03ce0c295e5e5bd84317dab8011cc6dbc6d448e977ff19c618189b7df1fd1f57

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
Size

1.5MB
MD5

017b7aa1cbcfc16a59a0b2cae5eca23b
SHA1

3cd4daa29dd5a213405d862bcadb0dc854aea740
SHA256

03ce0c295e5e5bd84317dab8011cc6dbc6d448e977ff19c618189b7df1fd1f57
SHA512

e283a8c10c121752ee2b5bbfa4a020afe0887c44b583f12b148d256f3d3f68865542d35fc8fdc9f9516f4192dfb2394817da5191fc3e05ac49ecb72b3ab736f1
SSDEEP

24576:i/sgEgxwEsYLsqjnhMgeiCl7G0nehbGZpbD:Ss+CEsgDmg27RnWGj

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
3036	alg.exe
2280	DiagnosticsHub.StandardCollector.Service.exe
1828	fxssvc.exe
4776	elevation_service.exe
2256	elevation_service.exe
4056	maintenanceservice.exe
5032	msdtc.exe
896	OSE.EXE
5084	PerceptionSimulationService.exe
4304	perfhost.exe
3088	locator.exe
3240	SensorDataService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWow64\perfhost.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\4d6a11b84ba38143.bin	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\System32\msdtc.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\system32\locator.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_108875\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_108875\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_108875\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2280	DiagnosticsHub.StandardCollector.Service.exe
2280	DiagnosticsHub.StandardCollector.Service.exe
2280	DiagnosticsHub.StandardCollector.Service.exe
2280	DiagnosticsHub.StandardCollector.Service.exe
2280	DiagnosticsHub.StandardCollector.Service.exe
2280	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3108	2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
Token: SeAuditPrivilege	1828	fxssvc.exe
Token: SeDebugPrivilege	3036	alg.exe
Token: SeDebugPrivilege	3036	alg.exe
Token: SeDebugPrivilege	3036	alg.exe
Token: SeDebugPrivilege	2280	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-25_017b7aa1cbcfc16a59a0b2cae5eca23b_ryuk.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3108

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3036

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2280

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3692

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1828

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2256

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4056

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:5032

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:896

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:5084

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4304

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3088

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:3240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
d5fc4ccb07365ed4f8d84c4f6d8b2bb0

SHA1
32de352e7a9ae6ef70a110bd7b8d7ccd2e7ae9a7

SHA256
aa0ea344cf0a6257888eabcef7b7829529c063e718268dddee273f6bcd13bfda

SHA512
f7ee45e8740fbb90b397b1c78998edb7993a62c8282748646411ab5e7c074036eff82823e0e85359ca8e643eb32c2456973b070c8e3eaca3e0e058e5fc4c6c43

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
830d8965c64b1d31f5032c538419c267

SHA1
c6ed190525fc4fd5c96797731f7ef59dde5634a8

SHA256
8d70ab2ef7e32c424623fd593cc2ae481fca61291e26003ad076bd80b4487981

SHA512
a70e86f477289d59380253b78322444fbbfd5b602fe0c861ae2f152822ed0a394a5303437044be12d6fa36a691bd87bc3b8f6a1b87d3c3c10099580de7b2bb2e

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.7MB

MD5
c0e2742e9aa76632cd678d18e1b615b4

SHA1
ec8f5de00751f0ba6286c98e33d65cf59f79693a

SHA256
fb06dddeddd5d473849f4e6adfcbcb734ac15d6e9a1e976c194999fd6a48a5fc

SHA512
4f2a7efb65a526468076ae1a0360f837e6b10fe02a8a403ba379dc4524ed96c69845ef80ee58adbe68eeb287eadb2c3c589f650823e27cca3d5560267f948afb

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
da6ef03cecc390ebe331b7a9cf3a5ec8

SHA1
b362abb311358c1d5456127fcab4fca800496f53

SHA256
287de7dc5df796192632d993ef08115662701d4a8869eb742121afb0aeeefec7

SHA512
a88550ec4f12fbfc5ab4a80aaf0eec8f65f7f14577bbb9d601a0bec287e1540b776ebbdc9861a36d4202e94f38e6c32b12186ccbadbf6b4f4224c74a7a6d6e3f

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
054d9fce2710c9ea7b6322f066973a52

SHA1
c2db7c07419667fb9858b16da6ca6b7d3a7f8420

SHA256
cc7daddc4266f53aacd6f01e04f4ad68642305dcb0b921ebfb82632b8f5ac337

SHA512
3717fb5297e8d223dfd61113fda8c08192efca47963043f9616ae74fd70d2224879fa85ecaa6cdc410cde0ab901994d33d75815ad280656cc85625c437b5c73e

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.2MB

MD5
73c7becc92f77ea2658ae6dc2d95980b

SHA1
8cf96b4987517d6874c3897732dbf24edd4b7591

SHA256
2b16123f56f720da62ffd44de33b2bfa63eccbc935ffa287a98275afcaf95b2e

SHA512
04e4a0d6a122cc0cf83ca3bc5a553ff9e28b7817d1509546ab57e1e21ac92800fdc0beae8fc168e430e6844e8d443ab9e722ee094b55526e799f8819249d79a4

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.4MB

MD5
26c6368452636652c8930d7ba6a08842

SHA1
1b1968c2a7eea063074d58157941615e156339cd

SHA256
b77ca75c777ae80bbc23690219773b47d7a41153af5b8bcd27cae9378b13ddbf

SHA512
9ab4ebd526bc6cee41ec03896a71cfef770da6548696051eb6560a8baf6499ff50303cf94c479fa814364140ac15307e56efce9efbb6aaf17577b992bb19497c

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
01b9f466209fc983e9e7b5e420d5dbdf

SHA1
62b982c957bdf4b3f6c4bf1a5057c350efd50868

SHA256
0bab2605ed5dea1dd6ba6a381de519c7c65447f6546b77ae62c26c332ee7d9f8

SHA512
5d45e8e32d3beda084ef700ca5d710870b005c5ef1157f4c4ceded9f73fcb83c9e88a5371787b2a9042f4050949573b5542fd9f29bf6eb15bc248205c748c042

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.5MB

MD5
aa661e5b17296e88a08d7fb095f0da5f

SHA1
f55dee977a4a67e82e3b7cc06bd26871788df474

SHA256
5f606c433e80b26c02c225d51f5f9f07f13a4bab14a321f80fb2ce24aa74fa86

SHA512
8d42027a7281cb82ac22cdeb4a6b29bc0d17fd4d22869f8062a252bf30c03669c70ce4ee2c8a6cf104de74d2d54d3160a5cf6be8631e065ebc294e8641b4d00f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
4981e17cd4ac6c8c9b1d727d2098fbae

SHA1
35efecd6642dd87cd9955f47907b7f38299a6b61

SHA256
d8ecc514eef647313d5511225ab49b0261999ba23bb2ffce46f049d0aca3a770

SHA512
209545646be898cd5dbea761f6fcb764b0ef18218a20431b3c98e134f28118cc2964514fe3db16179c2a5bd10154a0e989722637a256bab42d9984dff4c9514b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
f6ca20bd142a90132530fa46426be21b

SHA1
b836bdcfe8198bf2f712eb470e728fb79b4c8815

SHA256
9b1e1b4dce0d8091f5f81b663035d2dee62adfdc9e0cc08192e715c660a79265

SHA512
6204d2978b1dec2993fa7180969ad6168fc12f549bf40b452a1a1b66176d6b45373124b1e7e1657e234f45cdb0781865ac7dfd88f858175bb9121652bb491071

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
3f66ded6cbaf3a7dce219182989bf9fe

SHA1
cc62d31f4530373275b52212edcc0c57e1cfd6ba

SHA256
17d1957a4d8807b672182d0935420bd4a7d9b92f861efb83c6535276fb319251

SHA512
bdea41d75fef7597d40ce43fa6b6b8e0eb56cd1eecaa5b7fadbdef6520945fd6437a23f6c2b2bfdb8b6d6af9257295109660cb48d979c44352277d90123f3ba1

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
140324d9278aeeaf8e6e901679ce9b9e

SHA1
0f70f1fb044c1bb14d3df94f98c25d6085a17dfb

SHA256
bd0d725d7b97b0b59c55c268c1ad1a3ee8ea714540bf5839b08cfd4475deb8ab

SHA512
c5bf9e25d9ac1c33ceaef027c4ea10352d1ce326a4a519db1a8aa36523e3a2624a8604eef5bdf630bc3cc8c87df5153cdd17bb191740ea5cf504b47f889b88cc

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.3MB

MD5
f0a665a54e10163a45e45de8fb98a46e

SHA1
48bd81f89eaebf24bc6e47259a8bd9ba0101a160

SHA256
b30b08361c0927cb7619ef59cb0f19bb9aa18a61a4e030a0227c7e40017dee95

SHA512
d362768579771098e0d987bdd08510113d6cdf29c87f70e253a8e711d7ecb6ff6937c9e43379051b56824504ba8444ff5bc13f447b3f77918b981baeef1865c4

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
1d04414d32784acaa1a37841db4290ee

SHA1
0e9cd75f9738f9a9e567ca885b3e6803b6f717f6

SHA256
6872c69d8b9ff96b555286854d2f1216c39f5df0214822bd4f730d453800be47

SHA512
683ec859269174f2eac2cb17da34e1a8f5ef60ff3c39a4f229d6ec60c1bd36dfa52d690c238c29d60e38abca12829d181dfe42a80f1f403f04bc3c86a4498d97

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
0d5d4d96f32db93ade5db8c9f5230ea0

SHA1
847c06dc5f7d35a70292cbc4194411e0fb834547

SHA256
019107889f74ce5d5fc885865271283ae3eecf4e41702d1662ca98c28cabafe2

SHA512
9bc4426d317f2fdd0c0678bdd9d1be2c9aba1fb64eadfa09c74c3d1d4aeeaf7d87fcc2fca3aa0ba16b02dafa13a5aaf0eb20be3ac87b320b5ee65c21574c5529

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
8ee56cf0de627aa40303bc5a4cc886af

SHA1
09a3eeb63acb17df2ab23b3f4951336d7dd72f20

SHA256
07504ae8476a57118923d2ae0f5d9ce181c908197897ec82c7d91716d67ae39d

SHA512
3e983e2b5329cabf493dd265e067b1a2b213724565ac0fbee34c1645e95f926210e9a92c824ac0284adde4e84ccbe51f1f5bd577a6eadf7ffe2cb4324edc6925

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
56d27a1e82d586ca2870961a62f3fac7

SHA1
c988bbf96bc43d8d1f17b1efa7093dc47d24df17

SHA256
1529375d3200db9b623f4c3fc876fef507b23d89faa47f40285bb250f2217017

SHA512
fcdd2caa1e6a1e6716c847f12d5cf186ab45186e6263a3a588d63ebe34c3f03701ea02e25da976902ce97e9004d7b11d9afcb6c09f33b43de7deb1ba7c5bf3f7

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
1605ab95526ed20cd90026710a17bd61

SHA1
230cf61287a604ca5a8cfdff0bd8cf4dce49ad3f

SHA256
396b153802e4c446b959dd3f7d166a48f3fef6250a7d8f400f516c1984e56454

SHA512
9459ac92165b4fabe1bf31410616ec8871bbf8b4743dc4079b05372ebe1d1df3ab4f30729b5e2d1e44424d15de3c830560b3f09f0d2da180bf6282f00776c235

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
c749b7ceb7c96674b3b5436ef70e26a7

SHA1
c831cbca852c428f44c84c05a94ef51b24b5f76c

SHA256
63e40c4988bf9940ee0e7030f8f875ae13b2dfcbd27a5d5596082db32f852288

SHA512
fb9520eb415f1132b5514f2ce52bbbdca538fb27d721b59920d41cf6e38b3babe9e36cce16b3d28e888c9d0a35b8b602be64c28bdd9ebe757e0e31480b6673d4

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.2MB

MD5
afa81cae87645d001a70fe0c65ecb14c

SHA1
de3bb9f77c6ec49fc15ef798cbde91a9625cb861

SHA256
4452a8bf9421fe92a4de8bc04448166a13c3bee9af3416b5be8ca8e8bb8131d0

SHA512
5a3f080c2d411866849848bce55314f2a04c35e38ef4df9d3e95049f57570323b7f1e0659e0b7f59618d79f70a3aa1d6800bb7418966e4c7f376420a38a643d6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.2MB

MD5
2b335419f6d874f13d56d764cabb63e7

SHA1
bdb768852df43892470465bba1b4d376acba9fc9

SHA256
3909e22560efa7eefd146d83c1347cec0f95e269f719fff3f38f69427ea1528d

SHA512
ec555ff57d843fcf0f233260ade299a5a554a1c9e247cb884bf5635847f1e380fc797dd2e63c0b5096b0fa9592873bef64d83421e5a035746e1837909f128d42

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.2MB

MD5
4138af69476d53416b0912d43fbc5e05

SHA1
f203ffc48fc00cead54c45b8bcd8f6d8aa7af60b

SHA256
b170421f8e5a0d86e3bbba998af1fda58b95c228994237cfdd5efb1102d26c19

SHA512
20471ddf6f5c189ca3745bc88ea5761ba816ac5a3553b869fce63079be9b6817f6f3a30d086f457a2634418d994e27eb60b56df608e6cdf30f71a31568d3505c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.2MB

MD5
45503ff79605299e69a32ff8e24d4e46

SHA1
5bd670a7d56d7fb805ef8d51b969d9b48766ac16

SHA256
e8e0731fb65b93656775326494ba2ad88b29d7896080468dcf1a50475d053491

SHA512
b75bb3a25d7342773c88ba16c1b80dec9954362b7c92379ecca6964cb28c7cf5261217d0cfe40e987ec0aba3eedac7c87fe122486f51dc3959deb3a4720e9f16

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.2MB

MD5
2c8773d81cb74189bcaacd95cebf553b

SHA1
c3960ac03cc301bed85b51905d96dc02c34df3f1

SHA256
394ec26b975befde59ee1e200563d8a47bde19390abf15d73b135295ba72bf3e

SHA512
7c8544a2d14305048d1cb54b7e8b5bdb681117390136ec6a1e0d5b2d85030e86dd531e30e12e4f88ace8f27dd64f860cf5d67747e79e7f2828b7c219f0fdaf32

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.2MB

MD5
39a88c4f72ef0379eb8d1a60aefc0745

SHA1
3b4f7b3d1784701588f884b333c008e72da7ecb3

SHA256
38419f7a372f2a13d94aaa95923c21e0b3e6236cc8e8c5ef5b132c829bc02e2e

SHA512
b9071a81cdc9a59fa31520647c03ce2bc0ac86bee76b5e37550be4389686358a8cd0a1474a9c771787096b760642925baa90d9b29bd05ab9bab1a7868c5a70b9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.2MB

MD5
7ebb5665d789e2359451e302c13a6589

SHA1
b5ec45d5ad6c94a7927e413a908c2c248d85b240

SHA256
1953fee7cfcaf3df330421e24c9a4c695347799af2876828bae222c725daf95e

SHA512
a94dcceff482b83b36bd8cec004b8e4ba890c3b60ed334da138ebe47e6474de05c4ebf90ac85ebd28bf49919d727608d14e16e7da9a9da58eda82d507ed2dc93

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.4MB

MD5
7cedf028135e295355a08e269bb60440

SHA1
daa48aa340851c933de9f6661ebe7aa60736e329

SHA256
271fceeaee555b75e676b8d2b23f35dc574b80671c7fa9f76a9dd831e627e40c

SHA512
21eee312ffaae398e7da8323b04bdd818c921298728b9d65696ac5ad4d01efdae989bd5f13daff0023304482c0230d30d017ee248ac28f0701d8284230ceb4bf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.2MB

MD5
75ade1b20cea86ab2c79cd617499e010

SHA1
9444656d0fcbdf60711beb8e523dd60b8444509c

SHA256
e947c8e4017574ebd2ea23fc1e34ae9d94aaa7eae1f6f4b77fe96fb488a49a48

SHA512
099361467d89d12c950f5196cf81d40f201d621e6db1eff5c8c36fabfc8737ccb5353e569e3c19725601913ea35f14f236045dec10cab297afa45e9a99643483

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.2MB

MD5
4fbe25cef14708ae9284d811d5e12132

SHA1
b5b5535a6324dc4eceecc0628f56d461bc72bf16

SHA256
1ace03884020a6b95bdf5897e99424cc1687dce1157a4d36182f3f61a0a34c8f

SHA512
4dabb6f5502864be0387f8c0c867df30d8151da4b3c8db78d540f4e13448712ffc32d36810f035cab0f25242126a781c4e608143e410239de879825afb97f6b0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.3MB

MD5
9da4971c6255d0ec6fb59a478da0ec23

SHA1
7e881f46be1c45fda331f1aa6f144a2ce8f4c029

SHA256
3fcd993a4c65bb27f8b800babc6ada2f480eaf745380005053cac83b60442a4d

SHA512
ad374227b7a35f53c144bdb525c041adec52a109ba3d56a863819b925a9c088605da590bae4cd0c209d6da22ddf463e6017c329ccab73ae6c9fa987ab14c24ac

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.2MB

MD5
225c72a76049ba619e5b895aeb4b5114

SHA1
7e2fd2cfb166adee12eaaaefa4ba6441c661bfe6

SHA256
d2d130fa6482e0f013cc302e5fa94e284d86822cee34949b1c0473c8bbca0e08

SHA512
fd80fb4806571faf78e32ffc282f4b0a829082ca7e16b27562195ad69b9fb155b9585e2eef9e60092db09e05f7380e70719f1f1363f3889c7cd33183244fc874

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.2MB

MD5
a6c8fb96c95762d7fc41768bb82ed5a4

SHA1
225beab4fae0d2cde92f48a167f005bec61bc019

SHA256
2749b1d3891aacda9f6744208e79e63145b411874bfa5c3e0feadfc8279f3c80

SHA512
00c80ce67b13579c6813ae8dcb83c01c8c289929747cba1174f474087a920de8343b273a732466148bdf66a091af427bd70d3b7e1c874be9a0e1778401385d17

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.3MB

MD5
21f10878b8eaf29add25bf90e5a024fc

SHA1
5a94c9679407b8da8d6edc986f79b6546da739ed

SHA256
1ef5c6ba6dec6d49c685bd4a93450ae17d3f0a5dfa9e51b313de090a10bfa681

SHA512
e101ae01a963cdfde52a8dc6e44719e8f7e250fa99364bad9208d81e8275a28352f79b5df774ddfa56a05dcd5779c7a7f20e1417febe98b2e2417563d6e4462c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.4MB

MD5
f92b814994895728cf8930a3810b7c26

SHA1
03bbf398c8dbb80a3e411b09e423992443f3e3ae

SHA256
94f5051723b7f21915be01e493a5184959946ae5d012d80bd1cf3adb9684e3f7

SHA512
9a93b79bb61d8c866f74d96baec5e7303dd4f7425307f8a537ec99efee7e08347d29749aec0dab8a543329eed48bfd7aa12ebb7363ab0456d6c3e832effae57e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.6MB

MD5
25f5b91478c3a04abb274506391532b6

SHA1
78bdc825b61f9fe59888a8968716d43278c49a10

SHA256
a032081f56614362e7ecd95f730cd0cace213ebb4ebbc6ec3f769a10d97b4394

SHA512
a6ed8f7cdf43983a53aefb6910ac0c515dccfb8059ae8d049d0e3672fd17f99501941d61a7685c79b007aef5a11f62de3704b268bf8034c22d3f75a14b119853

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.2MB

MD5
3ec1f01e1c5d52a5681911b0a4fa3d5e

SHA1
163bd0e62ca4aee366eceb79e39b56c20235012a

SHA256
236887a52afa65749ec99dfe69e3fab8639735385fa45cb9989a01198196cb9a

SHA512
53414d3703ed7cefc98c6b7877e0793f6b95312412d2eb80ef52b2fe159d818e7760c2c7745ce55a1e25848f7d43586ee398fa50d90b89996b22fe9bf0b88281

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
f870be79abc79ced7d36d4844e694a05

SHA1
e4104e90bdd118cb7687d67ab8dfdf0833f90434

SHA256
c7f5c5108de808712283e77afc9e008e064fc1210c4292c79247d4c4c8e63c7b

SHA512
9bbceb386b4a073d66cad7e9c3c1456e0436aa2823a5abac0678efeb5958f5ad36aa0b3b15ea18f61ad70c5e0647db8c7daec3ad38e960dc6e05d8b3076771e5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.2MB

MD5
76a4972ff86fa512f9fff6b6cc5053c3

SHA1
6c298c0c5b78a2bbfc2f6cd86906bcf584600b88

SHA256
5a4e5514e3aa28d6f437296f0b2c50bce7345d402061473263131a66170589a8

SHA512
4ba86687049781b17f4d67df2f6bf278e8007bab3ddc40251238441479021c33ee89f8695764030b9e7e6286ba3f17826b959a3f69dae82b4f3ace3fa12bb799

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.2MB

MD5
2a7551b0d9c1adb3e2628def494066cc

SHA1
309b05878e6a7fa79499c731597c9556ae1794af

SHA256
16535e481897481d133dfd78ecdf9e9831995e12bff6ff055a377539db9c91a2

SHA512
d93e7858147167821a5532e0944de2623e08872a376b74518d41ea4a5c2d6b8b936f747f01fecee7ff0af8007968c972dcceaf0df28c954b6e6b4fe16193da86

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
1.2MB

MD5
defdd3d01cf45df09f7a140501c1810e

SHA1
2af9d2b765153feff879150b818d706f2438c101

SHA256
1c57f3c82ad1f223233c6e129d69634b727df2c1b2df419edc49a62f50631f29

SHA512
7dad78278609a00d7496ec4a529b184b0c361624647f181a4a51c1dd3961764e7e44411ebe4ec79a5af40c7f1a81e230bf6d537c4957cca468d08cfd68204d79

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.2MB

MD5
2b71d8acc7058c09bcfa8e3b5a8e5864

SHA1
b9a9f19f5ff805c2cd70c24c02738de8e1ffb2f2

SHA256
a0556a00d95c00064d2ac4fe795fc2d777ee7afbf724837f0e6e5a4ce90e082d

SHA512
4931d55261f7dafba6314ec4dd0bfd3292aec48f9c28400e769e34520c785a5601c892cbbbc30d631b7541a4b8cea55c415a7d1fc9381c5c7c093543eb407109

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
1.2MB

MD5
5f6db91190be7132b7b6a04fa631c737

SHA1
158228033de7c9674790fe5d0b182e1db5165f58

SHA256
c3224f908eddb559a6684f9f01729ed68d8c145d1b450d261a08eac98a8fda94

SHA512
6d8efd9aa1261396c6b29f8cfd32b967388a555715e705195af51d21f9c6b89168d837ec1b98ec04fdad7fb5eda6a886fa826a74ff9c0fda78da1c9f9e6af2e1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
1.2MB

MD5
ee2d08f23971398149c4c7e6ed3e783c

SHA1
29868f5ab16795db85b8109557564fd7614b42c0

SHA256
c6ea22d14e5b1fb94dfb735677f13c752fc064f6d3da19504d57886d15bd5ab2

SHA512
7226ccf68ec2bc270d03e5cf3ac30518027732bb7ae2759ca66b87f60dc4cc1734c1b7d5e0ed0cce687dbf2750bae281ef8d1d3f123f6b6feb699ff379b1af0a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
1.2MB

MD5
0f26e3f6d7e2a6babcae753decece56e

SHA1
b8df2f017f7ad66cc3ec0b6429f10ad6baa2a136

SHA256
e95d150617853aa528c19e0a4a3ba3e009bfa6e6cf7e5a81ec083ac8ccab780f

SHA512
73a19b63b152d9802ebf2b653c05a34ea83321f2a7e68a457857bcd309bf6804ebabed5eaa4c8a219c79e8571f3eb76ac0bdff23022018bb8738859ab11d15ee

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
1.2MB

MD5
b27a47185a83627ecf0bf04065fdd0b6

SHA1
d7dc29f5ec9364a650f1a7fa3f1f53a55f38ea26

SHA256
f2b197e58153fed822fba6ca4324fd81ead0751a70f399cc553b71ef550eea40

SHA512
3d893bd78068b1ce90c7179ac14b96eee9566135a27ed83290c01bafdb14d5caafb211629d1fefd30e48469f1ecc4c6077485a038d3daf7798dc0c9a359bdb6a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
1.2MB

MD5
4d11574822a052d0593923883faf0937

SHA1
545096216efad933ccc349aca87b7111b9386b7f

SHA256
522fb22055d0ee2a95b229991de25999c21f878f145d933853028992e5cf30da

SHA512
54fdc992c5859bb9a31ddef0028d833581b4eb4b0a5f2d9232942a09000ec4c69c50d4b33b38a75b6f11c13673a6ad2187e2b05fa52f59a241e15ff0c0b60a4f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
1.2MB

MD5
c73169c3d716f43ead3bbf8b6fa28d52

SHA1
84214f00c2c3ebe8a5f6bf29f344afadbe1711eb

SHA256
8aa6484af994a2d1fd27a644df1205022dbd0a1f5f050f915736166ab528541e

SHA512
350cc3481760f152960df441d2328d9182d6285855066f9d3c42697d6e575bc4d34dce88547a172990dcd442f9d5adcedb1f9df3e97a1b0f25a5deda69de53a7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstat.exe

Filesize
1.2MB

MD5
579e26a6a315f2f333895d3e7361a3dd

SHA1
e67f41df7729e6b3ed236e3a47830cdfbbd84b99

SHA256
1e8824c811527c40c10bf34cf23256b2801b1804cf10d6506654a0575949db43

SHA512
712fc6f57c8a0997edff44e490bf55a789fb2f703cc921513bb2c6638028e93c27f74b87fc60d5dd0bcf4ceb106555487eba6ca1df99771a84d8984c0093a8e6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

Filesize
1.2MB

MD5
02ef0ae983c72539482a1c838ad77406

SHA1
6e59f3c892b066c461fcb7b971815f2e3134f09a

SHA256
26ed19c5e7a3a2fbb8a2ac5319cde5605febd3ec9fa5aba8ab7249065d2bd746

SHA512
d788905ac36fdb529dca6909cde96959ed80bc7b55f56d2cc92690dd6952165d34b4b11151022cc1b234280aa6a398fbb20423e2ba6b021ad80cb16d1a74e045

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.3MB

MD5
5e148b0605799c595bd23977b06fc635

SHA1
53878a80f57c627923f19414d2c3ed0b453f6ae2

SHA256
8451ad110ec12c26ff6def8769b52321f7912075b60cd72840adc417be5c0929

SHA512
7a4115472a833bbb187e4de791ae474061ac51c25f7598b3af16b37734705ca37b0f8e0a17659c82b8ce04761deffc5e0bf6e3dcd968bf388dd69b5581756eb0

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
81e3784205d363a244febcaed7158254

SHA1
a5f27f0c3c96a5961f56bdc910cbfc675921150b

SHA256
43274243b216dc5edac1e2252087d5c99a1931ca51d6b3e3faf33a71c279c085

SHA512
198b946ef0cd2fa2de832c1965b5d988ca66a5d73387ef97519b35dee88ec30b75d566f9cdcfdb18d6eb328c1de97135e08d69d10d2f282840d68e9660f90919

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.3MB

MD5
81c60be62a6e1a555d529926a77d8d81

SHA1
e3131c1a46f257242b899111db68c88524c73106

SHA256
41d77627c8174d399aa902545c89226464feb6741ec3b145b842593e898aa060

SHA512
bea17b498cf458c4974ec80b3296a3772b2cd1f5bb04559ce021e8e006647747c42f937b61e25f432dab23aaee54424210f39a787789600f308fa7216f0d5bf1

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
796daad9a09bd4e9a7ab539de1512e4a

SHA1
5ae678daf46ea9f9ee7e6583848a1820023d5224

SHA256
20bedc318cf95e555d26905e5e03068ed616681a38c56b243da5a3c1b9ff9e5f

SHA512
9f55d57bb94841d68852b2add931e852b7e21fab46aec8514499221347827137147b6b7448ff55334c038ed3a77db12fc4de4c51325a5465f995ab8646847e5c

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
596e0b585111b26ea8bd3faaad0e8787

SHA1
da4284ea2112a9e3a111bd8df8b12c075adc41b3

SHA256
c45078cdac952282b1ecb75b4c4a580ea60bac555dde408e20bf3669cc5d865b

SHA512
27cb6920a0966d4d8950c96ddd5fdf713d5023fa7553db592414e12e38576503a819f4fbf7e4bdcacef2887785d7faeb6e0f9f1a4d484e890cf7000133bd757d

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.3MB

MD5
1d3c5886f60e0f1f7d1cc83f8965a2c1

SHA1
7eed6381736bfd650d61702b6cd10a404cc4489f

SHA256
db90a2936896e707ddc43d98adbc429b8684752665608ce74a5c84aa7fe78c3f

SHA512
edc4407e3b6095d82706fbba2b21d366182d9a818576a220c8d4e3a503d767df47c09b5b38d5da54a10cc35ecde0fba8b51d79266b2c0e9bb0c63b82aa32ba62

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
25e4f9c06fddcd2535f0cd33db74e4ff

SHA1
b2f4f4956148568fc45f3126cff6094dcdd72966

SHA256
ab72bd17a805a3d1aa666a81991c54accb504f1e3b759862ca2da1892a5fe98d

SHA512
1eb1e5c91a42e9f571b97b7c1e94c99f90082ac51e0a51716bc108fd97f7d418335fa94e7b3deac325b6faebca6ffa167aeabdc5f2f1ea5b67eb9dcbe2be5353

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
3eb0387881eb2be19eb335772a209635

SHA1
c52ec85696e92cd8d293cf423a7b66b0e31235ea

SHA256
29da4f10a6de34d8f6c09a9b858c0f37a5582cd0b00376cf1bcef09b959fd015

SHA512
43767ac0299eab9bd4d5a80e90b9a1e4ad583e96030131f6633eaffb9a991352f812421d3283c858577241a4b78c867743f60e18657836d582af1aa10e589480

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
8815e3cfb92e751b3874bed0320c4b94

SHA1
96d27f74c5829dc4898ff9614c67a7921f7ee1b3

SHA256
03b316177ae57e96fff2f90011818982629cfb5b9c11a9bca2b3661fb934e218

SHA512
bed39a697ffe9cab281529a51b733cf512a2248f23a186b69619e2cd480fcc78038f948fc6215dbc51ab4a68573b71ba6a4f74e92c3e1f41b2a2895c6d52e76a

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
c3f0d083ffabe269d9d7be362bea48fd

SHA1
f785ab0b6b8ed47acbfc5306c23ee0ded7f569d9

SHA256
d3b450f9e93f5f2f1e79c14e7fc69bf83e3f8b7643033e6b2dd2eedc1b2b68bf

SHA512
4f6777b8cb5f0c7a237c63a463e951b836821b311bb0eef99f38737c86cb99bbfde597ed0fff2fb4af3c94f55416c99414eed65aa7621a7db9359b30a00ff7ee

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.2MB

MD5
896fbf9038bd02c15d9dab906a53dd8e

SHA1
c9114e16f18495e7f704211d7e11840f8a4b1aea

SHA256
8ff523385344beaae0c8fa364e1ee211cf4a20c250e2b495402469882ed78f13

SHA512
6065e3db6655ce2fbcbd9c0c7521dd50d71b4bcc653d6d88debef62131e363d0fb648f6794a74caa8f1d8a6fc6324672ef0b4dd2bd7b31382e1c756baa9783bf

Download Submit
memory/896-236-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/1828-38-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/1828-62-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/1828-44-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/1828-57-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1828-61-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2256-321-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2256-231-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2256-70-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2256-64-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/2280-35-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/2280-34-0x0000000140000000-0x00000001401E8000-memory.dmp

Filesize
1.9MB

Download
memory/2280-26-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/3036-13-0x0000000000550000-0x00000000005B0000-memory.dmp

Filesize
384KB

Download
memory/3036-23-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3036-20-0x0000000000550000-0x00000000005B0000-memory.dmp

Filesize
384KB

Download
memory/3036-319-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3088-242-0x0000000140000000-0x00000001401D4000-memory.dmp

Filesize
1.8MB

Download
memory/3108-0-0x0000000002010000-0x0000000002070000-memory.dmp

Filesize
384KB

Download
memory/3108-9-0x0000000002010000-0x0000000002070000-memory.dmp

Filesize
384KB

Download
memory/3108-148-0x0000000140000000-0x000000014021F000-memory.dmp

Filesize
2.1MB

Download
memory/3108-6-0x0000000140000000-0x000000014021F000-memory.dmp

Filesize
2.1MB

Download
memory/3108-147-0x0000000002010000-0x0000000002070000-memory.dmp

Filesize
384KB

Download
memory/3240-243-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3240-316-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4056-74-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4056-86-0x0000000140000000-0x000000014020E000-memory.dmp

Filesize
2.1MB

Download
memory/4056-84-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4056-80-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4304-241-0x0000000000400000-0x00000000005D6000-memory.dmp

Filesize
1.8MB

Download
memory/4776-54-0x0000000000C70000-0x0000000000CD0000-memory.dmp

Filesize
384KB

Download
memory/4776-58-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4776-48-0x0000000000C70000-0x0000000000CD0000-memory.dmp

Filesize
384KB

Download
memory/4776-320-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/5032-88-0x0000000000CD0000-0x0000000000D30000-memory.dmp

Filesize
384KB

Download
memory/5032-233-0x0000000140000000-0x00000001401F8000-memory.dmp

Filesize
2.0MB

Download
memory/5084-239-0x0000000140000000-0x00000001401EA000-memory.dmp

Filesize
1.9MB

Download