21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 19:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
Size

625KB
MD5

1f4c00c89fe2ac37902fbabe0d006229
SHA1

e758519742b272b3b7f7b9de01324cd95b9171a2
SHA256

21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933
SHA512

6b5e31360ee1ba15de78f174d5c445f7995a5150a6138e69546eb3cefcbbc52eeebc6c9041489aaf77c8033331144002f8487c970f344f97867cecfbe208b2e6
SSDEEP

12288:R2r3Dbif4YAJ93y1NrLiLtJ8nBxu7DCOzRq8DvQgqAbhI:IrHofe3y1sInB2COzRq8DvFqt

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
4524	alg.exe
3004	DiagnosticsHub.StandardCollector.Service.exe
3824	fxssvc.exe
3032	elevation_service.exe
4964	elevation_service.exe
1816	maintenanceservice.exe
456	msdtc.exe
2352	OSE.EXE
1292	PerceptionSimulationService.exe
3452	perfhost.exe
1476	locator.exe
3636	SensorDataService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\system32\msiexec.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\8fc6f68312041754.bin	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\System32\msdtc.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\system32\locator.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_127765\java.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3004	DiagnosticsHub.StandardCollector.Service.exe
3004	DiagnosticsHub.StandardCollector.Service.exe
3004	DiagnosticsHub.StandardCollector.Service.exe
3004	DiagnosticsHub.StandardCollector.Service.exe
3004	DiagnosticsHub.StandardCollector.Service.exe
3004	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	764	21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
Token: SeAuditPrivilege	3824	fxssvc.exe
Token: SeDebugPrivilege	4524	alg.exe
Token: SeDebugPrivilege	4524	alg.exe
Token: SeDebugPrivilege	4524	alg.exe
Token: SeDebugPrivilege	3004	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe
"C:\Users\Admin\AppData\Local\Temp\21542db4b2e455c323893c27bc098bd8222444a71f959f295f7e0f835ae95933.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:764

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4524

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3004

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4984

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4964

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1816

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:456

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2352

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1292

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3452

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1476

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
d3ddc70ef9d909710c5b4dbf79712851

SHA1
3a5daf217d876f1366f47ccbf04ec4fd96c5f757

SHA256
fa68e6badb4319e7be3f4812541a96297dbc414c39eb8c162ee2474ca288e82c

SHA512
92f6c6a94a0e2a11b36c4a47d5745482ac2ad22285a6593dc87be2889d2ea3bc310c4b36d9e00825556bdefa505c138c67998bd295946a9d14ca14fce9d745a2

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
b9fdc21b536da4b3067307184a247a95

SHA1
9a7c3068b6c33a6adaface4120c735eecd158221

SHA256
05e9ca168b14b770caee11993d0e22dfb329366b89b1eb6f846fd5d8e21f920e

SHA512
5e9c5e4036171c25484436e5a0bf5dd83dc3cb2d9f22cbe9f80e138558c7674436735fd13d67b8ceacdde061625a50b4c93c375210ec80c4d35605f74d5459ce

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
d7630f5728c06c1a2e21b405f5ff37d2

SHA1
e24dafcb759824f74af7aff0cfb4c753d4466cd0

SHA256
1335171faa4baaae92745e2cb910baeeebcecac685c7b42fd990e4166dfae04b

SHA512
a339c13af5ec27827e6acf99caffb8eb0ef3e27269b98ae42a2ff62e216363f522ddfbd558db13687b8c7d866c61c0bd5c6ad339fb43a50031616c57649c0304

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
d2b85652c36fe90543e067de761e5feb

SHA1
5f65afe47cbd6ed5f4bc30e77f5d9a7af713658d

SHA256
ddf7de0003a5b41bd0f65af1cd647c33d746ca2d40529e9398a137e9698fc094

SHA512
9bb73125ca955d55b8d6b63abe2cc2f4025fa54b6a97ef6ca9403a1249eb9f90cbfaaf3c0114b6e3407f07ef9f95c6d5a186b9264c83bf2e0074ef4fec32b81f

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
a32c094a1a0a68474b5b977a9a6414a1

SHA1
144547078be38c14a47a1c62636207310307fa6a

SHA256
30ad882810420ec05a1682ad86ace1aa02c1df3d8cf2c7a0dbd954e60aecd4f3

SHA512
1054b4f4fe4b5528c509b4f4fb837227948958b9e76bd61caf40a00607bc5a9be5d5b846783478a9da22d54513f3bdd2f30f5391ddc75ee4076d8fd534c80b26

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
cb9ed1c7751ff88b6b96d430e7a3a426

SHA1
db80559890023719d038d159bf771ce642f324f6

SHA256
b326f7f76a41bf31a91d1c0ec39d0fe084cc2091e11687f6c9ca3f7e69f2e739

SHA512
fb53e80b36cec6d6bb785d8cfb11e122f59764d804fb46513cef2ceb0c415faa7a3ce6c0571284c70015dbf379083732ca12401a55dd92328a1ae5877a6f892e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
a49cf875f36df6ca1013030699ad91f6

SHA1
7e12c5ac1c819e7173b599af5326ae03190dccf8

SHA256
1040a14902f6afa18ce9dab624ad5866106004eb16a5c49b08a0f00c468305af

SHA512
7914bf58b0a28bfb18e45267a76c1c6b01c287262f631a6e91a2d4a11387f13a82da9948fe64dbc023de88d93e218e9178e7f18bce3743ce5a58f295abbc19d6

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
09e961560797aed550e80179b4cc51cf

SHA1
19112e5f4908151ee812f574eabb0192a79be83d

SHA256
b1c74abb856c7db5a753be92205e670103d92775d51e3104d219a25d59767e6b

SHA512
7cb553961364bf485c577cd1006c4211d220f608ce99925444dbe4cdab6d886b91714790cedf7cbcc04e6ebe3dfa1cd397a2599801a9dce72f0ed0c31144e1b2

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
1f05290e1e8b121e4a2d571a4da95f65

SHA1
2e877b40008345c27c98c09a071640eea9be2a12

SHA256
c0948ef254f50cb284d476743205e52ee78d86d61436dd3e5ab347487d398885

SHA512
a84cce7cea801e7685f525945872ca27a07d768a33f200daa7d6b815d823e84626fe7c57a71997855ce375acd00a99d69e9fe7d0e3e25343b5d61c56e45e0bef

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
02600f8a5c5d2f1276e9c4c64b7b1bf3

SHA1
84bd3a6e662bb5e4e1456521f8ade000111969fd

SHA256
a38d9631c0256555f5ffdfb3bfb4611fa894d47d9ffd7099f25f7bef8152256d

SHA512
61b0ec43a00edfcf295af9bbab12e7bd808c1325a827658d16c369133046b19fe92c935afccd5f86c662686f1b6a7d0477351e96a7814a3e1df9074ca14d8877

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
a8548d5dc4c76e24a7d091c3774a68db

SHA1
45e0f4b691ae7eb8fb76b39b5cfd91107191430e

SHA256
d5975504b06444d615f865887d82ff7554dbf2aef4be7f51f5b557feda9ab66c

SHA512
427e92f21bb7a0d16870695e2cb72a2694535925f5ac8e3c5091c72aac9f059d4f59c740f4ec58af20c1e446821deb4b57798c720de352d591fa1e30e5f82c18

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
5921a6b5b12e5f2dd6d7bdcd75ad21d5

SHA1
af17d105afab84180b424529037e274f38857787

SHA256
9cdba637a32d686c3e31bf2fee7bc504b385971712f7dd64b25036bf1cde6dd1

SHA512
7f01e6aaaf7b49ceba5a4618035210bf901ccff76cac756afc4a8ab10f64717d1fca5cb0bd875a94588ebff0f6bf2859819da77c2ae2c235a08ce7dab99dce6d

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
a022c2e1f607721794fe232831bcd17d

SHA1
125431060687c8ac3d296e0f4b0ada514778a512

SHA256
fbfb23814568f8253fba7c832b7ba5b4b5fb29f8c24ac8139f822bff9dbb3650

SHA512
88c10532c16dd11f63c32fe7893ef4b2e12b064bcd1d49fbbf8a18f385e8fbeb609298a13eb1888f1a7e12348114be00232456d04693a9f37ba805f0cd816c78

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
807dd985a40fa748d542ac60be0c8bbe

SHA1
4f1fa1b223d296eafc7913ef792d799090f8096b

SHA256
a9950cec3e1b22c99128f3eb25d356da1d8b7c938c066d51006fefac322e10c8

SHA512
6989fee9d33965f1ef229fd3e0e1d772123c3958bbd1b71978e0b74564d1534c7e7cad620c16974e2a4827b708d072b44658239714fe929379f506c6e3b32473

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
aff0c1d8b779c0d8798ffe1ce68252f4

SHA1
dd181c3031b26b38ef8dcb2b39a9f93c61687983

SHA256
2befb0302c4eaf699d32ce067fff1541176641567dba52364e81ecb4ae6110a6

SHA512
dddceae49512dec99448050751dba9860008970737278313e9c4ccd6c759c05acb298e6548e3b81a1873b6ce571fa6b54b6d8449601b7ad014a0962baffe3924

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
9d7eeda7bc3b2f46e5738074cc4bd2cf

SHA1
5bcf22e9ca9ca4cc9b965bc5650fd8e955e0fc35

SHA256
f54d4152fcebd9e7152390951c77280798ed44e363225c21357baa7a9ad76550

SHA512
cd137ceedf7f3568c21744047b134e3223c115845410765e85e683ad89d3ed08ffcfd0243ed3365c4b258d1ce47d1b1dd490bf42cc499f5e7de067ba8a698bec

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
89af0de0a0771f0782b575f9e057650d

SHA1
90b7ca59b66f6fe140592eac79d62cb326ffe0e7

SHA256
13ac526724ca1ee9588dd5ba2b355d115d4bd88a5b2ccb688ae4b836e2702e2f

SHA512
270e5022caafa68bf8a478504aef0a3b879b98965a30c8c3fa881e13645cd2b7101ea0363c1aa4f9a52e889c13ce49bd9722527bd036030b610e572b1beab2a0

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
177f0a4bb243f2a437455616eb42b697

SHA1
0decea34c465a857363cf398b3eff4a09dc08306

SHA256
bf8e970899e8a7b20fe0f4a403ab980a372c0daf454cb7d08de820b24b9169bb

SHA512
6abc1ce61ebdf029f39c8b8d61ca5baa95d1e790a04363068abb1cb270bcdb3bc717f2bcffe06fcdd17e73eb0cf06f848b60b75733c6edad20472fdc324252d0

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
2f61ae6c62ac957dc25aa836047d3fac

SHA1
a19fff2eabf9728d528a26d7409029d203da627a

SHA256
c45fc2f9736121c449fced055836438e9b1eced76f65094e364086777ac1d324

SHA512
0aa0c55f2824dbf365b64af1fd9518767fdcd36c997565ec5ec842e9da14df8a39d41d320a7b9a366e6b3b712376e1f64c777e54b038cd735bf96bb6721ba161

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
ca6bc944754b8fca46056eb72dec41df

SHA1
898e38af9dcaeea24396b793ad55f9d2712a592a

SHA256
112edcbe3d1eec915fece75248acf0f430519004bf01dc0a8b28df2bd11fc06a

SHA512
dbdfe59c377e68d915b1a4022fc97df8796e2cdbec28be32faca4e355f17c7b12d8a57c0b8b917c35bd1bdc0f3ce3af8c401d0c011cbaf5f3237778d0af9fe4f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
a076efc87f436c783f98d9e5661f8045

SHA1
9dc147e9bc62d2ef45fc169c1f4acb693b9fa50d

SHA256
365ae58c7d00eea8ffbe0aee30521e23c6c2ad70127787a26251c006728ad9bc

SHA512
72d5b62560061e3ed703f6dfcfb44fb3453f39986e948877dae3d1b38d9677fe505f530fb0f3a6e2b7db138083470dc9bb5b8d1504b494f2f453e1a187efbf25

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
6d285f9868bd971e98ddb27b8dd6df83

SHA1
5157edf64f9f1ab95a6bb8c591e90f10598be773

SHA256
d1fe536634b6d008c6518082e466e4ff0dd5c9abaa15d8646f0e60ddfe720fce

SHA512
fa7d24fd90363e62f50244e5997cfd6c501f7152f0daafcbc6d3f4af61389146976fbc534549b67da6fdf86704a18e8170f072ec96e4b9f81d3f1098e38443ef

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
945292886d673acd24af5a38c77c150f

SHA1
81fa27ce73c091da57ccac39d1c95761dcaf59e1

SHA256
fad2f6ab95219e3b4d29b5a020b49187653cc6f69c557fe12e0d3e06fb584bb0

SHA512
b0789a33c8e4b9254220785105553e206766f456e2fd3033c7c0a5dc9b993ebe0f15716e255236b6dbdd0d33bd2ab115f773b0ca28146e9efc44d0392ac4b6e9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
f0b1d3b64d6bf7772d286ef48c7422e0

SHA1
010c5a86db9b96b8ffff2557deccb9753ff3f848

SHA256
2a3e848ab2b2a1806507949771b2df069dc1135c393149b83cdd7781563990d3

SHA512
57025e9bc6d50df9040f8ed6dbfdf7d0b9df40fb7c2d13a680fbe8c5f6418a5632c8920d6ff53264c9e989ed1cbf5070827aecadeae783b0f70d772bc1a6122b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
79f669f20822a92725f07eeec2a1a136

SHA1
c3d89523d8226e8969d6f4ec5ca4506527c97f65

SHA256
e09c4cc6a438b03d1811353fd1be44b94d07fd76981bd61c9852c079795cc5e2

SHA512
5d15b19cee7bc7ba3e5d211a1fc5b9ca46de2df8fffd2cc2b0e2ab224247e091fc6caf431209ac3ed79a0f65744a9abf4a88476ea783fe7e4e49feba03f30185

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
dca7cbd761632ff98e34fe3983f4f070

SHA1
e8d18936b61105f68852f7392c8223452b46a34d

SHA256
86daeb0bb64a4993ec0c15728008e31456b4abd7aab62f9f913ee90b19637bcb

SHA512
b0a9e26096504146236c37e274f588429f459c16aa9a39fc697523b69f85ef1a4b6a202f45d1a6338c65bf00e8d0c8824359b3fc0a7cd97d465453888ae23d73

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
7cec0ce1f7d3b92995ff4cb36a303db0

SHA1
6494ffc6714e78ba184c7f1472cad32aa189d579

SHA256
bf4155e1a1565c848553d0b3afa65a5a70a71771ce2bb7f4b2eff6435a78020f

SHA512
980c790a679ff1228ed1b927e3ffc8b83f1a7b5f4ea405f02eb53014f4b6a58923cad995f5850a7c8812081f7ddfb71fa6b7a5ef7f4e5a143c4f86303d97b697

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
e46c513f392a841756d73e47f93470b9

SHA1
475ab67583521942a229421e8ada34866d09b148

SHA256
097f45af537703d0c39e033c340745aeaa55b07c8edb8eefefea12a0dbd177dd

SHA512
95bdb84bccf25c784f635e6601559681ebef23dfd421e7845d18709bbe570f413d8ca78236e22d85c148282ae74825816923f67bf60e2c56da77cc151a83dbde

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
e58302f4480821b0044eed2e070cfae2

SHA1
13e7395d44accd6d288d90c24dcb0e347b620996

SHA256
61df22abe80ccaf3cb262e833cafc4dd8ff1a4ab28af7c97a66ae1fc675eb620

SHA512
0f2339c4607c3b51b1ecbb4e4cc7cc47875c0954d278f4b1f19db2879ac7bf2413df215778f12aa636f4cfd36c140e02b14870b705928769834e5518672f2e9a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
c4901de70fd467b78ff2356a6c146971

SHA1
230cea9d61480202c34eaf6ea4ff420edd9efc1a

SHA256
0eb6cd24a7afdebcc7d47ed7b627662c6bf83b94268cd4895054aff5ed833ef9

SHA512
0bcb9bb213c3be4a8857ad9f488463a8bbcdb23c8dd8cad082a4d40dffab9f2686bda8e8e8080776c5402c4c00444473bd6c8dd9c67a9f156b4a89cf2f33f1c0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
030b7e216d35f74a5a5ef5180dbf3eef

SHA1
3c3e302fb32d89463b96cd2f839b24942985f28d

SHA256
be7d14c74a2325fa147238a83f6cf3150d31e77135d851e0be6c681f73a7131b

SHA512
743b9ee0297cba039844f0ca4a987cabef707439e7df0d9ab6a779ed84aa5a9e8e7b733ef3af89b5aa3e4559d48ea612d269d26b5281d12d1c8d6ab374ea27f0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
989e10a3c279e5286b03a02d62e10728

SHA1
2919527e918b7d9ad9929ddb4dfa15b6671b8a91

SHA256
9dc1df9313726c714728c797c66b874476ae5b5d8be965eef34703ffadae0354

SHA512
11e10f12a6a5e264ba222c03871efd07839709bac73b35b7b2fcbe2e47e689cfae34c4543704532741bfa68ff63e7ef8404215d0ad59313ed569b3bcb68dfe6d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
44daad5cf2e6695584367919ff4b34d5

SHA1
77ebafd29ab23a4c3270b7707d52246df09b2db9

SHA256
b2bc2c01312b6bdc2549482db5fdb3a4d92259514800815a699d40b8f1b6dd8a

SHA512
16332cf2205cb6aa31b84be71e36828971a78b2d5edd68438264eb0eaee493c5032d0e0359b093307d61861ade7df72df66592195ce0ae534a3062429513ff2a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
d34a7007a631004f969e365dddbc81e0

SHA1
74b4e648aa9f7a7d877a0e5cd29582c5ea766aed

SHA256
fc497104775a44257bc75c474ec22809cc31c7b1ee2368f44e158a19930127d0

SHA512
94949a29e060318fc55b098e592818a0b6ed01da9410c05000526903260d25c868532f0e2a72572f9a7910f6438e8c09b9746c44eea6bbbeaee9b5549603a0ec

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
5684bb5f68a5dc5ae7b0c97b00048e75

SHA1
3cd02a67cd16715ee0d92795e62d4dbb96577858

SHA256
0a2f2533688cf367e476c1b92eebc999534b82377b28acbc8b0b4327c9ef3b9f

SHA512
33828dcd3e228461ca4ff7252a45c786db0ea42e8102a0b0f6f5f1bea27d930fe87b2cddeaefeb70dd8ad4f767ff629c859d74e88c08337d4ca3aa4ff21ef6cd

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
1774840697b966bd775dcdb5a4ed465b

SHA1
3712e2c9acbbdb6e798b210487fa608cf6cfa1e5

SHA256
b37e0cc43858c99c85a273e8fb9bfe16753c7b68ccd30f921253088c1c232cbf

SHA512
64fb4f0e8942d1739e0e42f7dcd0fc7d254ce411c941ffbd966d223b8d04defac7bb2ec140897c9c2b6d09a6aa2d65183e8a78c45986e74b678b35f9441bc1b2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
523dbf2a525dd420ca5ae4112bc4f2ee

SHA1
163792d696e06364351645785f09f84a39b2f166

SHA256
c236f69cebeb08596b6bbb59504e0754cc1643b8345106e8bcd91f967e19b47c

SHA512
07c720ce316a6f51c004ca8c8330425043e5f89e281a179a7c8950f72e25f6d4c7773aaaffa3c67d2c77c5d5bb4cd4a049d3d76752dde469bd3ef5c051b5e10b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
3f4c20667e15168b17c9168de2b420ac

SHA1
bc6dc6dc6bdbf3ff07bb3ecc9769f8d6a1d14ba1

SHA256
18f8b842be8cadcc554ca1ff24c15702db5a44562515568f28d819e59ef6eeed

SHA512
430ab9e1af6429362e358c3870b26e44c56860e5851da67648d126158c3270e1360bac89a8d7faa35c2d2228523fc1e97cac6ea6fb92cc88ef526f4860e81462

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
5fdbe3505cf04931d937fe470af0128e

SHA1
1a8c39b640f4ded9f1d1ed9203d38673a0cac1f0

SHA256
4eb12fb5c31949e98e6e7902cec7f9cdf937be16a367fe1b207b8814b8f7d09a

SHA512
eab49e93e74b109d3ef75efbacc04f8349241f5b8c481316f7319275f82afed7d60858cb9d071b0856b6e5f7aee17e7cbe6fa26d477183bf7b542178a86f79e5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
4ad3506c4e9be85d8b3a4a3209652f9e

SHA1
d1ae0d541e324e351069d093a5258431e500f9a5

SHA256
a5dc0ae196c641ad8e3605d15c9861a3da6631277fa4c28d14c8f5d645fb7988

SHA512
212e2accd77d0a7561ac5e097b8ce8d31c675305d7deb22abf5e3e2a0e04be167891c88ca3e8188908c6b0da9d0d1fd1df1e32712b696a5a0d6356e1cdef800c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
b3689b36a9929fb5bd0c578d202c1334

SHA1
fe4df678adda28285cfa6a8bc44cc464156f85b2

SHA256
04e757095ffb68dbf4de06a8bb3db55b6a3224c30ce159a040660224de3f27e6

SHA512
876ed7736a0cf4fa8cc377e2811f9ba14968106b8091ebb4f0906e3ae4989a1a8092036daeb6c3618e4b04f0b1d570765f7b7d10cf63dd09f4414be28202f1b0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
1785259e95a9eabc4f1d4230708c4d82

SHA1
9c3f5484fed92e836d040843d9ae3124f0282f6e

SHA256
d2291ef2d61209b51e4c536e0e1d4850b8bad7b98d092fdbc49d2366ae1e6d28

SHA512
3c0ed32f2aea9e01c9082d493b3046818567f8bda8ae9781ff238e5dbc7fcd392fc74ae6a17e0d77ca42de43c7d9790c997826128e77a3c9141caddca0c9c688

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
079c06969913cf7e9713cdcefc028c59

SHA1
c4347926532f094b96a058a7b133d7a238aa9d2b

SHA256
e2ecdcc409425d65116c69806350411d3a0d30bab88769674239d1d528da4f69

SHA512
69f3506055f63ff214516b16205d72c258b78e397f413d84cb96e4fc442c0d3125e2b0de32dc4fa0424bd2633e31288f79a6c704030b9981f0c9a215e48b4e13

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
581KB

MD5
9df85b8efe155eb579b6dd5ff7a0b21e

SHA1
607f1a57761da3ef228213c602d68791373c27a0

SHA256
00f80925598222f9551546a089f8625aff496f6777cb268b388d24ca5222c405

SHA512
a80f22c467802afe5339c1f4797038af7c8ffdf49bb150d54cec112c33ad9fedd1b244c408339596b5d5de43f1557a05849d193e095be59f718821cfa6ca7acf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
581KB

MD5
1105f25870b013996694b6c1beeb0f17

SHA1
f8c86e836a6e7dd2ade95fde328a5585fb8005ae

SHA256
bfad845c05e84024038eadd056d644dbfb3131bf037f51612ca0eafa16e04b38

SHA512
043b4eb70a7f53f0dc30bcdbf677a338d7834cb4db995773977db0c9ab08c500b4efb1749d2ae5188c8166a316eb1a3ce170716f9c86014c84ae6f1bcf5a45af

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
581KB

MD5
4c344ca1c403cc414ca9dd768b4c3698

SHA1
5aa5ddad022e152cad6d84cb459ec9a50ff64335

SHA256
d455a0cdec035e928b7ddc7ec693fa26c5802ce1b606f1a057308757dd1e198f

SHA512
1c607b5ff9d5ac020d401260fadb4a06fd16ec457089cf82706ce89c9d202bd03eee262e0dfcb23c4c4baea0b02b32e63ed9d886687e41aa33285b962cbf7619

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
581KB

MD5
81a80d47751ddbd5933fd2005db4f0cc

SHA1
8219e689cb1c7a5e580a10c7d44d661bd8cfacc6

SHA256
a6c5f41203bdfdab8c3f5d3291f45febefbe0132f7c653424a874f8e4234172d

SHA512
7dbc3310b405738ea6e0a647a09cb804749aca13ac8df4a6c0a6d192a7a3a429d7b303de872c872f30e9dc29c1dd04dd37a2f261731ac39be5db18f084aa256b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
581KB

MD5
c275110ffbbdb14cde9bcf58912f2d17

SHA1
3f956c37366bfeca1b39ccfd616a35d860c62d9c

SHA256
dc2fa155e61b22c74c01dd22291d8f159ea6058404a877932e8c56b5c1cbd6b8

SHA512
d3fa44eccb2b0b35243941cb65cf0f3e3ac6ff7d9f944ec57bba689489dc7a0b2a65045b4236d4443294cba3f4a48b4451bbee7a379458c72df0f4eb930bfc9b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstat.exe

Filesize
581KB

MD5
7aae4a1b4fdd0c8e9a1ce0104b73f9b9

SHA1
9c36b6a8055c3818001b2278907acc3827eae419

SHA256
c6a177c7e492da24e6fcada8dece0777189fe4563e073a6b623f82a87da6d652

SHA512
04808cd48549a89cf8da869f93f3204fe9651abad1fce89caeddbfd379c37c7ca1b7e56466da76fd83ab27897dc715ecfaff831cfba429980b0f6e811d3884b0

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
696KB

MD5
869e874b100567dd2e6cb1f69880e01d

SHA1
9beb67d663f3ed08f46047b93efec65ccb9b26cc

SHA256
52ebf3a691e06cebb6b673c206fd3da0c77c1aa942d98968c4ff995db2e5c59e

SHA512
826a9104f65880e64fd47d6b5c80628f9587e5e9252c3d558a477f9613d7b3f127e72fc21fd724fe6c2bc0023d794e8045554bd6c182a7953b5a33197aaf68e7

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
f74236107aff661fc049d3f15b2346eb

SHA1
8f332ed1ed6fb5355600aeb20c9cf98e33163d4b

SHA256
690ce064bfd5d1e33a2be3db238d52bb8bbf74c48bed9bfe2c3c32ebcd1d6091

SHA512
54d07af72032f4691df2cc277e4acefb8d3b8513f9c6024544a69bc86c8be1d057fb848e9a388aca3c0c735857e7302b7824d6a791087e5904c33f8fa60f4a7e

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
302bad0c6ce6f1b0e944e554c6ead5e1

SHA1
20fba41068dae2ccea15f5dee90b2e8415a70224

SHA256
a5cc562800738f59fe42d06560c8ecc49a00e52e4fa83e333f0b185c73f15359

SHA512
ad2f2fdc0d6fed2393be75be63520d75c70bd0b01cd119a2b9e3770972ad6590db97930f94376e2a8ec6fe2bb9cb94794a86a284ec721e201c803a4c621f6eba

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
b5cbdb17918e4c40f32132b0320953a6

SHA1
eab8490b501f8be80e501cb7d689b97d0e731ed0

SHA256
4390809e1d220574a5e5c967e74c5af1cbeac791b17e9c91818cd22af94d6a87

SHA512
dc177b1e822c966a80e44f6051f8c9fe0e335717de4dfe8f8276ee48b80576c36bb9be71954063a1ed066f03070249cecebf250f5c133e91091d0b1be4d03ed7

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
9aa21efce1c30171ff466a5acfb83d55

SHA1
646648d081ccda5287c503ee618ed136c673ff5e

SHA256
941156e3c3bf1f1b3c749943c5538d005dbabbaf1442668185fc2cbb10efbcdd

SHA512
1470aa12e7a4be828b6f5e181b8053b23eb3f5fc803d2a2f4e568bc063f78ea40387c96db21139f0cff1fa1e9d36b2e032c24a5b1dd8a682ead91099086a8fed

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
10eaa8a33f7e0961534337ddc336da90

SHA1
3929dc8f50cb1e8a3c381edb6ff0be50062ad02f

SHA256
2583b83380cbe5c3dc970746424749531b2e496c99f8a6c3eb4d86d885c48748

SHA512
d7037086cfc7ebb6bad0edd674c6ed1b4ecb78a0e214e3055ec617f49542a7ce74751f1a8473f87f7895e28b6ff21d2a588cd1d85e1bf96f46cbb774cd619bea

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
f915e07be994ab2eeb09830049003aaf

SHA1
44b707204739d2e07b0beb9feccfb0763d741738

SHA256
b826f950e2431c7b0bbd736b4e549015092f491173ce11d873029d1763466407

SHA512
836baf28eb6a160576d0cf5ad7e66d71ed614e61db4d15261df1e62ae834ad6f5322836e27fb8370153807236d86d09f641139bc1ca312e7917d399895de9af9

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
76d6192031dc3eac10cf1011c5d1412b

SHA1
f7b0d57b2fdf6f5e5d7ba323a0648b230ce5189c

SHA256
c6df4ac84c97015656984f4de795671b8c7e9b9e3d8222d03f74fc9d674091ce

SHA512
5b27151cacd10fecb9ebdd02f29eb1379489aa1754a1459cd14d4ee360868d0132f65b6beab59db5e887590dceedf3ddfdd18cc65b04e2b2fb7bf34069f1ab0e

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
c9a2fb6439a29df1a60ae2f31276e921

SHA1
de7d207fb3735b6760bf07ef05c72ddfb6fc7698

SHA256
f52d7fb90b84a58811b99da8d318545dc8e8b1bc10352b2780b0d785bb08f3c9

SHA512
3f0d9993d60d7aa435f080266da9a9c8569be3e42da5aae24c36fb9a31855f3b11b3ec3b859ae5b0535969e975eca892820a96145b92e02ae700c43e0764f822

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
c6f3dacb520f678c95b20f362a998ab3

SHA1
196b194f1c6112eb90004d4c4eca25b26670edc3

SHA256
b5304dab8145695eb5e00cb313ff584b53663bbf4c6b8518eb3e8cbfbdcf99a7

SHA512
69bc61a34cd63d111300bf7a9500a7c8f2fe9e196996f5bcf833ed0f81161d89592a6303f18f701ef3de83209f6c84a5406e192270e8175a56bcd3e09cb9685b

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
dd80ab71fb8b96fb51e15f4e49cd0d9e

SHA1
eb8ff821e1f5c7412bc67fb5e6e5f4cd9f384e78

SHA256
5aace15176913a770d8af6fc0538e668e9af3dceb12bd77452389f60788c48a0

SHA512
7f3369546de4ac2d38d464b4cedaccd926d01c4ec976d71a7ec8a609a938a7d021030e760d6882adbe110aad222533942e21470e11dfbc1d50ba98908d129d09

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
f6d3e54462e5496c9cd852fa498bce74

SHA1
e41525b7cc895386d8432fefb78c449802454daa

SHA256
96aedb09c13f7aa2a036ff16630430a45a7b5e85b4f682a063f338d51ee8e2c3

SHA512
77003c662f1acb0ec3a3a700c00578f58aa0f31eb246a324f612c430970c6643e8483f979e7330183418032f535d5c44e7cf7a953dddcbcab195cac28aa05d4f

Download Submit
memory/456-94-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/456-101-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/456-158-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/456-93-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/764-0-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/764-6-0x00000000009F0000-0x0000000000A57000-memory.dmp

Filesize
412KB

Download
memory/764-7-0x00000000009F0000-0x0000000000A57000-memory.dmp

Filesize
412KB

Download
memory/764-165-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/764-1-0x00000000009F0000-0x0000000000A57000-memory.dmp

Filesize
412KB

Download
memory/764-64-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/1292-327-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/1292-130-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/1292-122-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/1476-138-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1476-332-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1476-147-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/1816-90-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/1816-79-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/1816-84-0x0000000002250000-0x00000000022B0000-memory.dmp

Filesize
384KB

Download
memory/1816-87-0x0000000002250000-0x00000000022B0000-memory.dmp

Filesize
384KB

Download
memory/1816-77-0x0000000002250000-0x00000000022B0000-memory.dmp

Filesize
384KB

Download
memory/2352-117-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/2352-108-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2352-318-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3004-92-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/3004-34-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/3004-27-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/3004-26-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/3032-57-0x0000000000C30000-0x0000000000C90000-memory.dmp

Filesize
384KB

Download
memory/3032-51-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3032-50-0x0000000000C30000-0x0000000000C90000-memory.dmp

Filesize
384KB

Download
memory/3032-121-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3452-135-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3636-150-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3636-331-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/3636-330-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3636-159-0x00000000006E0000-0x0000000000740000-memory.dmp

Filesize
384KB

Download
memory/3824-38-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3824-62-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3824-59-0x0000000000950000-0x00000000009B0000-memory.dmp

Filesize
384KB

Download
memory/3824-46-0x0000000000950000-0x00000000009B0000-memory.dmp

Filesize
384KB

Download
memory/3824-39-0x0000000000950000-0x00000000009B0000-memory.dmp

Filesize
384KB

Download
memory/4524-76-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4524-20-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/4524-13-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4524-12-0x00000000006D0000-0x0000000000730000-memory.dmp

Filesize
384KB

Download
memory/4964-72-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4964-67-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4964-65-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4964-134-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download