b1be3ff5cf275a7f493bb8e611ffb77

SHA256
978a50bf997b45fcb056732c240f1092c1e186d4cb40efb7493fc2f34f10d3a7

SHA512
3209c8a9f70730331ea3a74ec4c89af4d1ba7f92e2e32f1afc5019abc40f4a3db02ad969e96178a3a63ca39e20dfc4b51dd50ecec9aa512f3e3187ce4d1b8684

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.4MB

MD5
4399e518366908345d924e3b4283b8c8

SHA1
64bfee506a3e9e0fa787938c5da85eac5e8c47c3

SHA256
1918b5104d57c39cd347aa6a40a36fe414f3c45e0020be6b12e91312616197b5

SHA512
85de2aa1ffbc2243a4c573c20faa2dd22f3c85c465460a3d71ba7ae139e5856f9e8263226471c19f8985e92b46c70a649a2f7385ab6869754ead0acd57875676

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
1.4MB

MD5
b30d64380e5d1c8bf84d493fd6cd1cc1

SHA1
07563a12a0ac5800c53a3844ef7509224172aa69

SHA256
35e1ac57801a6ab915fcd3b83c74416dd56c049b35528cabc8c358064ea04cc3

SHA512
020e80eb437e79e966531a53da468f406529d1d59ad786a1d1fcd9be9846d92a4ad4024d6c3db953e5d6492e1c990449dc5af45fce9d53f1fffd35f838384d9b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
1.4MB

MD5
70b75e13a418f72f775107a3331d959d

SHA1
fedcf64fa1d322d3349231dc7b3fdd359fb9dca1

SHA256
49be802b595817faa6437010c715a6e709006b31f5ad42ba9c68b096bab00f01

SHA512
477fb042a6ca5cae5d9a07417bcf8cffdb32baf8489e4a681468663a84135b13134b7a34bebf37169d8f77e14310cd49885c4e4b4ae582eeb94a6b0eb60be6b3

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.6MB

MD5
f44ddd79b485b2a751fabe31caa6c32b

SHA1
5828c14a20a93e57a4af6debf1f215bc8ed971b1

SHA256
c547c77e90726f238044185ae58ef3950b0fc03984e95feed886fdb341bfa501

SHA512
496f33a7dfed7d94b3ba7337da43abb16ab87217edb3d14499e5be9b51092f402b4b55d3741917258be6a784d22db189f70a89842112ac4e0e872eb76a40d788

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.4MB

MD5
b56813588f0a1a1dc4f7520e1d33de88

SHA1
3e27c8d8b514ed5758f1c09e4ec279f1ea9d217c

SHA256
2e9a097fda356eca61140ac39e365c55f68b35391a68f91d5bc7993ddd381c63

SHA512
99cf9c2a287780723b288ba949d8bb0a2a4ed643264db8ca682123f3cd5301b0c4eee92e4c6c917b401b654e269f015a7019b165bcb51ac5b9175bbaf506840a

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.5MB

MD5
cb6788cbde5016e9170416727d539ff2

SHA1
486369c533e71bf49d6f77d902243c33639d867f

SHA256
ab78fd42ed835ff09e7dbcfbc590831cadb3cf3437b12a32b2b918c39a220cc6

SHA512
8afbcf4b0c2d80c1a44ecaf12efd590d1f911e5c6560cfa49ca5cac4bc64d7f0d6a2d841a1ac097e5e2ed92ffa4ebb868bf928b982bcbec46a61f4f22d20d975

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
fd82b3b71e5d5e5766c19529c3e48bdd

SHA1
4870247c86a3d6b923ef944e97227d8c131e5333

SHA256
24d2921b07f3e108e007810801648834aa8412da5ce112e620bbdd5d5adab061

SHA512
a01fd64f84dc9411448fd32c336b1db29b2bcb9110317c9747ce81dc92f0ad2d830bbf23de8c14452c6d4981827f1a3f4d20325461ad97fc8f75722cc17a3b3e

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.4MB

MD5
b67ef364d58349b3a9e343b4e201cf44

SHA1
df3b1fcc4760fc8fb32bae56328e62d9c9a0cf91

SHA256
9ad3a85163bc3c5380193d82e52cb380fc14788c639ab6dcc007878977d4365d

SHA512
f73dba26bf1bd7779dec494958b2f661b837097b987661787dfff84a0ed0f8e2c7dbd26d7eb86245a526fe944da1a63125e3a8aae97bc7e270eb46c0c57cca68

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.8MB

MD5
3a3402393b3b9e960e74eafda4b733ae

SHA1
34c066378911d60f3d961a14a77c11623b4f332c

SHA256
cbc54b18401b01a71e6d6dc2d17b38d18bca8672940ae3080f77bd27033772f8

SHA512
53e9e9b1e93139ff9ef5fe380064e7c421f89892150dc98a6f4197b8de4d6d8678f652040fb069e19cfa088c7172109eca2a375294b34e8fea569288597f88c2

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.5MB

MD5
b4485253f37d063e2665d2fa3d1c1d0e

SHA1
fab252bc3d7d04a41c7bdb00745c7e7d99a8b286

SHA256
a57a61f0d46a7dbcb1f5940dbd419a91d751aea473407d4cef496c9000f259d0

SHA512
2f7f9df9b8447ad6abb5ce6c1f8a3918e7e861086ddf98f635523b36dddcdc39ed63cdac1a9b2be4203bf3b9c78a8f4dba7b711e8de0427311a13d605b33739e

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
87666ecd16a25d77831fcfde29224bce

SHA1
001b6e1bc10da7602175e22c5496a4cc65d170d4

SHA256
60d5336fc58712f237bd9835b8147f940bdb239b61c362f7a42cec6c885e5940

SHA512
14ee6895fb4fe04561f1a8f1b917a731b2fb59cda0a0d21b792c41d9902ce2157a43daeef8bfa709999a43b178e5fc377554c02f02caee914e366c45f7cb8e6f

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
fa4764d99c3c3df9191a932808ca66a0

SHA1
573d13bb109a83d34d6facbbc160757f5b0b61ae

SHA256
b4cf94b26cc4036ff044ed27582a915254c7ff77f7b00d9d4fcb7715886974a6

SHA512
e502538e808a6d09e7e731d29efe012da5f6ac175ffdbde758f054317522a9cdb80cb28fa921833eef058e3b95d09e54edcc39647218309354dd1790a933cdef

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.5MB

MD5
fe463abdbc34f7dec9d8152deea40da1

SHA1
be6f3ce8c16612744dec80fec970d92f79155733

SHA256
4837a6d0428f35a6a111caea6a05ad0d99bfece14c5d04f70ff3d167f6dfbb64

SHA512
337c1b8648824c7702846457bf649d025e880a33933863de72c8cce50d615765a31661c130cf1819e05241c7243d850192482e667a149ff65a0b4dd37388f551

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.6MB

MD5
f818a99e6d19a1036fff0719aff8fe36

SHA1
0fffee36f4f9f9fd86da02f71b15edaa93026c1b

SHA256
f51808a7b1d7861d536a5543e724acfafa40f07ba81305090365b4c869b707cb

SHA512
d640ee0fb475899af4304e06a03b5b55b34aab72a3ca8b85c8b2ffbf179713000198cb1f1ea10c7c708b6287887c4606719176e61b022ea90d6b9c7c2931f63f

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.4MB

MD5
83b379bd7e1eac566715794a39ec585f

SHA1
ce53f95653ade88bb8cf3d5ee9c5975e664ede6f

SHA256
781342e6059f67840279fd3da111db3a459d32acf2f6965027dcf73a70043643

SHA512
4a0eab2d0ee8316a8de3a4a71196049b03a11d0b0f9efb3cbf5b4e097281040e08db14ffd8c77976b33a3d300843cc56c926bb0c3f80bb8c7dcd27bb07540ce6

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
77abce90f22c0627b1a905e4bd80c906

SHA1
63de3f3f7491f8c2341ca0e34198b3aa2c474662

SHA256
2e9b46644bbaa4f1b7c782a89c0a1a70f1198664178f780ecb6a7cac22823873

SHA512
1f8f6c44829a1b19da202768f79cc483d1dd8be99c9e2e81c34b77dc082b28b0e67031a3dbcb8f2389c067a873f865dcfd1887e6cbfb57b42fd296397b359986

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.7MB

MD5
83a291276ba35f05d09d98eee0abf32f

SHA1
57f8d1c91dded11b6db36359e337b803de9e91a1

SHA256
f16ff303c81ada70b4a51999db20168e9dd35f426d70c81a567fefa37ce6c5de

SHA512
0943f61dccd0541a01a4b1545be696373d79b0c3e2d914ba1675c2fb5bf8a51d209d62d3c7b39cc52807fa92649ce5e67a151f13dd1504bfd30e0f7a671020b5

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.5MB

MD5
96ba8bee777476540924c4c50e1ebf92

SHA1
f2e06994558b35ffb14e71bf071af462f995f79f

SHA256
297af842f2c11aa1aabe36776e2552647489c36048da5d85ef39f566221bd409

SHA512
3cee67460fef78043a1c93b1c7f4d15425f6338d5a2413f19a7a31a84283e103a2864cfeb821a89a4080fbd0845fcaedf9fc71b37f8ea648e2e417df5d30e8de

Download Submit
memory/344-367-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/344-180-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/1500-357-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/1500-108-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/1776-189-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download
memory/1776-7-0x0000000000AE0000-0x0000000000B47000-memory.dmp

Filesize
412KB

Download
memory/1776-6-0x0000000000AE0000-0x0000000000B47000-memory.dmp

Filesize
412KB

Download
memory/1776-0-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download
memory/1776-2-0x0000000000AE0000-0x0000000000B47000-memory.dmp

Filesize
412KB

Download
memory/1776-87-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download
memory/2000-360-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2000-148-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2088-42-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/2088-44-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2088-45-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/2088-47-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2088-36-0x0000000000A00000-0x0000000000A60000-memory.dmp

Filesize
384KB

Download
memory/2484-89-0x0000000000D40000-0x0000000000DA0000-memory.dmp

Filesize
384KB

Download
memory/2484-88-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2484-356-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/3100-361-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/3100-123-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/3192-363-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/3192-145-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/3296-19-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/3296-114-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/3296-12-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/3296-13-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/3876-126-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/3876-31-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/3876-33-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/3876-25-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/4236-195-0x0000000140000000-0x00000001401E2000-memory.dmp

Filesize
1.9MB

Download
memory/4236-368-0x0000000140000000-0x00000001401E2000-memory.dmp

Filesize
1.9MB

Download
memory/4476-166-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/4476-366-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/4512-85-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/4512-72-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/4512-83-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/4512-79-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/4512-73-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/4516-67-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4516-69-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4516-61-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4516-196-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4520-362-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/4520-127-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/4956-177-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/4956-50-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/4956-58-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/4956-56-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download