2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af

Analysis

max time kernel
147s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
Size

1.8MB
MD5

e6b5624871d6a7f5b10caaa8188bbbd0
SHA1

84c97f87f5412d3aba727501b5f71c34d76b72b6
SHA256

2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af
SHA512

e2d496802f96cb27fac0f2e507c22570cc473d6daa1ce999bfe94d5ca3080d53df785d87382ca8bad4ea46c081432034b209e983e3d21505b05a6d7bab9bb547
SSDEEP

49152:nx5SUW/cxUitIGLsF0nb+tJVYleAMz77+WAOgDUYmvFur31yAipQCtXxc0H:nvbjVkjjCAzJ4U7dG1yfpVBlH

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
4220	alg.exe
4300	DiagnosticsHub.StandardCollector.Service.exe
3572	fxssvc.exe
4008	elevation_service.exe
4580	elevation_service.exe
3924	maintenanceservice.exe
2708	msdtc.exe
1848	OSE.EXE
5108	PerceptionSimulationService.exe
1588	perfhost.exe
1388	locator.exe
4140	SensorDataService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\3604bd3b13a2cfe2.bin	alg.exe
File opened for modification	C:\Windows\System32\msdtc.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Windows\system32\msiexec.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Windows\system32\locator.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\GUM6D8F.tmp\goopdateres_pl.dll	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6D8F.tmp\goopdateres_es-419.dll	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6D8F.tmp\goopdateres_tr.dll	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6D8F.tmp\goopdateres_hu.dll	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6D8F.tmp\goopdateres_mr.dll	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6D8F.tmp\goopdateres_es.dll	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6D8F.tmp\goopdateres_pt-PT.dll	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File created	C:\Program Files (x86)\Google\Temp\GUM6D8F.tmp\goopdateres_uk.dll	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4300	DiagnosticsHub.StandardCollector.Service.exe
4300	DiagnosticsHub.StandardCollector.Service.exe
4300	DiagnosticsHub.StandardCollector.Service.exe
4300	DiagnosticsHub.StandardCollector.Service.exe
4300	DiagnosticsHub.StandardCollector.Service.exe
4300	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
644	Process not Found
644	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	724	2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
Token: SeAuditPrivilege	3572	fxssvc.exe
Token: SeDebugPrivilege	4220	alg.exe
Token: SeDebugPrivilege	4220	alg.exe
Token: SeDebugPrivilege	4220	alg.exe
Token: SeDebugPrivilege	4300	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe
"C:\Users\Admin\AppData\Local\Temp\2352d85c2a3856c3a79d141d0a52de062816f79dd5b6d6c22e12d3173401b8af.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:724

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4220

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4300

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2324

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3572

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4580

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3924

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2708

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1848

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:5108

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:1588

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1388

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
1024KB

MD5
5cdb28061868a8f6e4a66427da0a2985

SHA1
97dff73a30fd7888d88b100fd0d56f7ee038603f

SHA256
aa4c02e6d6af5c8d2dc50d86ee4dd684a8865a5def9247b1050b19bae326b0e8

SHA512
7615fc1738be1e961527ba7f91936a039b97dea1209b85b9fc6255863e56d28be8e9e91e994f6fa8a36c8bc780736f01e2af2ba885c54ba66a0a596dfba1c8fe

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
c04d92a30e5b3275d7dd976a47a276a8

SHA1
f13c37737150b0031645d658a61f53ee34aa0f08

SHA256
e331b968016436a35e0d51604cf50b11be071df9e4f6cfd487072dde7ff7d650

SHA512
a7461c2147800fb368f3cece5feb311a5f62a10fe9f818838761847a06798ed471649de8d41f127659c6427cfc15a3c432fde31306b9e5361f8a1852b0895d53

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
88dd49e6e599060fbd85a945aae29454

SHA1
69bab05f4ed24cef65d79ebd636e80a57760245f

SHA256
407c3b054da84acdab4bd26970d12c2f8f5e4f155fe0f491044dfea55c008db0

SHA512
deabc4d507d1465d41e483c7432f7ce763879e061b2b02f85aedca6c6a0eee37636c02aa6ba576a7bc2e36a6f733a1596e966d8416983d3005502ab59f24af1e

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
8a75478f752e8e975d36efcba7da093e

SHA1
d359900c1fb7cd7df6e319d3e02e868a98c7354a

SHA256
43e4f3f20438cfcb0fa1fac815a4e79ce9c39082395d7fd35fa7ca60d333e7cd

SHA512
76869b2ac3f2e227c7bda645944d2e101b64f45633bb38da4a402bddf051933e7fea7bdcc3adc874c049964f9dc12b90b30cf41e36ddca6b8e856ae27030f9b8

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
c058f8d670d6eb4a4fecde5aa97fecd2

SHA1
4ea53a016d50230f2be64e97d38e8b087c04910a

SHA256
a9b3344c3d4296a325af3fa13e000b4c42cb584847660ea85712befb9e49af42

SHA512
554a3e7418c60b36ae19632b1d402edad5e08e0a8db586ee39b42aadff987ee3312ac8718566b163f6f8d23800bff3a0897903f3f34134d234411bedd82046c7

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
576KB

MD5
43d93ea11c4f1d03f6026397d6407237

SHA1
f10380c55e94c962f78f7564723c6c5b1ee58f56

SHA256
bed5bb06fb00924fa2f235f7a0729b71777fe2684498ad0c5e81d5bb99ee81c6

SHA512
22a572bb6506235c8370a1d5cd9b82861f6014feab19ffb8fa22d6eb1b533b9b73b9d472d29c44361791d455b6730eaff7f8a0b8821d2a65f1b27ba6e387c5ec

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
5f80c0aedc2e90e7b0a28f909d5d9c5d

SHA1
45600fcb7c0ca0e69adf08c415a0037262ac1d9d

SHA256
f0c9b1c413599ceac67c5151c996d9c954482ee57bb287f3f39189206a02dbd0

SHA512
53ccc2f46727cce705c1d716117044a264821afb317c432d5fc4b6924a1529cab1bee56070aac2883d01470ad4c27f82734f28c06379c18b8a17321ead115187

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
2.7MB

MD5
9405c576ca6ae81a56ef261b5ebce0fe

SHA1
469ffa8bdcb752ecf23fd652b1532d5f9e17276b

SHA256
33de577244ec09457fe0d8c1665d90965587824ba32ac8d6e114c8ccb4c58e3b

SHA512
a94ad5f7df641548c65d8f5aa852316b8bd1718d8162769863af1412a17f0921e455173d65796dd33fc07b04eb84e6034053315f773e308d0748256e894f73b2

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
8aaa071a73b0b7e885aa89f20604d870

SHA1
903dfd7ee6b23ace1a3e76dbdf49f197098e313b

SHA256
215d971ddab00ead1a91e26fcf28145aa7d1c54d467eb4042e814f15ff672a55

SHA512
022f4dd1ae803521fc5248a27c34789bbf83f90ab7df8cbf0f34b82a666816da99ccb0c380b28fb09ff690311c388e3bbfc9b72bee514a3317f0305cd8f88982

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
256KB

MD5
15d565998d3ad53d831afcc8ac63f796

SHA1
149e910adec72ae8689210ff699a877764f0dea9

SHA256
2673a25597b394acdf5ad1272eeb45cfe5264ac4f8f376a9b4b70ababd219442

SHA512
fb607b04076521d8bdbedd33c4b2611c20424acda63dc88b6bee08f5a23b36c159b01fb0951ef886b88667a8a4362379db213d2b501480b0eacb73a358a4d0b4

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
256KB

MD5
ebfe09be29500fccc71a549dca8e95c4

SHA1
0f74bd63d5d1a1cd52d312253507788a923808c8

SHA256
8fff72b6bc80fd6bab8d3b58fe12366bda7851da21cddc1f57274b0b3fdbcc5c

SHA512
b78c02599ea5058f0a666fd23571f86ae4710e40ef873c686b31721b0fa0c28c032e3a496d2205499728872015c6a6d39fa3121cb6f1e2177d2c23b6fdcf2030

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
9d9f122e60be63bb5a04b545821852e2

SHA1
eabde76bd452ec9c12134ebf7d90696594631185

SHA256
d1fe230da01b764ed4427fcc2caf6733b90e9b7d30baf28daa06ce5a5ed61781

SHA512
1fd813685fcd9e7f880a095bfa0e0eca26b587d050dcef0a760d9214a4cb76c100ba24fed2be8468bee7dad7ce20f0eb3fe6d8c485efd7c81a1fbac93378f9f1

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
5002571242e4489d4004051ff936db7a

SHA1
b6c170e50530f25f91ce8275c4fa17d8fbeebbe4

SHA256
7b5adf98e64043519495ea9148cbb76131caa9036a751f4c2d0940980e77844a

SHA512
57a6dd98ae4c702ae32083d392dfc101d1272e051857d9b07c733b00d6689f51d42f645a3a5900c1535615924cbfd8aaea3d1c53fb183cd5da54817e987b4687

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
8b523bbf38edaf427e8c841487f21257

SHA1
5379db6db851f79cf2970221db39c14df059058f

SHA256
883446508b19c39dbfb4366b6215cf90870c116b09eacf426d1310cd02aca2cb

SHA512
3e43353f16ab49365d3ce958e18a51f66faf06c79b00187c96918cbef47ce8d3da649d35a43b9c835869bbbf43917fa182dc97720996265745101538f7db2857

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
2.1MB

MD5
8f806def30153a8827261df10c466464

SHA1
f582ddfc876d502ccfa55c537cf876953100095c

SHA256
ac8263a5afa558e38345afe1c2959c35979d75ca5c5e684fd2e39cf634cf111f

SHA512
a12f88f0aec976ebf0a3cc1b8a8fd768e11b4eb1feaf32d695e66d5380b5eefd7e5541b12e7d0c9632cbeb27fb8901f64675c1aa9e5ea452ea2374ee76dde004

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
2.0MB

MD5
168bede70564d3a1aee223f10aa8f065

SHA1
8b3f9ece11c93434f12936ab1f4eccdc87f8e490

SHA256
ba2ca97b488f7f0fb026a1292b15a392c0b72becf52a1fc061fa56982ef7bdc9

SHA512
9bf9297919d4304ffc4187b5a25165c309978826dd77ace1af8ab104097c94c7e4e0181fb4c573cc8bdea33703f851c156306ab9e207d7d574db9df73df23e4a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
31009b0f51a0e964122cd534db3d3d54

SHA1
12911a935eb26b8aa6c7c99a0d74f65995fc1ae7

SHA256
8ef0cffb80c5002804c1fa4ea29379c72c8591538cc7477c47a2c5308ccf50d3

SHA512
6e37fc807983f6c9d0a6b2b1d260a834d2bf542b68b318788115fc42e9a74eda302415115af800af2197f452a52a19517a9e942e1cfc26e799f6c3ea662faa4a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
e35d48cad59f37cf28a034d81f2e836c

SHA1
9a6228f06a895ea7d7be612cf759644f2af6b545

SHA256
e4a5387eaf3dbf4ccdc452a346d544e1be2e8e2511c5046af46f7e68dcc18222

SHA512
3be9c8af82275c81377a2acf510648c69a7ed2c9a76144826655bdb32c6c0e67a6092712dc2f6e0f4b5f7ca45a77d193cedbba68dcc5c97981a5067cf2eebb20

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
901f94c71178ecd1d2da6931d3a8fa8b

SHA1
ee8d7e8f006522672f34c2917e2637526d21b144

SHA256
2cbd20837bb775cbad1e2e5307198fc277916ba85c38aaa79a54abefd9087aac

SHA512
eccdf1b9e291d550a825c6a5ab354aabe59a037ae211dfbaae753bee193fd080d37957a47c4c1b2b8005e8c0d77efaeacad12b909408b73b24fba98e31a916cd

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
90274a56564d17a230a6b55696548d19

SHA1
049ec270336ea63c31e2dbe00f4f5a25e7c170dd

SHA256
6705e617fb95209b2926a8c9acffc17e416a4113305b2ca9cb8458af43173ab2

SHA512
018a66a1ea30926580656db9bdd62769b6b3aa2c7d5faa92d3289d42f13357610dc980895cf702e35bb7e9c7a2c51b01ad50d772572744104f1973242a3af859

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
f52fb5a9128bcad0450d6682aa2d8361

SHA1
9f6e52d4a29b1c7c554343e61788aee818c0e059

SHA256
f0079982979fe725c60dd8f7f8cce207af49bc4bdb0fbfcb7e0b7a0f5b1e8a29

SHA512
685d12f0e2593a7ac96d4b9c5fb0803e43740b13f39e66437ffdaa61116e391af6a1b6bbcfbb16ebc7ef827a3bb9576b02eb7438f25b532589b8c56db9d83f2b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
aaa4e7e487d6995cd37e0ae7d18120b6

SHA1
83d1bc8d32f68705f16bacb8f333acdbf7fbd5de

SHA256
6bed096b7f9254697d20d9c6cfaff23873911ec38e56a702fe81ca0e160b53a4

SHA512
54f5f9bad2eb41dc85affd3eba123570e99cf7e262299f1cfea2c3c4139f122f83dd601f1347debaf6ed7d8bb2d3d3ff4e643216dc1908cb3370657c761c6ac6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
e93b5703428f332de4658b7f95ee5be6

SHA1
85d0faa14c8c370f1365bf3053930ae6fd118f90

SHA256
daab4ff9dd407f8def06268c6e03e00da91eb92a777f394648b721e3879e499f

SHA512
89f0524a747014f2aaea20dcad5c56fba667031b72c8db29c7dd8117e28426fee5ba5a17e2ce2ffab01a92763b0459256efb4e0cb1c932077ab825e722f3c4ca

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
d32c3b47ac2ce083d7443e95eff7522c

SHA1
71b721bb1de6aee5faec26c6c0f3da99cec0321d

SHA256
b06219a1471cacd8fad30dd1e1c49fb35e17f916872680cad4419bec2772ff9a

SHA512
d9226ae23a9a52833ec174956ec181053623a46f4e298b5a1fc02517c722b3df1237adc923102b843015a3770572defa680120fd4cac252430e1cd9eccaea1bb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
6156a1951f1e3ca9a1174b2408be5b66

SHA1
da77a7f1c51da62de5eaeb4b2f1a357690f54455

SHA256
5273b32fdffc9f7ca2bb95b1d692221b9acd14cbe759733cec8b84aa70fb1fe3

SHA512
e1c2a04612e324f34adb8e6663f1f1c3306bd3cd9f35e941327b233c9362ab94b4bd830e2142db7ebaca59c9193d28b0b022278995c8ad45a01abf281797c594

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
79b673132039f6b016730520bd590c01

SHA1
f4997b61762023cfa7d54e988918ce83b476995a

SHA256
93f9c4ffba1557deb5c3cdb812a231f06f06bff432f1ca363ed8ddcfea2dc89d

SHA512
4a49fff36ccad0cce890e0a0bc4fa1d9bbce9decb70a00eaab95e50414dc572daff53dc0dc85a61829a0b0fbb97bcf998155d048755ef87afb4526c06ef47953

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
4c5b135637b551b9d210e222bb2b6c15

SHA1
ae93374e87dab6a8a509f420bbdcf472b5078d77

SHA256
276461dd8290a772d110ef76d7b353a9f41855836aeef0840fb3a40dc4e1f45a

SHA512
10135753bb0e54882feb1f63d3a298695125a0c07c5703b9dbe74aa290ad480b1ac43f6025705cbae66bb9d05968a2f94834fecba452b80afdb63465a2c88f91

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
d3b95b7abee31cacc74adc31e9b60b27

SHA1
23dfac21961dfc23e84a56e84dfc74f314347bc5

SHA256
ce5a3b0b5512a31bbd95c313ce7eb49cbd693be04e7ea9d72e60ff9a38a6024d

SHA512
39c9bac19396f56ad17a1d154b671a989e2c77254cc3b7b290cfed4476ce4b563c2bfe53c76a22f3c3aae59e16cb857c8cbda8bb81018a9a6d90fca0e84148d3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
f1d4751a9902ca0194e7eae84edcb07d

SHA1
f21c6ba214acc7585721cde74d570c9f1c8de185

SHA256
c12463123681a17be122f66c50d22ed2ac3ee00917d09a8986f3e01dc629e970

SHA512
9cc2271dc25e93e138a7857ec5fe64342ae828730cc121c33d2516ae193789aee1ce0b029b154716a2d53b100a35ce59bc2ba3fc95bfc9b71b7a2ae75a0b9c4b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
7fd60115ce37dcf926e16771c57a6d36

SHA1
d19db59b12fe4aa0eb3909cc6aa8d1de7996a195

SHA256
e7e20c17d845884ab24e3fc95ad7b3049e539bbf2246c36c2c9477c395b205dd

SHA512
ca5115e1c951dfd143c31d14636608a158ea5c20c8b20dad120256ceb1239c623adbd982b5478c9b99ae5713fad9991c8b710ba2308fb132b7d28e2ea85aa6eb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
128KB

MD5
7e38a401618debeb51127b966af6ff60

SHA1
b4ab33b0c1a838f2d1b6aa73a0d264cb37955c12

SHA256
062497e64f43375cafc575ff246ed30a430f1afa4b484aee84548861c1b73e89

SHA512
db8ba03101ff190b7b8f2c362eb33037fb4f7e744713ae00f9f5142d25051a2c8a1c1d44f59c316410c22e101b9f568ca3634e2d36c3a5b37c154645f76ceb96

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
6066fb5c3d9ce0aa2e2e61f6479028a3

SHA1
e9b760f2d46d49242fac8e11ff8f809958b246cf

SHA256
ef8147d5c7818584f20572a8d5faadf511090db716a7ecb8835a8e557614074d

SHA512
35f3a8f6a672a2c0993628362bb1fceb4e121173f03f374a2cec5ea4330c1ee181742ac0fd9a7be6e29a7ad9d472a9e69aa6f687e7adc471838c878e2ca9d8e1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
4aef691210b25dd6542792c3b7c4c923

SHA1
358a008fea47e56aaf0aab481bd2d2efcb86f74b

SHA256
f57ba1f54e466d5d6c950cc84c4f3708bc462bba45b10cb9f32690a825a92d5c

SHA512
d4d6c3a07c6281917d9034048f45ad61c8be5b6f9316b8e02f362299a1f4ee95f040a83899084241d88bb9fb0c325838c5c7f7a635538d7216894887e009ae8c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
b071eba5e66c54e514260d8a43c5b246

SHA1
548dda2699ecc143e26da9c7258fabe416585fa5

SHA256
4486e0714ddcdc7c78bdc7735dbc02b61d3a0df616ee25c53b4c5ccbb2f0e162

SHA512
f7c9b5b33ac998208ae89ce06e8697f401c5434ce023daa4fb4d17d1d52de79deae3b2cebb23fd69d86d2a158a3db4257a57178dfe7f95af67cadf3eeedd6941

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
c047029e18664bc30878328fab83f0ea

SHA1
1bcdcc389a42f5fd0af0507d2331ff5d389280f7

SHA256
6e707fb118ca7c1521ea5c8252248eec88f7095f1638f0aacb5d0452bdaff0f3

SHA512
741c6dabed75857d76b8b2d5ef28f1704052845c46a1f26a2a02e4fbdecf4bd3fba01f873ed89627a439f84dab569ca15e214b0264229c280fc961abb59d1d49

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
1c126deb7cc9d8e5ded5c299391e31cb

SHA1
d6422d29720fdf1abb64cc2c78836682934b4dca

SHA256
727b323fb6617fc36547bed6a74df294a413db1ec88236fed77a14bc7f29b827

SHA512
19933995b0c8be5ab105635480184e26d87aa5b9ae5984dc5b59370fff9757e6b3b3715cf4642b4762e68cc73e9cec8e37b44e26e58b05c2370f8dbe49c72f51

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
c943c3658a339c1afcf7c9a15a4037c6

SHA1
a7c066bf2a7fa376c130502699c63dba1fee2de9

SHA256
3b15886fbdbaf9294e0b19d688755b8b7ee0008bf4ff2b41337225e422db615a

SHA512
a96fd708806af696090435c5c925656da41371ef307fe76f978092f619cc2d7ea7d6a349d218570b799dcc72d5e3809bfca8294b59ac1955dacfccd13f8be021

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
ccf3047c3d52029cc1cccc90a29dbd0f

SHA1
e290582931b796556ef2a79b46da0bb4ef21d1ee

SHA256
da2fae39059ca05a2633c1c35aeef66514e7f010fe572097343e7d3aed88df8e

SHA512
828f7470453fa75fb066a00910403d4d2d3bc88f3865f10cd29f05486061ff71f597b77df8270e6bbaeccfbb5ed2249d5e673441dfe75149c370bb4b8277d4c7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
bd3130820be0b02496e640f8626f2ec0

SHA1
40f3c673b760d8e319e193b829ae4ddcb2c0e379

SHA256
aa1d5f1ee030dff28bfc4266833ed1784ce172458327e26955a0ea5dc3efd518

SHA512
b6f8cb136a8cb0ef98b10e436f2daf022a34ca12cb319292b9f702c7f35b3b905b3737c2207e6d7658a0ccf2ae316bbffd10e274d7f529622aeff8a50c243f2b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
d240c24270ea7c973dceb7c2fb44dd09

SHA1
fb3ee731b2231f78fb34845ccf737d5b8a07b6f3

SHA256
ea3638fc030d278e47833e62e41c3e035d44fb064e0ccfcae720a0a84db54b05

SHA512
a8b3787c080104c100e04badc092a976307d4d2e0103eaffed00fae075e78a9aa003236bb726fa1b1ed02af7aa76215a45eb2e3e5a1393da4252dbbe1b170092

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
10a14cc1c9e37336095b2f20228a8ffa

SHA1
abf035da189a79709e71da40fc7d71a2f55bc97b

SHA256
18ead480d98cb4227019608b9c75c1161e43cae5144c948ee875494d62d9ffee

SHA512
b96ba5062ad1efc0d82a67f5c010756a8fd5c2aff03c351e3e02822cb494ee987caae5b0178f81fc530c1c003e9c8405d2702616b1fcd8d6013bdbb4b3644c21

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
0af6d22b3981e060197d890278137456

SHA1
e5f2dbb42a5ba3e38e3515e93a75f63101304590

SHA256
9fe4a81391d3a172c6da3786c74b2710a4079bdbf6c764e2a894bba565cd459d

SHA512
992cdda28e74e82b895fb3b874028b4eeead7810703c7137dfd6a4e42ca368e99f40bd95c356aefab52bf5c59e4a1c77422922b9f165f2dd3e080986cf55d127

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
846d2b1a28048cc16357884c38deeea3

SHA1
170b9e47925c50063c67459d0c1bcfd90031f28f

SHA256
66a539dc4cbd44b1bac1bd4bfe437b17c7543362b29f8705599ce7f3b0f9ae1e

SHA512
7c95480fc225b16953d45111aa7520b13c0fd7cf70822c98b5f01da7acc341c13b0f16601737a7c29fadb92672fc62e748e7611508342fc9bcac34e2680edac6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
581KB

MD5
abfb568a0c89de355dd5444a5a693ab4

SHA1
d2d15450bc1a768a539abfa10aefd270ce979ce7

SHA256
149efef81b21a2d26734e6dd8303de5e01eabe87e934fea2af18de68268c1a90

SHA512
76a873ee78f1478ad8aed6dae1c67922eee76115fb22d985f3ff412e2ddefe2c48950868f631d591bd24186160606d140fe66bb809264a829433c961a62f5246

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
581KB

MD5
9884e360dfd4cc9d1df8ae3bd3c9d541

SHA1
e7b207c52b81e025c05cdcbab5d4db47a9139b77

SHA256
aa8620a517349f3a15092755463a6b7f17e4bb78492414751f1416120f238bdb

SHA512
49ebcd8dd0f51b683faf966d9722c879e8e593a4d464dbca8bdd02657c3acd041260eeeda59d4b7dbaa6fc92d7f62628e1247a14af85c85f8cb4f731b70ddaa9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
126KB

MD5
2869b1a6571dee0844958d42f1a0acdd

SHA1
6f2ae9e221377a2c01c2c6dc5167ae845d01d092

SHA256
f86cdc975d55d4f266eb8ccf10231e9ec72225fc001b6cd2d78473963365fbf4

SHA512
69742bc1ae1bc5c28a7fc8dd445b8ad76f14c9c266517050e97afe10d2fc86b54221522cbac43f523e13f080cc37bf724dc3aed9be0143403cb0d36c958b5291

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
126KB

MD5
01cfb5a969739c37a6e06a304102e4f4

SHA1
210b8ea8e1d3cea2167586eff7b5b5a11810e82e

SHA256
223422dee44faa45215bb7a4a2dc56d7945e069aa7124e60cecfbba729d058cc

SHA512
d5ef02e26dd69b1fbe5b1bc61b237abd76b7575eb280f88623dcd7ded78b2d152ff34b61d4e12292121ab5ce78bc4516006f7fb543fc1f54b47437ea8f9d2187

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
126KB

MD5
a1295289c399c73fb489853525d7d886

SHA1
b9c9d58ad7b3bbf763873671ac9f1d31ccbccbce

SHA256
e86300b849a0ac10d67fb54afa1e0a49175aa2c8b610987b8619e14777c50a89

SHA512
2e9bee34785aa1afe69aba97405bef0834cf1251108ecf3012a8ade8d12d7db7e14fca87f03642b9b9a29475edcb5c7b35864bb7240f18b8080102db988b6453

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstat.exe

Filesize
126KB

MD5
41e9b095b0e2bc68ec3575384b89f5fa

SHA1
dbfc90318b8f4c6793b75668e7b238f2a167ffa5

SHA256
715cbaa892ab5de0e206ff5b18ea4a765e04070874287eb1f708c8e1d37961a6

SHA512
a4314ab09c73218e697cc28833d8b2dc7c7392b37a8e04f575de8875b58c4044d8e37c25cc623a790f53facc25c3da576064f98d0eacc63a8a2e550a1e9166d7

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
696KB

MD5
58d2322b1ee9a69287546e888caacaa8

SHA1
62b5dd0b19e6c98f23e82784078a865088ac201b

SHA256
a5eaabb0755c7a51f7bdc31584cbc1ccbdee7ab3f74f9cb72d72f58e38ec5582

SHA512
0d83f49ddecbc6ab6c3f877a7b48a0f20f27d671ee054feb3a40004e557ad88646512905ddff5c5bdba22353cc69260877c0c9a5d6b828c5a6edaede65b735ad

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
2552fa147d65d7347061cc33149fa230

SHA1
8bba3e06f747e8670b443aafc1d5d9cffe05c89e

SHA256
1909dd5f8aabb17ee142f941e01e56faa6c61b73a65f5af98f4b0c8e049f2db9

SHA512
ccbea23c2261bf23ef117cf55b313818d7041d52e796dcf01aec2f4a4830c3e9cb75251c8d7148225bc0994977764b0b21ea5714f97d32fe63da0ad5d396a82c

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
ad74a9028f2e7edb9d192321809eb5e2

SHA1
ad7824b6cd0850301b8f1d01ee208f3fbbec969d

SHA256
9cee226507e332780653c5023bbf095f5fe46bc43b0a9c33516d0973947d85a3

SHA512
8026d8aa02b4f56e7446034eeb29bb07599dcba3376abe04b9ad14570e5abf79f58c9220ca2e3a9d10b73fed7aefd67c4c42de7fffd9a4a7b652f78b0bee30af

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
f79533d3fb0e517fa3de04aea08adcd5

SHA1
9b83af4bcc9617faba606491f1de337f14d6ce5b

SHA256
2ddf48e16e64bc6c95be5657334fd767daf5ebfcd4a44ace39b5c697ee04182b

SHA512
c6658e5cf4ddd1d1f5f8e963e77a9be4ef24f3f7cf9ce67544c82ec36ae4115cb3a56339eabc8a54f2bdd897f74bde7cd9f8f81557f84ad29d7a4e053b282004

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
faa4f7b24134d74a27ca60248588c588

SHA1
394634e035cac897fdc9ad163016b80a553e1e8c

SHA256
51cbfb55b454b06ad677b5359ea7fce0850713dabcc535e5d977da1c7c59bc8e

SHA512
a08848574882fd644ded81c1606ad76b9590445d870a93cd2f83197a6f6c5ec09cc3dca11b05b469ac224a10399851e85446185c14e7a781e63150868d615929

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
7453f3f14585f530c5692872e78c4c64

SHA1
57e56987a56a32cd1cf63131197eb85f5cdea156

SHA256
b86d547c51eadc177be0ed342bb0eb450a1952430e0c0e49bc9c13171a1435dd

SHA512
86e1e688a62ad15b83959d79de3a7f8322449518128a0466fe49667c16d2f02d8e2cd9c350c4ffcc03b41a7308099852e3f7c1302bd4359b301f4e162c171e10

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.1MB

MD5
5fe5aa9b3975cb73a720c8a4c15d21cd

SHA1
d05b36f14a271f0c8ae6e93098a7156906d6c535

SHA256
e8a424de472d5b25ae5d580635adf6091feb0f9c7889ffb7e5f721c99eab1405

SHA512
4baac344396503b3dae5c1483ec8ac2d5b23bf3d04d73778a0d9d63fc4898ace63bdd65ce4b098a6c41d2f4b576b5271ba3448ad1377641160fba6f53102e04a

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.5MB

MD5
d9d212b288ec6fabf52362d504a25797

SHA1
fa45119ad5ba46c10d6120b1d9a27cfc57322e13

SHA256
9e46a7e74440639b1c05e7bc5998ca79fa6774169596d381e20b00233dfc8b8c

SHA512
c8b7a9eacd780e248464cea66a0aacf689e1d3bba8aacb11b7e66649e33cfcc6dccf0ece501a980b1846fd9094f30b71902eb50268f147d365c685fc64846ce1

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
5dca86b17438570fb22b5f405147be5f

SHA1
3e79f5c64bf174552302de7361445f165ee9fbef

SHA256
87fbac0e73b7373a2b855567bafe61e752b8ea1f575778207b1198757331543f

SHA512
9d5683abb7fbd521da1f2ee7272e822d0d5264fe27df1e01eb21497aef7ffc443726538a750957a8ed7448e1f6f19973ed2f17e0d5ab9400a7501f0d11beed3f

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
0188be8ccfd07def41b15412c3471ee9

SHA1
8ff50fab72ca6995d4e9505cb1901e503fcbda8d

SHA256
d383aff9b013b31ca9d37bf982a1ed34acce75c9a90a673df822ff02631e8205

SHA512
406b9c7293190215ec2690ef30b7f5a1e306fbc846771a4019962f6b888e474e4f290d9bdb8745416dff834679f9083e11e2c0c6861f9cc1092bb408bfc46aa4

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
4365d845b557ebd8bcb1295387c6151c

SHA1
6bdefc5124cd8fa1299aac999c0aeb3d8f9e63dc

SHA256
3310ed88c6dbddb6741d1822265ec47bffa1a7a506dfe52103bdd85d382586c3

SHA512
e1df8bd79b92997bce373855eb2d89ea90e75b3a23742b7eed33a82b1dc9ea3e82b22bdbb46f2f7724c1cc25cae3540223e4c63ae3b2686c586a602f2117ca8d

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
8877117234b792d7b5a763630248ebbe

SHA1
a1919bdb8b425bd970e6380e44127322c80ace31

SHA256
5c10f29f164b2bc8fe006b988cdb2f7c198adf445e99765c7d402902fa2def50

SHA512
873fd3bcb86da9e84331caebbacfdcd85bf194328ebd22fb9fbd8999d2bb615139fbe0a7a63a95923ff5a1c041369476fbefc59ade2c0d6d267f6357bd223443

Download Submit
C:\odt\office2016setup.exe

Filesize
3.2MB

MD5
db4a4fc81f6209a60457bcc5c952eda7

SHA1
1b2f0a82510fb6632869162a70fc2e6fca734a7b

SHA256
7b6c04e53e83d0c7e2830559e2df26b6eb14372aac436bae4d95419a70968ef3

SHA512
9addb3dbaa5aebc687d0e4f1dfb0f377897e544d4aec0a6eba4e9bfb038c28ba91d2387b627237109bbc06eab747e3d8d2c8f67a348a4976d2ea20acc05422d3

Download Submit
memory/724-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/724-7-0x0000000000BB0000-0x0000000000C17000-memory.dmp

Filesize
412KB

Download
memory/724-132-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/724-1-0x0000000000BB0000-0x0000000000C17000-memory.dmp

Filesize
412KB

Download
memory/724-308-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1388-224-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/1388-480-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1388-215-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1588-479-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/1588-211-0x0000000000610000-0x0000000000677000-memory.dmp

Filesize
412KB

Download
memory/1588-206-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/1848-425-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1848-187-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/1848-175-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2708-227-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2708-162-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2708-163-0x0000000000D00000-0x0000000000D60000-memory.dmp

Filesize
384KB

Download
memory/2708-171-0x0000000000D00000-0x0000000000D60000-memory.dmp

Filesize
384KB

Download
memory/3572-112-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/3572-104-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3572-105-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/3572-115-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/3572-118-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3924-146-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/3924-159-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/3924-157-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/3924-153-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/3924-145-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/4008-120-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4008-127-0x0000000000C80000-0x0000000000CE0000-memory.dmp

Filesize
384KB

Download
memory/4008-119-0x0000000000C80000-0x0000000000CE0000-memory.dmp

Filesize
384KB

Download
memory/4008-190-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4140-477-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/4140-478-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4140-321-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/4140-229-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4220-12-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/4220-144-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4220-13-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4220-55-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/4300-94-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/4300-161-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4300-100-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/4300-93-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/4580-140-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4580-203-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4580-136-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4580-131-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/5108-192-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/5108-200-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/5108-472-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download