38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72

Analysis

max time kernel
153s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
Size

1.8MB
MD5

e4fdab34aa33167764d6e9866fcfdda6
SHA1

9f54a0aa79e01055eff842592be050c06ea03b37
SHA256

38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72
SHA512

80f7b2ec3e90881f914bccc56a8ff330c29dbd8e0fb8b28c74415aafd6f006aa2753a956e105392474c8ae048cde178cdd4c30a6fd46c771b0822ff7dc07e1ae
SSDEEP

49152:YKJ0WR7AFPyyiSruXKpk3WFDL9zxnSukQ/qoLEw:YKlBAFPydSS6W6X9lnnqo4w

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
4552	alg.exe
4828	DiagnosticsHub.StandardCollector.Service.exe
3696	fxssvc.exe
3800	elevation_service.exe
3884	elevation_service.exe
884	maintenanceservice.exe
4024	msdtc.exe
3184	OSE.EXE
5056	PerceptionSimulationService.exe
4800	perfhost.exe
4844	locator.exe
876	SensorDataService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\dllhost.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\System32\msdtc.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\system32\msiexec.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\e0a7f127b3e2edcd.bin	alg.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\locator.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\GUM4522.tmp\goopdateres_pl.dll	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4522.tmp\goopdateres_th.dll	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4522.tmp\goopdateres_fr.dll	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4522.tmp\goopdateres_mr.dll	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4522.tmp\goopdateres_nl.dll	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4522.tmp\GoogleUpdateSetup.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4522.tmp\goopdateres_vi.dll	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4522.tmp\goopdateres_ja.dll	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4522.tmp\GoogleUpdateCore.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File created	C:\Program Files (x86)\Google\Temp\GUM4522.tmp\goopdateres_ar.dll	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4828	DiagnosticsHub.StandardCollector.Service.exe
4828	DiagnosticsHub.StandardCollector.Service.exe
4828	DiagnosticsHub.StandardCollector.Service.exe
4828	DiagnosticsHub.StandardCollector.Service.exe
4828	DiagnosticsHub.StandardCollector.Service.exe
4828	DiagnosticsHub.StandardCollector.Service.exe
4828	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4452	38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
Token: SeAuditPrivilege	3696	fxssvc.exe
Token: SeDebugPrivilege	4552	alg.exe
Token: SeDebugPrivilege	4552	alg.exe
Token: SeDebugPrivilege	4552	alg.exe
Token: SeDebugPrivilege	4828	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe
"C:\Users\Admin\AppData\Local\Temp\38bb986be577e5e628ccfdcff30aacaa7596947852b8f365447b6facb3006f72.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4452

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4552

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4828

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2564

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3696

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3884

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:884

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4024

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3184

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:5056

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4800

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:4844

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3644 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:4648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
2.2MB

MD5
cb24da44e2e46e954f7bcc03b86d32ff

SHA1
c4614f77752b2296600e38d96d928058fcf66479

SHA256
6135a00e01434359bed066d209684d44724b89440910a9fcd14ccf56aa3242fa

SHA512
2a8483df76aa778b9d7b04ce80af5da6c00fab4622286f0b01180ead6bce15ad2287df9a4dcf0894776128720f0a3c5efe64ebf360e2baccb9ee5367f5c9102f

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
395db660c1bc850b17fe721625680729

SHA1
ecfa554e9c7c108d40b613ff725733e6988f05e6

SHA256
58a4215e2ef56ca21c505f5c8ce7b302c20028d5028621209f06979990a56fb8

SHA512
a28d77eb38db4998e7f78dcac1c1c6c6ab6f190f8641725741198d240185706920581a948f22dc2a1f1e7b2c2b043a20a2f9115895e318f9bd6c51fbca5b0cdb

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
ee602ef73f23f4d3ff763687eb18a318

SHA1
c320ff72315ce1928f5bb88dab00b51ec2ebc7e3

SHA256
7e79613acee6e90fc097acc98c824a315da57b1f8aa2a3960b7f42703cf5c580

SHA512
fbac5592d4f0e346d7d93ee8fc6bd4840e0e98adbbf653e1aa1fa1b73f949ad575d61fadf882f0ec40c38ad7089f2e4adb263d7a31a6261b4872fda51e6daf34

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
6e475341891b5d59c60f9fe232412be6

SHA1
ba1833b4d56f57165ebe4fc30cb241b5dab4c350

SHA256
a8fbc3971bdcedff5bb606290c60a69cd3a401952e42eeaeead333459d47584a

SHA512
76dc68314e9895c84c5fe2400d94c09ef2180e120eff227b2b9627170cec14db5a36def528b73fe08a03d3f219c7eae847fb68b4ee41d8fba8c79a4a27fddb42

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
fa81b3ee54e7b1762a1ddaeb79cf91d3

SHA1
97abfab7971fa68fb62d5d52b86a2b55714d7c8a

SHA256
78f6902089319c016b35ddb4da2e982044e1459b813ef6b640ee1ec3ba8ce8d1

SHA512
56788927e4741dd8bfe4bbf33f18d8aeedb9f3d3b57b51aa894e6418b76a8fe5db726b12b6d122367a104c1e7d6037c89d267e7a00a4e2404eed63aec91e9b49

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
ee9b0d6cbbf882af5d1d669d1601fd5e

SHA1
cd93a2433f4a085132351831fa24277a72cfdb96

SHA256
85a3b06dc387d336a97f7a2ac48f7f262c9bef5de35f8e93b93eb57b2216b780

SHA512
1e19bf7aa58007866668cb442b30e6b6ff6a02f5641e1353395417aa77c406688cf59eee7cf8d7a76ac647fd830be6c36d501d04ec1be43bdb0ce3705267d9e6

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
292aeb6477f66b3ec140392bac6849d6

SHA1
97895a1c4f220d7a2dc5b6220af5715c60273560

SHA256
b58e0f3d4c69044b243b7a2240581ae30669b150c65b18fc6de5dc2f16d38d8f

SHA512
f4a462d383936d8829a9576e4bc527254a262337023ea9ddd6adee80fa33d6d5f370ff9d895e41b43daf3415c1b77ea3022a02df7ecae86a3722c1f0f4fcd80f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
4d9f677c2a6ffe5ee30f9949c1d5f137

SHA1
5b3b4f8270012fa761b85465f097df01de7984e9

SHA256
76048dc74e1a7611e5032c57a3b3d06df733d6f1d3ae55977d0f0228172b5392

SHA512
02425f3693672c09560289747a5d7475cfd7785d01fd7375abb11e9dbb583dbd61bbe65f765f9cdb34c630b9d35e7ae984bc3b09ecf04da5a8849c959e8363ea

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
3d5e034f1bccfd537e72e36bb65de546

SHA1
2303f5d3821f9b46c673b810d650ae69238fe65d

SHA256
1e26b4b9556835e211ca16818f91432e02cf61a336e47a8b5aef702146cce18a

SHA512
31fdd0d1222e63bc9fcc22204ced930f89bf53635044f2e93883750aca9ae53e847e085ae670755d14450e421949f2ea7392ee07aebf2d5f9977d9c8573bfea9

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
cdf54f56d9d4c4ae5d17a79245ce4421

SHA1
fdb2b7cbc536880301146c639d6e04f44e1aa3cc

SHA256
a608d5c35bfc6e6db7aacb189e7909c816f7ac2bc19f15c20bda118bcf7eb8f6

SHA512
5aa88d674efee3efb1f6bcb1f5242beb8b5f04ff835ae0f70b45ef4a8e0c7262bc5df2721ca896a580c817bccf0c2ba349b84659b447ff9590dd1ce6580e0ae1

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
a175c98108e93be0fe79777dcb034386

SHA1
8afb292f5aa56cc7045a3599c87cdeecc8b098ed

SHA256
374df951719c7bbe3b791dcd5a392ce8fc5a8f26cb8d3af7515d77829a7f2523

SHA512
a1e656038e0af2f2bfeb845ee38e4aa39cab0c3becc264046ee8d5a9672df4f55a065347ef6cd5d7e2306a16106cf7bcd79190f2386a8f3f387ddff02ef44dbf

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
94422e97012bdb221cd0b2cdd943218a

SHA1
20d125a0f06d24a27b035950bc7ea54a7e9628e1

SHA256
e1a297f9c9cec9f57c1b5017eb7cbb08a621b65039ff99b4e110da2ac33d4f76

SHA512
230975a3fc6903d2661675961007439a7c1b617b2dc4dff9ed0a04aa291fb93af18657fb89121a24620070e36aae180b1a85068bf49bf687adfefa3bf07863ad

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
d9995da0c0d48839bd31a56803c1fc01

SHA1
3d309611688ca6321c05757a721ac225dfa924f0

SHA256
f0e9b05e87ca9929b3500b72dda623a99dbf40965fbfd2b709d7859ab85a8d10

SHA512
60855a1caa6fe6046a40d7562a9d6490d3c6b6e5e1c2217b914ac1e181e0b2d30e8d93536cca1276e14975c447c0671241a6f0057e1ff9c4a9d1740429707167

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.2MB

MD5
da92ce9d02221c218800c7d367554c22

SHA1
ba521c4b12973452d223de2495666e37dde9bd71

SHA256
3468af7936ccaeed6c628f2bb2c69396e3e0476fe35212280500d4d23aae81fe

SHA512
3b5f336b467310cd7aadaa9888b1da0d71e80a78fa28597ffb91d0292e76d8eab755fdda1001fd4d14cb7f82df66c8810d26ecdf4e83e7dfd28a839c2bd6a18e

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
eafa032eb93dc12616ad9d55ea6a0140

SHA1
fa5ac4d19fbeeaf1f23c271cb03dfdff1a3fd64a

SHA256
966f02860ff095cb4db8b1d68fd5144d69891b8efedc877a6c31474e12ea64f7

SHA512
c68bc501ac2805a7b77851db848df977a3e8cf19073aae0b06cd68069b474ce957bdb11953207d4cca693f9bd84627e5935320e5da6b125866f1c046b62db914

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
a21d57f734c5c3a344a62ce236563349

SHA1
9c2fd70c61054e2231fe387ca03a1ae1df5c155b

SHA256
5d4f1f8613877b90c4de7e859c353889d6905dbdc54b9e8b491d4a4755d10068

SHA512
368820dffbd751e4e344551aa438a3cfcd646bd0cfefb7877627307d907ba39f7e9a9d1e1c8dda75b8acadd2cd02e5c3a71b74c30513f3a1a8e253f653696b07

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
e393d6335d722ed3109b45b7772a6906

SHA1
d2efbda2457f67c52f7ebca67f832259314ec350

SHA256
b97c24beb186e8bd3e0a8e9896c8e48584ee9faaa769307a55b8dbb0784f523b

SHA512
c6789bf5b662d77fd6a33269cd8419ec75f578559a3ffe6f6a1e303074c3671eb7a8b3bb869556ed6eae93019d4a69a56da7c927c6fea7a8ccfa30ab330ee759

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
fdcfd2779ba3b632069460e6f2722712

SHA1
98fc59f64d8c8c1d6c38760cb944ef06fa7b2157

SHA256
c22329e2b6bd2d7f9e8d0b26d10db80ccc6b1c41acbcfdf14f130cf13426d703

SHA512
c42dfea6dfc58c6321a2e299068c4f0bf12431fec030af9e89d8b587fb0649a093ac9879a520aab9619bfae4e5749aa37ca1d54450ade1482878933853bbc9a6

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
289482b34848932fa003138fbabc4208

SHA1
9943bc2aa34e14631d8eafbddf8fe656d23f7904

SHA256
f2d3d91ed3acb77da7687d6877c305cdfdb20915d940d24c42092479efd9d080

SHA512
0212347ddeee2bd6a4cd8ad022fb94b8c83bcbcf156e2460b3cc17133b079497e5ed7744e1e003545fc316252319ac97a8ad6fb2d74a3af85214c688b89b7188

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
046b2c09cc8c7b9d81e2f83091908b73

SHA1
3a7025f9ebe7dea8d52a39402571882acfe01662

SHA256
6d22eeeea3f6bff6ad2cd0cc5765c6f5c8986085c04a400039a4125b0e0cf9de

SHA512
27b4e7e4d01fcf76c08173d5d481e2e1696a4986c91faac46be39231b09375815c656be9aeaa23ed28dbccdf29eee6d9df1ce32f50790b92b06decf8a7b6df85

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
7f68c4eabc64a783cd96f53132803680

SHA1
b71c842004f29ea5dde35ba789006cf18e7cc50d

SHA256
23c4e6a335c34118f5cb8e086dc767fc7c6c05201f70e350fb70688b00fb0119

SHA512
58130f562d8ed4774847fffb4dbbfbbb947d873f4d9d5345cc42c0b30bdfb20e056e5c368a6e98354e0c71e66905f2f0e994846b1a1ba58e80cd5fa85a0fc7ce

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
8a18b3dcb5d5e10f0cedd0897d031da2

SHA1
89ae8d52225797c8ce4b20af079155ae10961aff

SHA256
2cbf44fa09979dd3dee4006ee0fbce6b87a90f5feb5c908c907dec2c9b84dc17

SHA512
5717ff86be7d82cef41a318120b4280000620c3ad80cc99db31a2dfe64dc073b233c7277b55f7ab9633efbb83bfcf0744132bd4415b64cfd2debda23eeb4566e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
0b47f09173e4f00bc31c00e4e424b6c8

SHA1
e698c2dbc3f8aa62a0927be7b66443e3c0988953

SHA256
8134ee2939f109c3259de0f1bcab8e72bc8c1ec18230f637c0707f5493b2ddc3

SHA512
4dcbfdebe0fdbcab6da9726cb636a409106a83fbbf17e3ca8c42cbce707f98e8fc99cf430a11047915a228c82e76b375d00671172d7ff9f11f058eeab884817f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
c0aadb6d70ad933826622b6129ba2436

SHA1
6b7ce3313c9e1ff487ab9b34d6e381faa593356d

SHA256
d3d7f9d409ba6a26918e4c1324027cb007365cdb25ad02ebb9f11864385ec6d4

SHA512
39fdcc93481e40849b523769cd3fe129ef7947f1f592178000687ffabff0ce7e1299d66b6f121d987ad95c83c102b9c94af64013482ff3112eabcf565a97a096

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
ce13b96a6411733fc605f87bffa81906

SHA1
b991d5e33c820051bc23ec4b06fbae8dddf54c9a

SHA256
b70c88d0a9c013af9baefef25ebe29bb6888d2c672fd63116a1ffbffde70f9e2

SHA512
2fff1298567d24f2aec8dc4a454be5e532ab4fde8b62d2e2bc67f280f4a1872cfaeed57b617dc640ff5ef9a66a345c12d4119168b9d47c372bc4ca6ba0a37834

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
7b71bd2088cb6f64dbb17b04d2d20ba4

SHA1
528e896a4848987235133194544f3ac700f6371a

SHA256
9a720a31a84d4ca43ca3162e2066d2fb8c93c9dc2e2f4d1062892c56a7f97ce3

SHA512
d428354c9140d30a8b3aaf7008b5eb94dd493fa225cdb2106c4046e533f8dc95b019f288c4dc4cb5292ec4a5f42037d44f3cafd368a3bc5cd19b3e4c4578dbf5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
7760a0268ad4391463d40a403b8d5993

SHA1
ff8e0b8a19c2bb351d97e6c3c8a53073612df47a

SHA256
6fced82e1586341c90087162e8852871fed245031c78a2561e4ba9cbfe3a0e0d

SHA512
b9d0215692d3f51c8e5659639b1055431297fac1b8604ba941315ac45e86dc40a4efa753f900113c923d2abe62655cf19fd0480528840966ae008b08ae9a8ef5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.4MB

MD5
e9f80a0bc1b297adde8f6c92de51efdb

SHA1
8ec57a8a2cf6ac4d1021f11ef9fedae34d502d40

SHA256
196c68c05e106ea053e793a2ae24de051fc1350099f51a6366486f51009922aa

SHA512
47ab6cbf1a8bc3c67351c5948fdbefff6a8a395462b1612c96dbe9a0cc40b12c25a7ceff8a07c380c69560dca5be37df4491b6d18d62257119001eec1c0f12c8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
afcdf5a4b0ac90eb110170e9323e1de7

SHA1
649141242ec8c3599e083d5337ef0a539f276918

SHA256
1e2b72bb4fef309a7ebdff1b62026d6f2e92d38f18e4690cbf22cb661ef46cf1

SHA512
25da3d0e73ffcb6f358749fa6a0705f5518f6f8120bad1290d49f7bfe06933408daaa6b1724060b45d720f7faa0e56b1af4137799f8b2463a0454fcba1ca1d4f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
4783a15610fdc5c2964183851f5601b6

SHA1
531bc51045fc9578833b089cb14828ff5f812d44

SHA256
5c610c1e283161a0f6127277b5f936909efcbe4897175f04963b4e8bc92e8b46

SHA512
2a9636cc69e0b9b0dbc9778a815913c5daef91f80cb894b9ac0ad59db61314301d7b13516ba96ea21f735757492066a1c7fa023eb084f59d2cec549449e63dd1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
34d3db41467b532bc941263b3ca9f475

SHA1
16b736b7a9748554dd1a19d097b84fe33cb6c5dc

SHA256
45a80589820e3f9b1cfb71b9ed89e91ace0824bcb4c9c3279c792d6e2b390c77

SHA512
880bad64db6c20d67b361e3dd811ab3cb902e1a402bc92886bc930600db0e51e5afcf9d776a90b0c7fdd983d0f0655132ad54eeb2a5f671141f156ccf72f0d61

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
eec8ff9e76a1eb835031fe1873c993a7

SHA1
832316146466938a8cb931d9a5f7c3934ed77be4

SHA256
2d3754f9dc1219a37e968308d4761c8bb6c58f4845c8fcd3b168c31f1a1ae922

SHA512
364a219ac0ce2a974516b38882d741167bad598f42f8d5895c856b836e1df155ed370e16480af3a11d5e38e7605bea646221a8382aea1c76cbbfc8e3b0de2e8c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
268faa6147bae25eb6b52ad4d153733b

SHA1
bae2989f64485512fc7f9269e71e1b5aeb02ae66

SHA256
6b224abdd425a0aadc7147d91d780183162302d35e5f28868ad614e7bfe9fbf7

SHA512
27ad38ca1d3c9c58416e1e5d6568e9ce00217b668a631f26ffafc2375028ccc4ce793d308ed8e2f39440267eb34df2b0cc7024f12613dc071f1189a073d9fc6b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
691aa63cc0014bb874afd941e04f6ced

SHA1
ebc09e47f74e1d8a4db357097110ee0cd0cbfced

SHA256
91cca21670e8ad7add7cf11d8141d22c9a9e89c3f9a0ac21a6fb313fdeedf353

SHA512
399b93ad2030871024c7e39c5eb745cf366013e4c11f7b72a593f923810b61e79096b8763d2a094de96dc6591dbeaa7be2c9bb6bcb5ed832dbc9cb4c507c36b6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
2ea061fd28c2662c124b65d1a61328eb

SHA1
61cae9c417184438e48a9c7b8975b10b64a965e8

SHA256
ecf4e48677872c5828610137972dced5a6f812305521279a34c5943ee8a01d5a

SHA512
50a9e77bbfa6389a5bff36fa8298775e70c211819ffb5da90bcb087a739c575c09b127c055e39f6c7e1f35a7a2b2fd9976f5ce32c26d0f153a7764b34a81a243

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
78f182db554860c477349e50710e2d57

SHA1
f151e6bae9881b00f7bfe6c784d8808f2fd2eaa0

SHA256
94a1f0afe21ca9d918d287ae4a149474f7c0c91ddba52719ab118fd7701dcb8b

SHA512
2aded4aea01c73a264546297ea8ca9ad6fae9905768c7fa2fce6ae088b5ffe0b9920e59411742f63e84ed13ddec4f7ced567e1f838b7aafc66bac3c02b72dae5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
12755de73f4e696a2ab0cb42f850b514

SHA1
bcb6f0ec57f0b814d2c2cad701361e106f48488b

SHA256
cb1aab07eaebd705ec7e544d66fd1248c4c874503724ddf1527f1956bed7449b

SHA512
8853095095280f0f6126b771d962ba9cc6c4c76f7b17562ee740f7ed97ca87696e26dfb41daf0b7b409295ca38bc0065c6582b61a6b689a53571396f1db4334b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
ead3674b004c63ea3a1db808bfda8aba

SHA1
fdc01765f00a6229033cd54ff3c2e0757c60063a

SHA256
8b596d1614931ada56baaf4a7cdc9f5d2723b320589071a2e28e33796b13905c

SHA512
446ce004a5b114853ea7dc9f15ee7ff9235a45c93c1e2a441f7fce771e2d79a97c78362492130c63e9656039e496460e8e3e50f34a6b221e500245c1fe4bfa6a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
441c8881d705b6ffa21cd878cf4964be

SHA1
459615c40a47768e0317c6ab6f178962d4dcecc6

SHA256
961aa67230eaf90bb1eb1d2b4dd8b325be6483faa9fd71f8d16de8a9f375c9ec

SHA512
bee56cb6baaf94cf4e7f5980e6644249fed3f4a8c895aa5d67f44aa090b104d1abd0696c032bb91d25733dc0990f777f41db8a856be486a67eab6f2364cef6c0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
6583c1b6aa663762c3bc81c89fa8db20

SHA1
ab6f9e730ac356dbd679426ab6a6ce2c95847056

SHA256
15ce47e96a16faafc9cf7eaa471c02f67cddb3ce82432fd4da7d0a3946db3594

SHA512
e931094de95949664260418da76c38d7ca1c8868c2f97631b275579b2efe4b59bcde13e19fc2e7bb57f1ed2e3fcbd34016b2b0c109a5a79a64df7c5be0f20f10

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
bb354449af50ba4f560c04e890c8b311

SHA1
690e6ddd9bc6fc6ee825ae3106071461326d8cf1

SHA256
63315a8aa2aefacc6f679699caba1d66ee1971091680f6ab75b0935edf7bf8c4

SHA512
c5f27ef5d4363be317002e7eb449032953258c1770f1f14f32052e83bbcfccc83ca5a587ad7c3898936d91ef933946f58c96201e349fdc9ac03b58be74959877

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
bad5e011e89ddd3f985d7047098c195f

SHA1
c912b5bc2131c217c9ec97883bf6fffc1bdd6c3c

SHA256
d6b2b1838400b9ff751ec1f8bc374e447347e6aec81d34ff7f3079a2b647e488

SHA512
f494ff4dfb940ac9d591226a1848dcd3ca20f831f82be09f7c0e540ca6486f11c09c92ab75021d787cbb92d87e2477807403529833d1a7b2d95ac405117d69f1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.2MB

MD5
2b99270ed47794d85692570b1666f302

SHA1
bd78a3db512a7f21d1b07f5bf825130a8623df5b

SHA256
0e91c54dfc2b6b465bdd1772fe36e8c76fac15f1a5cc66391d1454c4df7aee1a

SHA512
3cf342a400f35ee9630f89bd362c554eea64a9af74ee8ce39fc8a69d3935322f0cae28b6712f309da2bafb41e9e50e168dbed3786adb8c2de0ab01ddf9e17979

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
1.2MB

MD5
c5bdb0f7d54ccfdb819db61153d2ef20

SHA1
13049c64b469db4fc338f89c65689b604b55bff0

SHA256
f7a670438c310a44b575f2230137e2b2a6a3cad7cca13a466e17bdc2c7da727c

SHA512
53e58738b85375e16d276300e2b86aa70a4ab0ad2c3ba4e393e8543d5db33ed2dc095331661ee0352d214283993b27bc0e1ef5aac5f873be85aa9097e10c0b95

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
1.2MB

MD5
ac14226b2b6fd63d88d2a925e8787129

SHA1
cfb3f343dedd41243df6f31e46ec302ca22a30af

SHA256
93d4c8cb9736e5fa0bb70bf36bd5d27f2bb4bd620fae914fec70a0b3910b6e8f

SHA512
c8e9da1d0ca9bdb28f7a62764ddad4a7598c676d7e1856966c70edf1e6bd58f9911cba7006d4f279437aebe96f4f8aa7c50f56c5613dcdfc7bb6499e2e5aa5b2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
1.2MB

MD5
f54bcccca64caad21764aa6a94069459

SHA1
e6d944dae7a9ea84d1521ec576e132376ad59199

SHA256
d983d79654420bebda5376f447b21fe2add80c0dd254b49b5672cd2bf542c6b3

SHA512
dca3e4594527019607ec1aed24e0c9112fed4f631dee8b89c4689b7b18f8a811d6b4f75306c1f11d742d95a6ccad61934805fe76498a1be25934734305390ce7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
1.2MB

MD5
bdc469e9559addf6dd352f031b2af009

SHA1
f8143ef121ac3f31e060980036d214c398738d3a

SHA256
0ca7b5cd7c1261e3c89a02d1569c4220e62eb04b0804e1f8e578904e74a4eafb

SHA512
702a385c2c2cdf09411d238b56f213d72c2ef0437717bd8077e9d400196df90989a365e84603d6f0c952e36b713b29fa6c5ca27b50e8799a6b14d68dfcc2764a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
1.2MB

MD5
fbdeb692bd1de5c71f23802be872bd38

SHA1
3840b174c54904824033e48f61897152525e3c91

SHA256
3b874e9be7756b72e53bbce8a63531485648dd671ae1d315365d82173c622ab3

SHA512
0267a8e1cc2b286727537e7d3903710ed48a427e923f75b1d5555d9c24c7ec666022b41994b77c15b72f7117092e5a46896b32246ea51abe9cb332e9f46dc0e1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstat.exe

Filesize
1.2MB

MD5
88a6942a56f7cd705492389cd3e36ed7

SHA1
78147aa0bf4608fdf710781a002334ce950ebfbd

SHA256
16e89cd407dd99f3c8c1679b9182ef2823b540d01d9c249a6dd50c64c776e8bb

SHA512
779caeac45ea8c1dbef2b9868053be02f7d88f10f80ffb9d8530297c98737b517521cef8ca3325860d424ddc47b4a1576a1427482e8805839700e6c31d336f79

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
fec155e62b3e809f05f436b60b302d89

SHA1
6123417ee8ae1513adc4ec4862caf13d6b752cb9

SHA256
59bbeb53b44ad48475bb433537c95c4fac356bbac9b5b79c9d281ce19ececb7d

SHA512
10558a16ffa7bffffa1d6bb925f8967ed205f0e4ce113cf9a992ab47c90323d9c9e1d0102f3cb4fe2d8db5c5a40f03c8053eb469fa211bc14ab810d59ca094e4

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
327d7b68fd81cf7dfcb2f8fd7e6adbb2

SHA1
b7eef2054c9bee5a3c2a84ca52e3807c185ea824

SHA256
e526e8636f45fc9e501cdf3d55afc5682757f1fca3e980edbfe56bca75dac623

SHA512
4660c7cb56592c725b4f0f7fdb47338f8effd11dfa112ca2e40fcdf5b31765714a797fc2176b0059c7e8b7da4c1070a637fd910974729a34529fdbe9cd62beb6

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.2MB

MD5
78cca5395eee14f0330b643ded1336fd

SHA1
6d30b032da8358c4d2a2caa113f97b8f38bc6dac

SHA256
12a6c9215d28d24936fd9b778d8f163d967c9ce47b4e293bc3dc11ec734fc5d1

SHA512
e2b3a2b068a4815319d6281f0687ba6a2d4dfa2bba02577619df4781a8534834e8f840cdfa923a5cbee9a8713d22730a0879ed089211e11a272847330e7c7041

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
76721a932bef505bb62ca7a3ad83fa09

SHA1
2bbc1f80b84f1143fb9fae89a3392bb21601fa00

SHA256
e56dab08d5d660c0e67993aa9622ae0bf1df1c5eb50ff2c46bcc6ba97530334b

SHA512
9d1c771efb74635a2674c0e802631b6000ffddd126a777dd1a390328f6f285ee5caa6a0806d4b93626229805e905854dce2e4d81e4d5232cd322f54f4ab33fa3

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
1a0431ea8eae41af6122d1a8534f4c7c

SHA1
a724c8d1568f52896055d1f7a01a9aa3362dcf4b

SHA256
f2afb9bc429c061e3b076cde6a6b471c705e42e4cbd2c23c06ce408175c67354

SHA512
6360aee78689a17c8217d06ebfb908b8e1ec42260907ce56e774fad5e9ab53c0df6822374d6b636f523152c93bf33a05156fa72e4ac999455c571ae495a9e95f

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.2MB

MD5
f2b3ef8c21e3296467ccd440f9748517

SHA1
557cbff1f5d7311f33fa72bda94cd8c496839c36

SHA256
35f2c59a60e50408c3e92648de52635470b8a6253b0fc1f5ea4d7927771ca137

SHA512
62cb0a2090f9a4ec97ad481f185772acd3bf8cec08f18ef3822851d154780cfd4049e374ef9201880e71ef2b8a738ba4d4fa1968cf25ad1ffe77f056974748cc

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
b989927300ef76d732809e692df95216

SHA1
ac7bb8b254f04a17e44c30f155f1d93f3d17b626

SHA256
cc9bde32dcef5aeff7a7ad09705679c1d570f7638d6a25c3b590480da93057dd

SHA512
ae6ae628d6e86adb012c808c548948524c3eb01e377787e21e751740de7c1c8444eb5b7bfb91d5fb20276225c9bf56024e98f3b8dce974839d916867018c0f47

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.2MB

MD5
258edab86fbbd8e30032bf6750c7bcdf

SHA1
0fd990f0e6d915eec18ec61d882cde2eb79f0528

SHA256
a714403c4f23857db5ebd9151cdff2071e35e17328ea2065796478b71a3ab75c

SHA512
2a415515ac9268189f214ab1fe2da5622cd3de43998aad110e69f31225a9b679c1a0f566dfb9b303b3448401dfda3d58aa9a64751bd206cb829c3f67e222253e

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
890d4a410d41b8a1bad20ff075ed086d

SHA1
59450657f19b793dd6b7a5c806728d6e267a4359

SHA256
9bb1473d9f1c5590d4d42a53cf7c547250c7d8ceed672e5587b8a62a76d78a67

SHA512
8f73f2a9608aea8cfa41e24ab441b60135859d6091873f47d0c9ed77606396a1364521fce167232ee53dcb7a9b699ba3aa0b8527047c809f66b7addf956ab3c5

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
b4fcf0a4539429af423d2efecfdb4717

SHA1
e2e567616cc120f2afc38f6ebe869f7c7c82a362

SHA256
c5fbd22cf417db71908c67e4bee3c01fe6343209f13f3ec56b062cb4d41a2e7a

SHA512
23048a7754a98c682d8b93694e5d62a0cfd19b10b0f38fb6adfa8bcab8dc4cae31174c081da6ce33ed5ce42539149481e11f33566397f5acc5fc3c484c856dbb

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
94a103922e0a6ee5c1e82be3617a66eb

SHA1
f5195486b4f3ef8f305c90961fd83768b3359410

SHA256
91c4ab061944ba201ddd6c5fe3405583442c8db34ac81fb7d37930cb6f5e517e

SHA512
ec8bbedc0f193691a251373ae989c5088707cbe290af7f4f1b32e5ac68d036e16ae592321991061290892210a0fe7b1e26f2eca4b955fdc001194a646edeb433

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
90513aa1cd12310e4543982038153cf1

SHA1
9fbd93f8ace73af1f2cde48bd0369e156b5de0c0

SHA256
f9c35eb975a0d14a7601fc598fd09edb986e3fe3042c239e0ca451f6687209c4

SHA512
9d93890bcc6618aca4ff8fa9e595c53cbf60ca1775e00541a95403bfb8411a9c5cd341836fd05f99bf72e041280df35e7c951aad6ea44cfc0e935cf8d1fb30ab

Download Submit
memory/876-424-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/876-286-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/884-147-0x0000000000C10000-0x0000000000C70000-memory.dmp

Filesize
384KB

Download
memory/884-153-0x0000000140000000-0x0000000140161000-memory.dmp

Filesize
1.4MB

Download
memory/884-151-0x0000000000C10000-0x0000000000C70000-memory.dmp

Filesize
384KB

Download
memory/884-141-0x0000000000C10000-0x0000000000C70000-memory.dmp

Filesize
384KB

Download
memory/884-149-0x0000000140000000-0x0000000140161000-memory.dmp

Filesize
1.4MB

Download
memory/3184-177-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/3184-442-0x0000000140000000-0x0000000140166000-memory.dmp

Filesize
1.4MB

Download
memory/3696-117-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3696-115-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/3696-112-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/3696-106-0x0000000000540000-0x00000000005A0000-memory.dmp

Filesize
384KB

Download
memory/3696-105-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3800-351-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3800-119-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3800-120-0x0000000000D60000-0x0000000000DC0000-memory.dmp

Filesize
384KB

Download
memory/3800-126-0x0000000000D60000-0x0000000000DC0000-memory.dmp

Filesize
384KB

Download
memory/3884-399-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/3884-136-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/3884-138-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/3884-130-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/4024-157-0x00000000007E0000-0x0000000000840000-memory.dmp

Filesize
384KB

Download
memory/4024-432-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/4024-156-0x0000000140000000-0x0000000140150000-memory.dmp

Filesize
1.3MB

Download
memory/4452-0-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4452-7-0x0000000000A70000-0x0000000000AD6000-memory.dmp

Filesize
408KB

Download
memory/4452-6-0x0000000000A70000-0x0000000000AD6000-memory.dmp

Filesize
408KB

Download
memory/4452-301-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4452-1-0x0000000000A70000-0x0000000000AD6000-memory.dmp

Filesize
408KB

Download
memory/4452-104-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/4552-168-0x0000000140000000-0x0000000140141000-memory.dmp

Filesize
1.3MB

Download
memory/4552-12-0x0000000140000000-0x0000000140141000-memory.dmp

Filesize
1.3MB

Download
memory/4552-19-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/4552-13-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/4800-195-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4800-444-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4828-32-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/4828-25-0x0000000140000000-0x0000000140140000-memory.dmp

Filesize
1.2MB

Download
memory/4828-26-0x0000000000680000-0x00000000006E0000-memory.dmp

Filesize
384KB

Download
memory/4828-194-0x0000000140000000-0x0000000140140000-memory.dmp

Filesize
1.2MB

Download
memory/4844-445-0x0000000140000000-0x000000014012C000-memory.dmp

Filesize
1.2MB

Download
memory/4844-205-0x0000000140000000-0x000000014012C000-memory.dmp

Filesize
1.2MB

Download
memory/5056-183-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download
memory/5056-443-0x0000000140000000-0x0000000140142000-memory.dmp

Filesize
1.3MB

Download