wannacry | f9428cc205c3b75cea52b0af388014b179e3d10153c7cc742fe84d176df9876e

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-11-2024 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
Size

4.1MB
MD5

cdb7e3c7ae5db7055b7c46c6d6563c64
SHA1

4c8ca91ada23032bbfb853c475b792708951d3d3
SHA256

f9428cc205c3b75cea52b0af388014b179e3d10153c7cc742fe84d176df9876e
SHA512

262e51494c630892d3d6de36ca9fcb0702c4f107655458974c76e0fc819f0098e92755094bf8f8b052d15efb0d7a46669d3cd6c8374ba0e752c19fbba5bf52e1
SSDEEP

98304:qDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H3bx4uR:qDqPe1Cxcxk3ZAEUadzR8yc4H32

Score

10^/10

wannacry discovery ransomware spyware stealer worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Contacts a large (3278) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 19 IoCs

pid	Process
2348	alg.exe
4984	DiagnosticsHub.StandardCollector.Service.exe
2384	fxssvc.exe
4940	elevation_service.exe
212	elevation_service.exe
1196	maintenanceservice.exe
2780	msdtc.exe
4916	OSE.EXE
1476	PerceptionSimulationService.exe
3476	perfhost.exe
2888	locator.exe
4580	SensorDataService.exe
1200	snmptrap.exe
2640	spectrum.exe
2776	ssh-agent.exe
5068	TieringEngineService.exe
2948	AgentService.exe
3644	vds.exe
3728	tasksche.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Drops file in System32 directory 36 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\vssvc.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\System32\vds.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\279312cfcad6a2b9.bin	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\System32\msdtc.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\spectrum.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\locator.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\AgentService.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\vssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\msiexec.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78984\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\ResolvePush.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File created	C:\WINDOWS\tasksche.exe	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	perfhost.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4984	DiagnosticsHub.StandardCollector.Service.exe
4984	DiagnosticsHub.StandardCollector.Service.exe
4984	DiagnosticsHub.StandardCollector.Service.exe
4984	DiagnosticsHub.StandardCollector.Service.exe
4984	DiagnosticsHub.StandardCollector.Service.exe
4984	DiagnosticsHub.StandardCollector.Service.exe
4984	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2276	2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
Token: SeAuditPrivilege	2384	fxssvc.exe
Token: SeRestorePrivilege	5068	TieringEngineService.exe
Token: SeManageVolumePrivilege	5068	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	2948	AgentService.exe
Token: SeDebugPrivilege	2348	alg.exe
Token: SeDebugPrivilege	2348	alg.exe
Token: SeDebugPrivilege	2348	alg.exe
Token: SeDebugPrivilege	4984	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2276
- C:\WINDOWS\tasksche.exe
  C:\WINDOWS\tasksche.exe /i
  2⤵
  - Executes dropped EXE
  PID:3728

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2348

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4984

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2304

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2384

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:212

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1196

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2780

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:4916

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1476

C:\Users\Admin\AppData\Local\Temp\2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe
C:\Users\Admin\AppData\Local\Temp\2024-11-15_cdb7e3c7ae5db7055b7c46c6d6563c64_wannacry.exe -m security
1⤵
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2724

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3476

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2888

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4580

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1200

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2640

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:2776

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:2300

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:5068

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2948

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
e5e27b70fdf8783f26d8a43d2e422829

SHA1
4012174313058b71e06c525529ae8cd4cd138993

SHA256
09220914c7dbb7f5f8f523d4c980b7a27e506c4b00da5522e139b01977af0848

SHA512
068736d2438d933f5032ef5ce8d22d45a5e58077ca054be5b6979f996a974016853841f8f80d8fa6798c00ea03df4b0074dee4b68aeeb3ce80e69faec83d88ea

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
789KB

MD5
79db0e648a4329aa6ac1544ccac033b3

SHA1
238d8306c504b74d6d2a98b6a299b23adb4c36c9

SHA256
41316b84a311bcc61437eba34ca9d81592d0c1bb5ca01c7ec1370df04b4a0774

SHA512
4b245e901c6ebcdf6b85cacaeb36b3d5c3b6b1c0903261287c0b173320190f71f1b3c8fe14daaf526271fda7177b4b48723a925bb2795f9101105a0b59812259

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
bbd8f15261a892ff823b4e69a4762980

SHA1
e60b2b06a990a6da5de2b056f80f83992a351695

SHA256
bb7d73cd741b3bc2b9543448fcf62ac99001cf3433f985f742f557802bc5cf70

SHA512
21317a691c0340cdb2793dd077a0cf9774fc42a45fb27bbbece48930c3329e2cf7a06eaa58fdee1a840867dc79d7b7765d72907619a640da6c7bd068da7506e9

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
e48fc12a9809b6687ccd0e63b85bca9a

SHA1
867df8895f42a5f743678e43ddcf521c242534d7

SHA256
f5f2dc68b29fb8ecdb9fd7bc856edad6d2f8ec8606a64ca942f31f7f40a16644

SHA512
fa3bab4c4c02abec60e2a37306395cf320f9cd9cbbb2279d1b85b6d686f9291bdb4222dbab914694b5b643997a6d5315f5e4d6ab038ff466053d0b6656ccfbc1

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
a0cfb8e330b96e6d0efc14ab1779b40f

SHA1
9feb698ba104b875769347865d2051f09b428e46

SHA256
1dd08f3e619a372de6d729d2f6b71e98a22f8cbb0f204910b7d3d5b1ea601e52

SHA512
8fa307f9e20e7fe208df2fe10d66408d99718e86f3dea34cce80edf8db85ddc02f07f7ea88da9595db2324862c344fbc490a393aa305e3a81fed6bf3bf2a1696

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
3087daf4830c22bbe6becfdcf7a2957a

SHA1
e9743786b25f188e37540e6d17c25ac55b80794b

SHA256
be3b994081ffbc62f0ed9ad4232be83b7ff566dd0922d1ae7c0ff5b4af39b5b2

SHA512
3a664a8634d7f84500e3d3e903e26f7772a74581e4a102b3515064e1600705d5831c16a0aa27a46653f96f9f2af986433574775be9062afa6c630b36d9d793a1

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
c72c63c44681d9337d60b935a6e4e012

SHA1
9f7ed326acf97195f32be60726248b4164f4384b

SHA256
ce75df69f3c625f9e54ad43e0ea4e11f868da098157f526524d5154978c48668

SHA512
53b836c797f9cb3bd5d774f5de851c48412a3846b8ea311941de4db66022d0c4a6e7a03351b267e578b30158d52aae6f0466c63e7d03998c65c6e88a27973e29

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
841920e1c0b04e8f4912594f83beeacb

SHA1
a766100f322ebc618cc91651724b7fe62edb43fb

SHA256
e62b1c0dcc22b0a9065b9b2bb7c824e0a921d713ea79b9698e09882ba680716b

SHA512
343d08f86c4a4e375ae701d7c2e0f82d43ebbaf70a8e42d5dbc3366a830618c090041aefdd39515c34b28b32cf9ba143a67b2fd20deb0a7b17dabdaddb9c50b6

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
14efaf0acc4777b26a33eda7a10c5f58

SHA1
7dbee8dc3a165cf7d8d5eadc09193f1125b1ce17

SHA256
4c2ab0845322afd8324e6c4b4522074cf5dfc28ae9ec10cb3c7467ed1adf1bad

SHA512
8b6fc2c75e67e7f3536b34b25bd3256a2029292bc3d0f66424ffb8a250df7a4d8e4f3c5b37501f6b85fbb63bfc48a805d463e63aa2825a658a3a88d67fa88996

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
8e77be66f6a18e87684d6a1ece8028d6

SHA1
157e917aaef39042baae5b0d99e911f3561bed75

SHA256
5716ffc31d8df4b6fbc618f996ea4b691fc82a3f2ddb7b0ba2b01380ecaa3d9f

SHA512
48746e5a191ca88909a489c3de61a87342c584ecf9f3514cbf5f0d495c550b7d5ed70ac20af2d7091d2a84d74c4fd32e798bdc58e0cdccf8ee09041b21b08a38

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
5e9b5c920ad59f320c04340b3bfafd5c

SHA1
efa91f89195364b4a0ac9dd43d17e393dfd72423

SHA256
dc1a7319fe9ec99243f306a3dde54bae14416cc50e29c0719f9448a3f7590ca6

SHA512
fb3752c5e6346f94ac3aa7bd9650374559f309f012492c4acb97c44077e7f5b704e978fe33c83e2685abb74b6334952469e07d609a37616fe4c895538a8f7ebc

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
99906549ccc0a087b8aa414bb466d95e

SHA1
67d59af77212048b55cc9e4a0c20b23c5eafdc74

SHA256
c14a641d3619262363dbd50a71a7a9815c004e64c6f9216d0b99b7144d52b825

SHA512
2d5a51cc002efeab656df107df8474cd13ef9df0464e674b4b2f2052665b18c53decca93b3790c1c5b2c12498ffd92d5b2349a4924c72beca625514b15fcda30

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
aa9ee2404b0ccad7ad07dac995c10ad6

SHA1
6c82eda5785c1853d0f0233a63a394da7edc3504

SHA256
87974f519ce51951bb06449f6cb8bc6a7fe7851c2a3a2ce8e7201e4bd9d067b4

SHA512
7216d4c88c091602548325220441fd7faf87f39df5f39b3a006b490bb111d184f33d80d03bba0d3951590941072c960d124b2b0bbef1f6c574ab3ca365cc7bd1

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
ef784042853613cf183fafa47bf9b1c1

SHA1
25c213d82486179a186867090584bef450622fd5

SHA256
e981c1c59ca7b3b81209e6517ea0ddc51629a0be9b3b10748d6f5d527e70ef68

SHA512
777a65b262b8374e23f118cc42c42ca86f48dc07aafa0cdc75d884bdf65165f24a5e604c9c4e0cfb41d3651b40d79ec7bc78b0b151c2b14cb3d36a826491a3ba

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe

Filesize
4.6MB

MD5
4bc76b027ffcfab4cbabdf33b0183ebe

SHA1
118a6049e4972608ecc55061863a84a7178ff188

SHA256
39bfbb538a897e976b645eb237df573dc792ec6e9b6fb66ed25571f2d45e7272

SHA512
f46f35f446482d6bfb84317d6beec5a9cab832f80c9e614ac5abb42aec2a0809afb3010cf7c101a67d209835d58047c1435d37f67146916bf1e93767c2cbb2bc

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

Filesize
4.6MB

MD5
70aa83cf52b220aff3e0a26a217b5c51

SHA1
4b1fe896e5a3bcd5ebc6934ba47ef9b03e1e3c3b

SHA256
df7489c91dc431176dd57e14fc1c61199ba99f7c3d5a8c17a3e4fa68437d3d4f

SHA512
30b034ff3e3cac816e20602d79d91f9e0de6a8dcf644a8747598ae0dd417a6c6068649ade657f15d2f5f9efbb2b72a8d195f6b49d1af9220cc4843fbb5befd68

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe

Filesize
1.9MB

MD5
559efe2830d3fca89936bb21bc516db4

SHA1
decebd974322037677793c600da17aa1c93328cb

SHA256
b666b36dee1b6518371b979637417db743e20aa956501f8c288ec1d26f3915fb

SHA512
4be3ea607f53f4303a51bf589fdbbf05e54373312988743f40270f9d3d9a8465be18bb2172b05f164c22ca78954ec1c857d5896ff70a6d0c25e82378ab076fb1

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

Filesize
2.1MB

MD5
19c31619a398797bf754fc19be82de88

SHA1
47ebc06accd5cbd4b47fac79d30046313584eccd

SHA256
4a3542acfdbe3afd59bf5a86963446775cb4d87bab66f9fd18bd986ee0bb8703

SHA512
6f74729513628b3ff024b2e61f74e321315016e283b8baa6de3461a91fac854c92ed20537509c362b1f59bdb958de9d7943ffe7b586c714a5ff3ac7dbb39bb7b

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe

Filesize
1.8MB

MD5
94a08228b2c8bc8a19d8773b1a955cfb

SHA1
f57903f5d22405cecee1edb07c2d3791b6dc443f

SHA256
b35217b9570e1716fc5cce799aec730e6b1645ad719e9d142c1afbb1ab3b0f59

SHA512
6ba13902ce9c90614c99adbb3555b1490d5844b6e7c894257d141322bf2e39a029b65f34a14a125b064f40a42337b241f442c5babacc89bf4ddf6ea4c6e90f4c

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.6MB

MD5
2603a60bfe64be241fe8561961c57d9e

SHA1
cf85f30dad7c6a4faf04014e4b8ee3e5c89068b5

SHA256
1c01a649c10dec2105c25e63f9c782cb57af1be494b6dae8607d7b583da19209

SHA512
bc64bc7b084c4829e8c5dec4e4ba10d1cdacf427e2505131f5162115f10bc1ac6652dafaf4c421675847543130bd20ab3d012cb6f3f7825000b87fd634876367

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
c1f5c5fd8215b38270808e3602ea5ed9

SHA1
15920df048750a5760e0961c9e73745696db49d2

SHA256
713c127b2023ba1550701df8181261e316f322a96f572f980ddfa7df57dc42c3

SHA512
6ff1d566fda56175ba78977d98ca1e0816f2d455314377f1ff0f764976b1ab65b3dfc1da58f69ebcd81b582a1383c572e572cdbebb7418530c586d894f262646

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
fcf29770017bb2f213f0e81372ce9b55

SHA1
a04cc5c259a9e90b457bd9fa06552f1b748ac2e7

SHA256
3f661bb6c8216db0e8072fb58133ae7e7115f92f148d945a264554c7345cb313

SHA512
51d5efe2dd53f015f3b5119e408d34a76adac46ee73c4de76f9815ef559a04465d85739e9c7f13649bced48df345e2c4d8161917961e2bdbb3c0af8ed1877906

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
79ed9af3c952cd479b31969397511eaa

SHA1
afe0c28527030521a377983d3649b5efdc2aafaa

SHA256
30579d209f73e16f03eca994e50d0a661cd7e09d7ed53a32dc750bb53235d611

SHA512
fcacf65f262750399e092c8af69365f075076ac6cb4b0588ac90f3a76abafe498b9fcabf9456729b6af021a2e9210fed2c2f327350e708b2544921ae82bac7d3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
b41c5fe0b3176ca7cf32b3de4ba9c109

SHA1
38ce68c6479c5ee81c5fd632e668235749437010

SHA256
2e6f16329487331fadd7671c45bf733e8ab93e1dae119ca16509dc4d774a30ea

SHA512
66919be899afa7786bcebfc3a23a8383b91996f17365ec95528012a09a2c090282ff66f9e366f82f22ad96eaa0a0b79f668389007fac53aaadbe746f8f63a229

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
3603cbcf8ea4248f7308e7141e53438b

SHA1
7610ee447304554514a8c1964b5dc787aab4a3ce

SHA256
7a032316c89bf76af5e47fb89231e173b9002738be3b7f23aaf09d44fa5ab095

SHA512
d1d9834ab370bad0b160ec12c4135144433c2ef730b648b01b52c97b84ec5b828622f15fc8bc84fe6cf91e505569d3cc543a739c86e84aeea24d12ed7a324c87

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
0cbc4f8c898d4759217a19f66ad29117

SHA1
8efe0d06a53b3c68de0785e4a2eb084b3f978a74

SHA256
51cc7fba2276c304ca75ffe5b4d233d6d3cea195f5ef18c9793df5ee58f943d4

SHA512
da9b89a087808adf4cc86fc3d676d7af19f05e5c12be9efdeda900902a11bac32c87f7e383cc0c3e425869f830d478d3eeed90795da9f7ab1b2411a83cc8ddde

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
420f96338775d12a9c416c43d27e6208

SHA1
8f1db2bf232f08c73b499a941b510d400d64d9d6

SHA256
b2548bffe764f6a9cfceb65a55c6e6708f8d826d9c12023f7d6dca9b79ce60e8

SHA512
8780e822e6f7454f9fd7bbfcaaee147edb0017fa7cdc2f7b2158296c334a5f59d3b32ab83e3e53dd2f003a3a01a104ef9ab9d548c6fdc8862f242ef5758f0b57

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
226e75a229100b1ddec2a30f8bfdeb14

SHA1
407fdf1220bbea9035273dec9477a563d5e51d7b

SHA256
8d8e0940404fe583c3c2628160973803fbe92f00ebae9045406cfcd4a5ae30d3

SHA512
fb9f50e87b66d03ba0aa409966654475a39082c2dfc513e2b330720d1cdb3c216f814d01db34f36369dd23f94dc2108cb4b8e80cb8c146bed254f56e827cfe7a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
bf79440153081e033c2ff45ecb6dabd5

SHA1
3b05031f71aca5da7db00b267f0a48add41461d6

SHA256
2e58cfd3b240c61a430720208049672fb9c34c31c0c57a3ce4765f9cbea0bc8c

SHA512
0fd9d631d7a786a7ead9a34fc48cb28a9fda43ca652fe8a6792026592a990fae7376c399e1ce8b81b116517e12b8d9719714bc413c4dc198045337fbc90f6ae7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
05ac53d61488181c33702be0a52db020

SHA1
9069654abae33c82319f67d843a647ba0a3a71c2

SHA256
619edc60b068e32025a937f84fe588795ad42ef8ba5d18cee44bb8f4602a2ff7

SHA512
e764561645b9316327f9d336c00319fd91a417721eef6464ce91ef11c1147bd758aee1171ab44909b4ddad5f6a9912ea9c41688f6b9ce5e16062278938b31a25

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
cd06ab435ea5886326d03ca5f72bd772

SHA1
b16b76391a7f691362fd4c6edad7dd5adb6644d4

SHA256
08077a9a6e4cd73786088af7edcc317772925f1ab91df07d8880cb82e3ed46e5

SHA512
73a10333b502751c4f41b6ad12ee4cd4e1f99803f9b08d0498522311f8d77382ed403dd86b0860591b6513d4e27507f981b34ecc61f6b629a170a28b418d5254

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
fd5341feb0f94653964edfcf99092ac7

SHA1
ddd705725260e40c29b5c4e0ed7d1f64d7f4d46e

SHA256
d305d634e3df7401ad393a0155e571b662711bb0cda062bda94efc67df66f60e

SHA512
ce3728311dec6393238e0baf7f875e485f6349bcc6b9a821bbeb30e119054bcc402da6ba20bb827671e7a4af9a613be517bbdb39826ec67ea079526f9ff00ba8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
cfb0cde07fdb285744fb32dc0d0bd64f

SHA1
3f1a4a06adc3fcf2fcbb198e387553cdeb8b97e4

SHA256
0378d6e34cc0a9debf3ca67b68bdf7c90305b0512cbd1cc20bbfb9e763ab2c14

SHA512
99a214747b78d0b739c6527f230d9ba47e46888bc791e69faa0727926211a21e4d063673df2c08fbbeffaea083b682bab432ea20312c99687ec8fdce03a71d5e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
32fbbc8ff1c185f0701bbe56f7973ed1

SHA1
4472b88f1aeb8927b6ab6148a7ba91cabdc7df05

SHA256
3e46e1ba5b8bf0a5ee6e293aaefcc35b568e0c334e123c80c50468957348f028

SHA512
f13eabd80b23a4f988493154ead23eab4aa84e9ea687f73e9bbfc8b5cda00a1b7ff9f545e71cf79e60f1dac55523c4dd3f9113d391c197f55ff75ff4a59a2ac8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
dfbfeefafdcc29e907582b51cfd77e9d

SHA1
9170eae6b4219af8cb7b9adca5a68a201d172a47

SHA256
6705d9ea0994f23e4e41da5f6924b75e5b8162e10eedf1e406036f3614484f16

SHA512
b0371d36f4a16442ae816d12fe8a4d9b13fcb8b51071ce2414f40724ef1874a64385291c4f5cc02e70f628c5997d37722109333f9197fb4d33e2fbb0ac340f5b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
1b481c37978fcc03b84d48a76bde8084

SHA1
a4a583a3d36c4ab5dfeff9451935d57e84995b88

SHA256
ff60e4ef0dcb8120fbea03442edff49d05e2b13bb2e52a5126465fcb3eb29045

SHA512
e6f8b6202b5a3e2a20a84221cb1e2b2e6a0483eafaf05dd6de220175e0933c47a37a4e45203871d133f7fe407138b5967df8d42ad5f1c27e559bf1d43c24a793

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
3508f189f86d5996c9d2517c658f9a3f

SHA1
7a02a4deb04b8ac7b59a422c982426902fad77fb

SHA256
c6dae02e25f60b4fc0cc5a8e26ea92ca7b68b92ed56f011d0c736a79d0ebc7a7

SHA512
5639337108350dac4899abb204492abe8f990a1339aed5205a828eb3cebc7f44a50179b80e7e2d035cb3a8b3030559612e7529ba64293fd93cdd9d7522f95fbb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
2328e417bf17c6dbf4a0e09feb79a040

SHA1
ecb40424dcf43de2a4e2ffdb31ef00ca82caa15c

SHA256
83dc25e86df57f24b22df7f46f7e7e38d9820c01627280bd58e7af12646d2ffe

SHA512
6983441522f81e895af6e6e330cca1f0e0e754ab0fdcc553165c0aeb28a9e35234ff48bb0ac32c4ac77ff163c9d63270f06f3dbb4666c4ebd64a0fc95fdf86b4

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
1bf23b71390876e60bf319a8d6f190bb

SHA1
5949dbcbd60945e67794d800b05f37fef552caf1

SHA256
ffeebfdaf1b2aac98fd1a1f3962a7582115469184ca167d948539e3df4ba4cf7

SHA512
dea197f9a5fb63263ad35be7ea0d4e28e28f52cc7e015e527a604a8b945c899adf85846f7701868d643fc8a2d4a0f33b45d91eb8b84c7aad0bb1e5b033a7c87c

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
b67d39641cb3ab42f6e47c946e4812c8

SHA1
e8ff0ebcc7b6310dc11c175859b1691f129174bb

SHA256
b02f279b65d0a628a50a60ea0405d64073d6b6bb6745309b451678030c075d0d

SHA512
9558717ea53cca5a6bdc113d057e58e087d6f5dc00112eb1890384efe312babe699f3b0845b3660367343ba80026c878a642ad3af1148788a22e5c7e226bccbf

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
db5736217fc81ba053e19d8872baf030

SHA1
ce49ef0cb3586a18624162feeda04e0295ddc417

SHA256
ca782dea747bff630622d2971ced5fa88511e9f07650b6d82269c217479fa2eb

SHA512
afc242341e75ce0a43dd33eec39691cb4f179955d0f8c152ddef5eb5ed78644289ea58fb3fe3954134cd9ae0dc6f4fcdb3f2cb117886684202d44437722b45d1

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
971859f01cea73f58522c146e2421f43

SHA1
d24a76404b1ddd80f095f6a8a1eb674f6407eca0

SHA256
053188b75ee921b3f953400d6d071cab4536cd3025bea6fb03b5663c5d722218

SHA512
9fbbcb0dac507613917307e2efcb5c091d48dd91ce5990b4e8611321107b7e1c04e3602a8d972af848062b3acfe187762012b63ffc20d3bc74c724ac033b56d6

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
cf3dd44a430721a6fbe009e8e9377500

SHA1
b2a9b25af2a1d5743e527bd1042a947954a2f6bf

SHA256
7ededa2985fbbcec1f631f6dd36d9a7e71cc0c9af49f96237a9e5ecf47ebedb4

SHA512
44fc733710a479f50d02d743aa2d18631bb68fe68b0a18d5d9b359203da8026e991b23e2aa524a815370bdf236cc7d83bfd46fbc7ff316daaacc2016da1bff55

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
2ae5dd67f685cd7e377156766285ea53

SHA1
5fe4967a7d4d07eb6f02236d53f0d7c469bd4b20

SHA256
1b72863accb734f9b9803e82c41c05344d0d5da0b97c300eec6f8582b1418c76

SHA512
a481510af20ff15481b9d842f9ecdceb4270a872140d2dd6176a0b943de0923864b1599eff0abd4d948268c62a91651e1a254d16ed874fe6b67423fe625fbc89

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
d6924752a164637b1aa6ce2a23cb31eb

SHA1
96dd9b1ff2499d357c7413ace5c5b408521e61f9

SHA256
dab7d960d251fd99f6790fb4d9a55dc8414d1ffcc0955704950ee2c8939bbbc6

SHA512
34720f0696c2c227d59ad6d11bf733886c7b0729e0ad29dc0b69c230016b99eea6b93ecc8fcca4f09cf5ffb7cead2347e3765dc2aab4426f533feaa81f9c0e22

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
6606ebdb3ea07328274110ab001285f4

SHA1
254a97528482c527d86c0671fe6e07273dfb4bb0

SHA256
2c8d520d0e311aed4e374363001e651fc53e4224e39b9e622d06adbe741d9082

SHA512
6776c818caa806fdf826c7d2061530fbdb39eb9c306f6129cba89405c91fed5a8321937be755b17055d7dcc3e8ff1f8e3480b916067283f49853599233b81f35

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
7238a4d02d1a423ef8273865fab52549

SHA1
d38600d0152886dc8a273c4c8251bebe51f0830b

SHA256
a288130c2e13d1080e14cd395ef65d93364c1def879cd4e948307bbbb1ac9921

SHA512
3fee1eecea9b49ed2daefa054550cedcc37c460f2b026b2ffda47f3da3b0bd64403406a33aa4aed67dc60f5bb07466057ccc5fb7274cb8dbfb07319e1b66dc2d

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
47728c3bb8f768a9e54f62cc238df5d4

SHA1
2215f23b5e26a514eb9768034cfda637641a4c89

SHA256
5aabe20d1df060f2d3f12cf9dfe59fe40bccdcc906555e7389370c4752b82efb

SHA512
8c47d412d64b9715c378dd7bfb79b2d8970b5df756dc3709c305d0a4b9d48aa84ec4d143e091a708dd96d8866e460a1ae0df48c901a65e8ee02036568b9ed1de

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
6162d269cb8246ba7132fccf81242c56

SHA1
1fd3f88dacdd36e7c156e03e23a80a213c3e1da9

SHA256
b467636c35db0543a0bf6e3b96b852e7bf16212d2469ef185592184bdfa3fa3c

SHA512
29ce08d2adde2d749209dd414ddc4a56308b5e64bbc973ad6ac97c70950bfeb5eb91213f3d2f49cfb8ac47483b34cd4468a072c85b9c88620023d253f03d7932

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
9fec3f751458d84845a5e6b750930a39

SHA1
92c6bbd21cccfd91fa7dcbed29a93d5fa495a54f

SHA256
fb58670ff7680a042f56428d15014fc105b48d55dc42ded315751a3fd2708040

SHA512
2b87b1fb6672e1d761760e44573d3ac05d4afa707167c937c6d7eeac48e1efc4ccdd8816e787f32726fc69e98b4dd72f6b6512d66918ac7b97dee78ce0161f48

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
8768abeff2b04ce8dd73cc1711a272d1

SHA1
cc3de2c53db1f5ef082b25aa1b05de6a8b1476ad

SHA256
185c0e08ca6971341f36d75b7848e523af29893e35e1cc10dbae7d725fea7e97

SHA512
1edf3ac4b935ba4ec7e1b9b00e5f997c628502851255869a0f5e681fb3b98ca76906c487c41be6f8920f5d22b03c676f1982df861d10e26008853a76b2e6b223

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
3f6d742feb1f952216c4498e0c4ead51

SHA1
a5841732f4115199b201b6e5995aa2deef11b6ea

SHA256
53c0d90d2ec0be8308a18ff09a62613189ae92f2baa98a8eb7eb8da75e2cd57f

SHA512
8732453ac74ec9be1749fc30bb340b2e7d46836e871d6dc0a57dd8c66c074e26f5aa5d6580b4a810b9a6888f2fcb6df722824e73b635a2c189feb08878ad67f0

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
bbb337c2c9a3bb037dc95e7db3cf4d01

SHA1
fbca5c1808d47ae6604607efcb2ee09de942c0e5

SHA256
d73e09da763bf0c7fdf6aa99738caf331bb6eb5b800e5d66304e0e6fd344605e

SHA512
04fbc03abae17276a7cc1f38c218aaee278dd5529a0cec6e0e594a80b72983119e19bedfa671825382a9518e0f55c13e3d8f417f6f632c10540da8bfcd69e8c2

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
079084ef3111da58504cb0528da9789a

SHA1
6d0f1b066b0c9c798818883350eea9d87128f03e

SHA256
c4ea19f0e2e3bca1464c8ec046f402b3109cefc04248a058969a3ab020f051ae

SHA512
1dc1d29e1a3d9ed86c0fdd8f8ee91e780a5274a81bb932762166eef46b1e6b6ea8fb38f1cf81801f8a6b3543f0e9b13ae05f79161ebd8cbcb4867901c82ce561

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
e5375866ad47502947ed8b9787e1827f

SHA1
397be018b408376f89e26ef474b7a612fb24c35b

SHA256
3e9d1eb8a493f2cad69959e8af755a34ce63e3fb68b27ce5faef2f2d7d514e0b

SHA512
49849758d1e565065081fbc3504f74aaef53de2183b0503166b601e4360715d388ad9fc6b7e9e373484288b80a36c3f444b489a8546297c0899dd14d5d8101eb

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
2b126a9f317e1d0e2f22d99fbe1858bd

SHA1
af56ba8e0fc2375f5e5fc661d10dd7e2dfce9cff

SHA256
06431cc273376be932fa530efee55ab5df634293eb6d56bda067d83a5d3efc83

SHA512
425d51b5d227e5e19b5aae21c9d37d1492e840c9aa4d418b6cc358bc05f17700340bbe54b9bd5a9a2d5a555fd6afa5752f507a4e30dfd401e9ed08c744c99aa5

Download Submit
C:\Windows\system32\vssvc.exe

Filesize
2.0MB

MD5
c9ea86a703efd346335b3add19226c58

SHA1
9dfc5dc4fc2b967840172d1cf1160e9b0ee21341

SHA256
43d02ea35777c967838e2f4d697f042c6adf6b1b8fffc120b81d684e4c69c39f

SHA512
b883e64ecdd992417b3c3c542853072c820a06edd6dce832beeb5eac8902852e23673b7514e28243686c38286d523ae102c9545ae93d36d58612d96a1ae13120

Download Submit
C:\Windows\tasksche.exe

Filesize
3.4MB

MD5
7f7ccaa16fb15eb1c7399d422f8363e8

SHA1
bd44d0ab543bf814d93b719c24e90d8dd7111234

SHA256
2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd

SHA512
83e334b80de08903cfa9891a3fa349c1ece7e19f8e62b74a017512fa9a7989a0fd31929bf1fc13847bee04f2da3dacf6bc3f5ee58f0e4b9d495f4b9af12ed2b7

Download Submit
memory/212-66-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/212-189-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/212-62-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/212-69-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1196-84-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1196-86-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1196-79-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1196-82-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1196-73-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1200-178-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/1200-412-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/1476-232-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/1476-113-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2276-8-0x0000000000C50000-0x0000000000CB7000-memory.dmp

Filesize
412KB

Download
memory/2276-81-0x0000000000400000-0x0000000000AFA000-memory.dmp

Filesize
7.0MB

Download
memory/2276-0-0x0000000000400000-0x0000000000AFA000-memory.dmp

Filesize
7.0MB

Download
memory/2276-254-0x0000000000400000-0x0000000000AFA000-memory.dmp

Filesize
7.0MB

Download
memory/2276-1-0x0000000000C50000-0x0000000000CB7000-memory.dmp

Filesize
412KB

Download
memory/2348-89-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2348-18-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2348-12-0x0000000000610000-0x0000000000670000-memory.dmp

Filesize
384KB

Download
memory/2348-19-0x0000000000610000-0x0000000000670000-memory.dmp

Filesize
384KB

Download
memory/2348-20-0x0000000000610000-0x0000000000670000-memory.dmp

Filesize
384KB

Download
memory/2384-44-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2384-49-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2384-51-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2384-38-0x0000000000530000-0x0000000000590000-memory.dmp

Filesize
384KB

Download
memory/2384-37-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2640-190-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2640-413-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2724-131-0x0000000000400000-0x0000000000AFA000-memory.dmp

Filesize
7.0MB

Download
memory/2776-194-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2776-414-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/2780-213-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2780-98-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2780-90-0x0000000000CF0000-0x0000000000D50000-memory.dmp

Filesize
384KB

Download
memory/2888-154-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2888-389-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2948-230-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/2948-218-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3476-342-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3476-136-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3644-233-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/3644-419-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4580-157-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4580-409-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4580-418-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4916-102-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4916-217-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4940-48-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/4940-52-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/4940-58-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/4940-177-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/4984-26-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4984-27-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/4984-33-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/4984-129-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/5068-415-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/5068-214-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download