4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
Size

625KB
MD5

bd58ae6df16662abef2a63e072009fb0
SHA1

67e99fef0d7eaf5ce29c53f4f87b140dc4725911
SHA256

4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff
SHA512

256a91b20007e77ba7deeaaa11a8443c0e5d94f9cfa7f484a6adafe3e84576279191c7f88eb78b32fcf33bdbefc8eb3d2217d4e9427e37cdc8ec6c64661f7449
SSDEEP

12288:SJ2oH/uLJOyo937vGFWxwFJI+yeuVb8r+ZP712Ii+51cjVWtVj5J:o92JOt934J7Z6bQaj1BvUm9J

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
636	alg.exe
2188	DiagnosticsHub.StandardCollector.Service.exe
4584	fxssvc.exe
772	elevation_service.exe
4848	elevation_service.exe
4592	maintenanceservice.exe
4892	msdtc.exe
1544	OSE.EXE
2876	PerceptionSimulationService.exe
4196	perfhost.exe
3936	locator.exe
4324	SensorDataService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 28 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\dllhost.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\System32\msdtc.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\locator.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\904f219b3e2edcd.bin	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2188	DiagnosticsHub.StandardCollector.Service.exe
2188	DiagnosticsHub.StandardCollector.Service.exe
2188	DiagnosticsHub.StandardCollector.Service.exe
2188	DiagnosticsHub.StandardCollector.Service.exe
2188	DiagnosticsHub.StandardCollector.Service.exe
2188	DiagnosticsHub.StandardCollector.Service.exe
2188	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	332	4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
Token: SeAuditPrivilege	4584	fxssvc.exe
Token: SeDebugPrivilege	636	alg.exe
Token: SeDebugPrivilege	636	alg.exe
Token: SeDebugPrivilege	636	alg.exe
Token: SeDebugPrivilege	2188	DiagnosticsHub.StandardCollector.Service.exe

C:\Users\Admin\AppData\Local\Temp\4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4231aee56f1a076a020e191aa98465626a2855e2643dbfcdb91adc37559a25ff_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:332

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:636

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2188

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4812

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4584

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:772

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4848

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4592

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4892

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1544

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2876

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:4196

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3936

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3680 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:4976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
2.2MB

MD5
f67a5ebb68f352248421f04b09fa8ad6

SHA1
f8b1affcf06c2f0290fa283cba1635b0eb0895b2

SHA256
72bcf69c8e7854f667e9cea755b834af9751fbd30e6a594a0d943559eb1d49f4

SHA512
6f7a4ca95137a8ccd95aac9cf2875c4e42ba1f3fe767061ec3200f902f8b3de64a2285e13c647c16a42c9b640162fdfa7cebb77870dd53a484c23705742be975

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
abe41af5df302851ff90071973d77d34

SHA1
be6b9fa5a5f6790a9cb77238762e1cfb187dd9c9

SHA256
2b330df110dd763944d7351a8be36a08dc728d7485f16b78f544859342adc9b2

SHA512
0e5e5b78df506eb832316d3d9dc2adc5a00b76ce6c926981d00d5ab38c7d0c20d60b5163823b0dd499be3784c2433abc68a7b7547a5e6239b960647925221bbf

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
9e2d6aa3eeeb2e10942eca059e1cb107

SHA1
c012399d868ceef3d65843a1fc53b435791e9bb7

SHA256
a2609d2570ac9a4db6894df4ef5a414b0a6393535bb823d15edd69b3d74dacc7

SHA512
0d699a86976586795c737c1929cb90844cc1b0143b4df580e3164369c15d9e522dabec89cb818b8f5ada0fe9353796c5912412e172e3c82d9f6a3e233c440913

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
83685ff1549a436f8674e6db06650ea7

SHA1
abaa01164453bbea57c5e9fcd6d941ac907c5d1c

SHA256
9a7ae7e5811179bba8fc3874669ba4878377ad688f8393ff0ef79ed54f9a2136

SHA512
a94ea58b758faf2d61dfb2e43eb646deb848240e73dd72a34395078a89216a8c5fc8f734e48b1c3960c28a433db7e1b02e46a86311a415ebf1631c5892611134

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
8ba3d36687c1885a9deea73cd493edc6

SHA1
efa9806540e35fc2f9eda018afbf4f19d3a5ee34

SHA256
834c1b3f7ffc6972efc7a3d638625a2fafbb0a884bbaac29d8f758de2b5bb353

SHA512
b6725511a660896f840710b64c9948b62afa0e2c1a49f49f3af225da1069f4771166d82e4e77953128b512b75ab0d93bc0a80832f2bc3443f212f30236585e52

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
04a539e4f8ab4f79219f57e13379d9a5

SHA1
2097b2df6c2d701b144d65f0679d0b935fada639

SHA256
3e755c3b703aab2d34af8998d1c08a610bf2ea7a1e8560c2c14f9772d4b5f5ff

SHA512
b366a451501ea3170215547e537340cbf7d6a0651ced2441228f5fd03dcfdcffd21b9a7a0b57c9b4a5c2ae62e05054a038d27e9f81bcb1598eac65ac2715f7ec

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
0f69d8692edf410b6920de71f905d076

SHA1
67e5058a351c48ea641d27244cf25ce125030ed7

SHA256
004cd0933c09cbadb3824404fb1fede4365e5fad2d2513b5736d9258d8292ee4

SHA512
0b89862fd4eac87d9fd7bf397c94c7e2e274367862b380c37ee1a6a8730b8ac4a9f2a057f0367f52f5bd35f816ff0c237e700e506700361ee8916e8a1e934333

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
664817bd45175804d65527bf73d22199

SHA1
1c2f455d53bf42924f7305b90b7906c34456892a

SHA256
175551a700429dd0483a90f9b77523d972a08aa3b1592569b4627ba86f903e76

SHA512
b4c33f7f1a4fa1ff715ffb05d2f0ab922e85fc1d50c4038f470e5508d4a95cd1b1747f5a5ddc3346d8ec55238eccc1b76369bb2dac1c00a081fbbf673faa50cb

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
1279ba9836ef54c9f30b55388cb07a85

SHA1
3ddb001a4cda1ce43d6492e0b905dc46543da21f

SHA256
e3c5bf1ad753fde3cbc73f310ecdfd096874f8063984bc8a8f0cbfec00d76eeb

SHA512
1c43d88afdb38efd061c8487a587c449b1296d08ae772e2ef7f1bc7585024a519a2926e680ffeb39e23de13219e63d8958dbfafa4dbf81d82e6075381ebfab86

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
96339819b64b2acbbf12fffbde5e2fd2

SHA1
e459bec17ec7986806290b63e0e4b8b346fe3f11

SHA256
03858a40ff9b054572e702de1a8882b4f833efa9d835267a235ff8bc5a9c7514

SHA512
5c9c40b00d7b3fc66a7366f88a31ace156535dcb3bad46e0754169dde8416630ee9933296900f53a285635e8a3b3fc3b31384589012cae0444672644ea453c27

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
ac504babd8f8b58087ee8c7f9d0efad0

SHA1
a870d18021fa6c82a6938ba285999c98144b7b72

SHA256
9af5cb342500057c762c0c6dfba6cc97213012580869ee5b4eacff9ed87967bd

SHA512
da50766646952cbe0123fbc875a6a7a3a517b9ab64d633239147ec3ae194ae82b1b8dfbb3d77b9b8ee3de3f2a02a01ea094ed6cc1adbb93c37265ca7d08ae23e

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
b8731e6b3e661bb59cafb63b2ac3394d

SHA1
d76e3f3b688219d58668f6b0a827b29f2460ec79

SHA256
d613585e1c030219e17656ab94223c692b60b654a0671d8fef7ad7641f520f9f

SHA512
5a8a0124a7818f6449f8d9cac7e6634198e383785d0312ca09a477acd3dc0d9b10b9b9307fb55581bebc5d352e6dcf2aac6fbef859edd1fd87be2756ee907503

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
6475e801b8736dd71c70fd5665077a99

SHA1
1ffac8a99c797acbc19f263f8557a6cf04fa8d6a

SHA256
e3ac5ef05c83605b7d8b41b7a86466c9ff6045727ef9cc6ef3aea5b17b29b0f6

SHA512
79762ffca2ed7dd7682d727fb5c08341940a7a856173609278f343a0daf5fb89cb8582ca7dc59993f60bfaf692d64014d6cfde39942474243fab4b047945eb68

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
25cca48efc46c3efbe62226e3647a26c

SHA1
72d6015b6fc00ba483aaf5717bcf2d5a35bd2f19

SHA256
4109bb54a4c868bca3dcdaaaebc94f78fa3e958de8d969c2bd7b92490a0af8b0

SHA512
90504fb5e5aa2298578fb8cb486ef7944639d56f70578dd7720d5f6a3cafc0735171eda1aa2dc82c02c5ab8350a508a89af81a23ff5ae2f93a355ea94d0d8df7

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

Filesize
4.8MB

MD5
f68286047063325eb7369d78d3c5d29f

SHA1
91ebfebb81b5e513c59543b84288dd7aa1b380cd

SHA256
3870546338568e8f6cfe0d85ba53b45f45fa1d7b3d037fce95cc910ac497ae9a

SHA512
c6b95a87d6ae607f6fee266f72798fbd829e8d72704c084ad90dbbc869808b9451aefe169f93f8a193142d2e266057f039d405e7f73c9979ae566df48eabb24d

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

Filesize
4.8MB

MD5
251d40ae6347fc66640debc7ed35c0c5

SHA1
d69bfd4150473746834cebec9d1f4bdd9b1101ca

SHA256
acb99039540646540dce248af0743f1105a34f0ef92fa7b2cffc2ccffb240aba

SHA512
62af15351560950c283f3ed8dd06bb7bc4357424a45a5fc35faf1a885b1ab7d94d2496a529f6fe423477994d4b1aa02d24ca5b7119bcf3b0ccc5bde1969d8eed

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

Filesize
2.2MB

MD5
246f520a3a8b31339eb40ed809724805

SHA1
45dbf45e172dda574355339e3fbd6f09faff4d06

SHA256
b7661d1c6fafc3cb8b319881a15c985687266a9d2eb695f6d1fccee6e6c63322

SHA512
39569c84ce10155002921750e141695b1e5753fbc127b0e050c00e98a2f3ebcbab76a7620ead10775c950ccb4288aa73ccd539438034ee5f90549f9bc1b964ad

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
44bffc94ea448edc36018a432a97251c

SHA1
073a34832f00619e1661b6fbefcf6d11153f9ad6

SHA256
d656292254c80e31740db57358d2992897f371bc8bc37ec9e444e7f82197334a

SHA512
2d1733153e17b65d675bb7bb0e6cb8d082c40211759da307cb788f6b27f6faef2bbda4797be4defb00ad6453af3feea0f6e348d48a3da8d6d8ac9a1a091c743f

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

Filesize
1.8MB

MD5
045b85b1bdc94b850d50b7a74d19779c

SHA1
3eec70f64e3b479a212b49fc03dfa141f4d157bd

SHA256
e796df371deb70d2b5b90de5a3a6f451732b51aa4d3b372201664efa9b11c097

SHA512
dae58daa7c9098f4bf39e6652422cd12a21b94c08b9cdf5efef59807ae41a4f3fe06c60c47187965b3e8d0ad7430e7a964c57c1c6fa955c4bd9bebf84f36c83d

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.5MB

MD5
ffefb88d9a1e0488e4d9d3474ac2bb99

SHA1
311ac6a908fcd786c1202d2e3bcd690018c71c45

SHA256
f7d0dea09be37b2873329ac955cff8677f7476a522497d1b4bafda63528d773a

SHA512
5da70df8ae696d8e33d546f6bf55ff43ad839cbb4a399c0fde8f663480a7262a68a0b93161422e5d39a7f738b8c5b7d82f97fb6dd9ff6e51bb25c21ec7791737

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
3fcf3c91e661014dd7230afafc17ede9

SHA1
e688300098b7368a52f6eed3ade5d8684831644b

SHA256
4d2f01118fd80a17bc2084e29eb498500ce2b7280cf8358f93f2ed73c6bbc32a

SHA512
cf461c74e885b72f202c1194d93fcb684062ce5ba6dff842f31e80319919a2b92f6c78566eb358532e223a5ca3000d3769c10281eaf30648be5be3390b2ec9f9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
746ebdaa01c9d8a08f6d32c7af01cf2a

SHA1
444b0d52841ab739d6dcfea848219768ccdc768c

SHA256
b45ad1989b89cdd8f5adf437d1a74bd0479643000bb237a6be055aeab59d1ec8

SHA512
c784b3c0552f21665611b289c9eddeceee6ba6e0cced5adaad5b57b67c3c940d67eb0c102f36d879b488124d19bc77dba841514e4039edb31f94a09cae8854ec

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
3cd2f423c9634d9c2afb5d8b07f8878a

SHA1
7c71d1f8d71778376acfef1ceea597cb11a25485

SHA256
adb88e020b2615a9b6f76983a061360a1e135ecec032c987ae8f58cd8bb4b144

SHA512
78b367a2a43560761e64660167a1d4b287cda20094d6802ca05d14a34eb9c6fe6fe672f39743be65dd9e374f1d0234668523c3fbbd88d7ad29e20c1adf20b644

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
3963d0d1372060c82bc214cdd001941c

SHA1
edeaa661003b3bef9d53341f01e209901e7ccc5c

SHA256
bc47d3c6d0bffdc2ec8f857fe700f1c3ba2f444430bbe63a05993c18d028515a

SHA512
00655e35353d721764797f1a3ec58bdd912b2eb6297168425284e5f22c67bc6d994961061a0bcacf21f82c1aa9227d6df0c2442777927f6f979033e8a5ae4182

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
4cbc81c2aacdd1977a7eb04e5b2f8da5

SHA1
82e8640c1b0ae1c2303a4271ce88d927a200af6f

SHA256
6c944b526e6c2bffe9f0d578e5a36fe1b42e480af5ba2dc68d7916136bd723e4

SHA512
69cd2cb5731a2ad07175690920e1a3bebcf79335af9984c0ba43f45599067b1e5ff02160fd5762237d2898dc0d2c7a5b068c58187b60a7585839be07e7c7681a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
7a07d4e42a4f6097504f7edab7245c58

SHA1
6822ccbc959f7143628c192631865fd76bb2888a

SHA256
851464d59dd69f8def9fad2e74ee3a0cbec79491711a8a8751a3831411a99b2e

SHA512
d6b83bd89e70b0486c9d389fd4209d30ac75b4b316caf296dc5432d4f90d38f6083cb90da645eb17d207d5a0cf5ac9f492cf829e51670de13cb700edf390cae5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
df4a643d04b33557f35a56f513b692b2

SHA1
1a70ebeaa78c3439be4c0518e38cb828035ea1f2

SHA256
3b44f8e6c152a3c178e0f587064b253453e334922ca74b44cddd0ff057966f9b

SHA512
a911e65de3cfd7c8421ed4cd4533aa959459c12a7a530f4ed8fd17f9335b703a1cae0e65ca057f92eccd052c889cf08f40233d4d238422b77fec47a14a4c9f50

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
af9b4b285f017129a50f026afb55df9a

SHA1
15a607c87ba7f431f35efb01b12b001082b4559f

SHA256
20eda0c3fe14a37192f3de498e9690d83c2cef88a18e9f8c5e99020d1d7ef805

SHA512
7451ef6119191bad25c2d3a4db29603d9a32c96cfe8f89f6fc0c4834db6f2c15400b98a59329c1bc230d6ad90d834c3abbf6ddba4aa9fa1417d3e1722ec6763a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
5f14774d5153574c8c83995e0a4f4556

SHA1
4150976c8cbb192b3001fdb888965c712b0dfa4c

SHA256
fba15d6746b0db0efc8f7418102281b44340d9f0c77213483c0396d4cb4abd34

SHA512
eb114b21d9ef30f9bcfb79ae8f2b9788c8d23e41d16a6070e6bcb724c19d511a4b07e410ea1fdc0a772b4d18a95320f75d239c22628c564c08ba078fe52de5a6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
b695395694b9c009bcdd7b4bbcfa7c4e

SHA1
380edeb35bb53b4a55cf4f96d94509b429525ac5

SHA256
9bfcd2a6449db4aa72717ea0ebbbe60d9dec05b16dce6079ec232ea1e6a13377

SHA512
2b7ed6b3012f15fdeb7636c78e0e673b7464feb83fb9b36ae87c5f628856217b84eda8b02993d9818a1ef9f35f0393709d94236b0f8301c8b917bd8148ddd655

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
a37ec05cd450d060adef08d5ca0b84d3

SHA1
d10e2d4c5b81601bc85d95e02e21fdd4ffaf654d

SHA256
ab410fb50496b07786fad72e6a395b40d7d930fc603dafbaa8fec51b7a4a7f46

SHA512
a5663a2b856e36fe93e0fe9ebd4484e4366f967aa331a5033baefdba28c970a8f121e52a4ac4d0280208ef903050d8d0fc8015ec1c044fd246b31f1c9aca3a45

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
30715dae787a3fd5f8e36dd749bb60c3

SHA1
0788f48311265cd9b2764c2001df5cb2aa3162c5

SHA256
ae3f1563563030c676f2cb9a8ba2f8de1f09ad262f1fcbeac3e3fb50e3a00495

SHA512
7b5d6f130a4f31cf20cf14781a8f990d32d62ad113acee945333df77ce05b907536676fd74b43f25c2438201806a6b45bc94a1f2084f5ac4ca51eea446380db6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
4ba14521f8cc2cf320846fd2fc46c59b

SHA1
6a18c87c1abfd9c4cd156580674cac4c6b727d3e

SHA256
686253e6d01a61733a75e2958358a631236e5cafc32c575bb88ee69ce5c7c55b

SHA512
4310ba336db1d31e9ab7c214eb6557f9a8f99320898351d921cd3437826928067dab304beda7266542cbd1dc300a2a0f992b2656182b6561eb51fd289cc05cac

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
c39e8b5bd012c6f8b5a58ac05d6e1122

SHA1
ec5d0cb0d7ca4727f40fa095561f3ea42c319593

SHA256
e9c204f2a2de5895815cbc5f6ba1747b4e7adf7cde34951712df2a5eecc69967

SHA512
40816458fc1ed9a70b90de0f3d28f67e2c7c31901b8d29651c8cd28412a0bf94671f590de4086b35106ce825e9474d8d3a6313516a89930f34ff721de4082124

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
a1c8341be9efd14323dafbe5a1232e90

SHA1
8ccc3048bc09a03fee806e0a4d7bfe3f62604439

SHA256
1ddc83a5ea348cf4865ed3904cb2d310feac497d17245586b066b9800d18ff3c

SHA512
cd58c6012d58199180cb02406e06829844e7d8053a7a38afcecbd64283a4d4166cd28fea9a0e933e90e5a3daab6f65995672f5af494e4e9104d2e824edbfa444

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
30efb6fee0f7ac726b04f10b0f7f0c24

SHA1
91f206a476db643a58602d5c35f88bb581ade6d6

SHA256
250a151964a20d678fcf8257596d855e62359dab7917c995961bf6051df93770

SHA512
4f9a02a8c852ba16cd814b4d794d13572d28dc82b620e3fcde188e7534898274be987d1515420d9185cad670998f4e00f8a478954cc4de9494014c6c0991e57a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
581KB

MD5
2f67c51e9d97b300919e4a3411251d31

SHA1
5ea1faef27147e21c3449bb8e29f550534e59c87

SHA256
585420356d08fd340b487d1654d2672963a56de540a328e4a2c5c1601a1f8980

SHA512
388a9ecb6b57cb0fb3f674dc118d092b13eb30c38636502ccb0979891d53c5f7ca65263139cec39635c93477ba1b0dc7964d53cfcc2c88b8ece4db3424e09603

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
581KB

MD5
0fb8375332bc4252b609483f1bb9d359

SHA1
f36ff75bf017cdc92f34a228980f14cfa3b86845

SHA256
e15768210015ef058ab99e997c4fce530bbcd0630aea46b660f5aa6775719762

SHA512
1ccb462176f89a5b1a7eca9ba48a5773b59712415843ce8bf9b58905318bd158b42ac435382c4f4297cb80cabfb48eb04f57e9f85c3a9cb2ed83db4e58448b43

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
581KB

MD5
5af55907db282669324fd88fc999aded

SHA1
67f0b4685115d48418c40f97d59f71ba97fa6f25

SHA256
e28c3f579013c380c6a6ab2e01b660387ef026d4a6fda68d3dc2110d6aa2b223

SHA512
4c6b792db4efeaef9dee2fa5d80c57ca2618f2ce9a31a0571bd9d2979ea4989ebd1e667800743fbaa6baa9ed26f464cb298108a3c79c706b584b597be8bf32ec

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
581KB

MD5
9f8d79cbd94b875d50cd128e5f1088c4

SHA1
4c208e052bb3dc393e4fa8e85c22a0f331346a31

SHA256
5c886f98e1755c0738e2cccc8bccdb9d32d825244bb4b21c28538e924ca841dc

SHA512
4dbf0ff04fc052f68d2a23873ab92b0802fb5cfad2e64d9a61a450fba27e152aae72e69a17eff8e002fd1283d908d72301bfd182c719c909a855c747aabff298

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
581KB

MD5
dcbe6ea38b86f7674220698c81c68c71

SHA1
19d52cf0931599967aa4584325b1d47026471a4f

SHA256
fb494e9a9998c905f67786c0c4f78329f0b4b9db21de2b577e1d3a87d57a0520

SHA512
824fac421c46778941f61a64febbfd49f4231388ddbe87f8be75f741a87e923890f8b77736673f24cc5aa8116c05703e6e9bfd4d687daad9b031761da978ab4e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
581KB

MD5
e222bab4e6fe9454593998131c8f6e53

SHA1
8a1ba27dde1354d3f699ea09ddd62f9d28d79385

SHA256
44da7cbb08e62a2cc2763531e187805ad700bc344ac4e7a5d41a5b26a5984643

SHA512
c45c020726384e6e7cbfddc1db874d47f62be6a3e94210546eab079c07cec92efda90e6dd13ca661c7503214c94870266f1d7dad8156c4855cc056cdf882f5a1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
581KB

MD5
123025ca8618eb4734cef80e38f43f38

SHA1
51b4da8cb06d720761ea9b0349700d42450394d5

SHA256
50064b5cd572c551d7e05e25d44a2c34ca67c5146fbe0a331382897233b87a96

SHA512
d7e7de0b8bcccc8cbca4c974f400d0a1a7facb729f47adbe2e59a70cbbaa58122e5c4c0d200c2b2cb4eac40ef489c1f588d89c535bb344bbc36ceed984a1e81d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
581KB

MD5
da9036ab4b4a016a39c7b025817976e3

SHA1
00c3618752727d71059421cc775e2a96a155c23d

SHA256
01281136ed251f864359e21b9a9239ded8599c4878a48e69d527b97e6c126a44

SHA512
859a4b765ff0eb95be0eca0ee1a6e7c4bccd093cbc9864216f30fc6fd3fd6fbf6fcf1946326fbeb429d22dee249e5168d520e0972167cfd1f0bdc9263b5fe4a8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
581KB

MD5
118b9c69c73fb76902d02428b78ee649

SHA1
706da984db8c10cfcfc92ea037931dbd76f6328e

SHA256
b8d58a452bb216c17049aaa8119a40e0b87166e5e15ad467aa91b3b5fa0a1e00

SHA512
fee42762112072f4c5c90727e1a3641e90a542bbd66e54fc4312083e6ac0bc90e44c52119158ea788f036e1f9f501741a1a364d047535bd4758a97b5dd9cd8ba

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
581KB

MD5
130f4abd127eb96f5a5f16fe7c5c66c3

SHA1
a79dfe429b567c66e02270a4937d0947656d7343

SHA256
d772ebd8fa13f5dfe3dc278e0c57806a57d834751ae3f53e6e2c99f86c8b34a8

SHA512
0efc6430253f775200c8cd9ccd8d63b21cfc835c6439492cd91a8cc2fba886e1f48fbf547e1d6fe4d66928b57bf194b3a140eff44c8ea17271560d0c0d9e1dd2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
581KB

MD5
001b58b4501daecb093d91d90740e77b

SHA1
914b5427383a186434cc616c2b6ae610b8f0bd7f

SHA256
449dea1d74adcb1c3dec45069dee807cdbc70ce094179157434ab9332f44f74c

SHA512
52e9a7206be5e3b04c9ea864db915a4c6c6b34c062fbec7319120fd07e82791c4d71648dca3989212d128634572fef9fc13a5a11258483345568a88b95fe8cfd

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
696KB

MD5
e30970ccd5d8a92549d03aabd6330207

SHA1
17db1d71ffaffd411c1326daaf54e81f46a30080

SHA256
9f93958a7814b54c32887ad49b708b5d95b5db21ee6ed157d23d4dcf7c2ba2e3

SHA512
73449493f722aa8b50dc1814e62713b4fc9f50723030d76bf777fdd2652f3c4d37853176a7d32d96519d6806a78a43ec32001fa7beda93d592af461bcf3dbc53

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
df1a2c4cad57163d584f878501824192

SHA1
ec547e8ed9fbd33f1feb1f5cd28b1450688d1d8c

SHA256
fab1d23193030a623a80840186609ab56360b2adeb46ba1a6602104fce065265

SHA512
9efb3e2871ef7ef665e4c1be148736a1c57f62b3dc9b579fbdd1a01f04418af2699e93928efe56911919ae005bb27d0bc4236dab479db488e1bd59e3074da216

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
791381f6fbb3ed4d0b95672bac07e14d

SHA1
69da24fe3c5662763256a6be79e6c76eb6589fd6

SHA256
16e33ead89dfd2492b15acedebff81df5daa433b3c61a51be8b679d3b2d75ad1

SHA512
a1e3b935a7fb49a9fc6a19ca37220369837cc68559bf05675120ec1c2215e657218107891a8a915426720d4619fe86d2d2f4529b9af06e8b14f2c7e41a2b89a9

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
d93bc4aaaaab69dfa9a8f31712e045a1

SHA1
f040c4ca43f188c3d24f24cd46dd956d2e6ee172

SHA256
cd7258f52f143e19a52b39fefe5780836fe51aeecf811c05d46555337e55ecb3

SHA512
67302d9b8e2cd68faebf00f6e28015044f137997dd3f5afa66546a2620587c2c56adc5aa74b6ee6563fb5df451416a3f94cad6e476a102e7abc4dd24a1182689

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
ff9a378f0841c56d8d8b1585cdd26642

SHA1
6c69146fd5c3012ecc1b0389fd31415b57cca7d5

SHA256
eed6dc70fdea0f25e7670a4edf9eb4cb2c037f7357d4caf344aa1003b12e5134

SHA512
3ea01f86311c697667af7fb091cd32c470d73b5c3c731ef5b16d37f29414269b4301f86c8a00bea14256bf9a34069ad20c58d6825ab3a296623348fcbf68603c

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
7270c1cfbfbfd2bbffd243390c551287

SHA1
cc76d834ed3093753f59a7c186a4afbaeef5252d

SHA256
a6f181fde4ea0ea97b5e8e254cc9fae37a3e44bc4e592e81fd98e656264390ca

SHA512
65b2b31465883ee0a9bec9dc98dee4e855a4cd5cd33c63e22ae3f0cb22c13dd4ed4188dc2a774487c5bcf76e80f06bba688e7f2537c83a34cf33a2c0dc05ade0

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
fa5aadcc1a8716f21f080dc08c251fdb

SHA1
04cef83c5f629fc582ef889804aa9301472e5688

SHA256
1b898838f10b021c6ade77e08ad010c05fbbbc2053c526c128a30d89f701683a

SHA512
84b07c5613b8d54d8019d0908cefe097fb613be8ed9adda2401282ba740c084390f3ebe26922ca848a19f876427ce37b34fecab66732fde81bf8d79ab97b89c5

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
a9a104c099dd8a5b7253c5d4c9353b06

SHA1
c2dd0aec4453b73da353161893598e3959586342

SHA256
65c4a8c289db7c6b9c5dcf3bf886dcb7a1660b3bea55454f1ff3ea3b08866dcd

SHA512
fd14cce426231f6d73a7e2d7b76c0f1e768412156a211a45fbdb70c0a76aeb1dd1404e8665a08d9d1ab49d20c2caedb0d42b8e9a255fca87cc3e68b7bed191b1

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
ae4f4fa5c616f8f933486e821bafc1ba

SHA1
5fed707b329e8288f6f8880b5f4a6eaf8c028667

SHA256
5dc414c7b7f3e055573746e0f2c2cceb4277a42e3bc53f74e90c894c098ad395

SHA512
87eb52c9285eb25d217a6752cb1a86072c812f33641f4462180075f60f75519cd7b14a04029694d8fe9fcb8ab8aa0b2806cd6f5eb7b4b39fe6cfc530a563d052

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
a118748fe97f6867969cdccecf06f75c

SHA1
488f323b055034b002f54fd0749c75d340618794

SHA256
58c3cc6c513341a82e04ebcf83480496deec66f0d7cedd08a35f313143fb78b0

SHA512
231f11f8c4e299e516d10e02389318e7f28fdfe532cb448791ff47646122f2bf1a92b73452f89c43cd7037c3b6b92e3ffb55401240568277a199700a92c309c8

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
53e540dbf5ec8caf25f3223af35c70e5

SHA1
5f6ed6e23a7dd0360e03f13416848f447e7ae377

SHA256
c1882b6eb6b324b65eb1ebe1c3c022c75cc2be093c836d4dd75d07169497644d

SHA512
ed0a9f8967d093addea5c5dd2feef1062de17f148d842cbc72e32543ee0caa4a6a067cc9a9c70eb63426a874eb62cd17b6cc226ffb10096ae6ccb4cefcf5dc0c

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
0e1f99c6b1b88c6f37599e1b5e4b5dbb

SHA1
33e6f96d1268bad1316d601397235ed12f52f112

SHA256
4e5285798c99a2f99a67e140674222fc2106d76b4fc25953587e5076a3024fc6

SHA512
510119785ac84c7610a44d441d568b389e91f2601918acf19fa81804e644871e1a659ebbbd6c22ed4acb3d96d0949034fc3d3905fb721aaa4381d0d5d63cffeb

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
52f019f68a6ce5ca785d89e092c2ac1b

SHA1
042f9c52a19f4a27a147b708430edcb1a5e19f36

SHA256
2a9a7f035c8aa54b88b53c5ea7f91b77dc3cefb49422c17d984954115fa820b0

SHA512
4e8a64654551ef5b290074ee781357375cc15156c2f49114943f2cbec02345c02b8a3e57d468f42c603df34cc6811f74947c98c9001f29b363dde438b61f39d7

Download Submit
C:\odt\office2016setup.exe

Filesize
5.6MB

MD5
46dc7b0b095486fc07ee4358deeea7b8

SHA1
7f49f77d1c661d564e7c7827607831ca876a47dc

SHA256
f114ca90ab1fc245f7f35cbd7507e721518e61cca4744a969b806daa518bd3f6

SHA512
0508dd51b174307e788efb3fdb2ad7660a608d543e2162fd5fd8659e34bf2a975712a0f06bb7233d779d59a80c2f34d811c4d01c395efc83f3d5035fb07e3f83

Download Submit
memory/332-58-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/332-1-0x00000000009F0000-0x0000000000A57000-memory.dmp

Filesize
412KB

Download
memory/332-7-0x00000000009F0000-0x0000000000A57000-memory.dmp

Filesize
412KB

Download
memory/332-0-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/332-160-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/332-6-0x00000000009F0000-0x0000000000A57000-memory.dmp

Filesize
412KB

Download
memory/636-101-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/636-19-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/636-13-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/636-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/772-256-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/772-57-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/772-60-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/772-51-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/1544-320-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1544-102-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2188-34-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/2188-127-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2188-25-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2188-26-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/2876-113-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2876-321-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/3936-325-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/3936-131-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/4196-128-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4196-324-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4324-299-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4324-150-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4584-44-0x0000000000E70000-0x0000000000ED0000-memory.dmp

Filesize
384KB

Download
memory/4584-38-0x0000000000E70000-0x0000000000ED0000-memory.dmp

Filesize
384KB

Download
memory/4584-49-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4584-47-0x0000000000E70000-0x0000000000ED0000-memory.dmp

Filesize
384KB

Download
memory/4584-37-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4592-75-0x00000000015E0000-0x0000000001640000-memory.dmp

Filesize
384KB

Download
memory/4592-81-0x00000000015E0000-0x0000000001640000-memory.dmp

Filesize
384KB

Download
memory/4592-74-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/4592-87-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/4592-85-0x00000000015E0000-0x0000000001640000-memory.dmp

Filesize
384KB

Download
memory/4848-71-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/4848-69-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/4848-63-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/4848-287-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/4892-89-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/4892-90-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/4892-300-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download