Analysis Overview
SHA256
d15bb8084b67588a9e298fb6b6766786f7c80cb01f1d3018172781424a99a5bc
Threat Level: Shows suspicious behavior
The file d15bb8084b67588a9e298fb6b6766786f7c80cb01f1d3018172781424a99a5bc was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: LoadsDriver
Checks processor information in registry
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 22:58
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 22:58
Reported
2024-04-07 23:01
Platform
win7-20240215-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\d15bb8084b67588a9e298fb6b6766786f7c80cb01f1d3018172781424a99a5bc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d15bb8084b67588a9e298fb6b6766786f7c80cb01f1d3018172781424a99a5bc.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d15bb8084b67588a9e298fb6b6766786f7c80cb01f1d3018172781424a99a5bc.exe
"C:\Users\Admin\AppData\Local\Temp\d15bb8084b67588a9e298fb6b6766786f7c80cb01f1d3018172781424a99a5bc.exe"
Network
Files
memory/2740-0-0x0000000000400000-0x00000000004B5000-memory.dmp
memory/2740-1-0x0000000000240000-0x00000000002A7000-memory.dmp
memory/2740-7-0x0000000000240000-0x00000000002A7000-memory.dmp
memory/2740-12-0x0000000000400000-0x00000000004B5000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 22:58
Reported
2024-04-07 23:01
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\kinit.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jmap.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\pingsender.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\mip.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdeps.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ielowutil.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\schemagen.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jjs.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jjs.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstatd.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\orbd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_124281\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javaw.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javaws.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java-rmi.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\ktab.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstat.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javadoc.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java-rmi.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\private_browsing.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\minidump-analyzer.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\mip.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\pingsender.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\plugin-container.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsgen.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Windows\System32\msdtc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\TieringEngineService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\TieringEngineService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000071ffb75f3f89da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000edf725f3f89da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c6035b5f3f89da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SBE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d5dd345f3f89da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000009da1fe603f89da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000df7aae5f3f89da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\d15bb8084b67588a9e298fb6b6766786f7c80cb01f1d3018172781424a99a5bc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\TieringEngineService.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\TieringEngineService.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\AgentService.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1272 wrote to memory of 368 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 1272 wrote to memory of 368 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 1272 wrote to memory of 4856 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
| PID 1272 wrote to memory of 4856 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\d15bb8084b67588a9e298fb6b6766786f7c80cb01f1d3018172781424a99a5bc.exe
"C:\Users\Admin\AppData\Local\Temp\d15bb8084b67588a9e298fb6b6766786f7c80cb01f1d3018172781424a99a5bc.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| ID | 34.128.82.12:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 104.198.2.251:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | 12.82.128.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 34.174.61.199:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | 251.2.198.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.61.174.34.in-addr.arpa | udp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| ID | 34.128.82.12:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | 23.178.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 34.29.71.138:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 34.143.166.163:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | 138.71.29.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 34.67.9.172:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| ID | 34.128.82.12:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | 163.166.143.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.9.67.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| NL | 34.91.32.224:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 34.174.78.212:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 8.8.8.8:53 | 6.218.225.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.32.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.78.174.34.in-addr.arpa | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 34.143.166.163:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 34.174.61.199:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 34.41.229.245:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 8.8.8.8:53 | 245.229.41.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 34.174.206.7:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.15.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 34.41.229.245:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | 7.206.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | 20.15.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 34.41.229.245:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| ID | 34.128.82.12:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 34.174.78.212:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 34.67.9.172:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| ID | 34.128.82.12:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 34.174.78.212:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 34.143.166.163:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 34.143.166.163:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.168.225.46:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.94.160.21:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 34.143.166.163:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | 46.225.168.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.168.225.46:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | 21.160.94.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 34.174.206.7:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 34.162.170.92:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| NL | 35.204.181.10:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 34.29.71.138:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | 92.170.162.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.181.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.168.225.46:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 34.29.71.138:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 34.29.71.138:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 34.143.166.163:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| NL | 34.91.32.224:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| ID | 34.128.82.12:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 34.143.166.163:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 34.41.229.245:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 34.162.170.92:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 34.174.61.199:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| NL | 35.204.181.10:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| ID | 34.128.82.12:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| NL | 34.91.32.224:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| US | 34.29.71.138:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 34.174.206.7:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 34.94.245.237:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| ID | 34.128.82.12:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | 237.245.94.34.in-addr.arpa | udp |
Files
memory/2892-0-0x0000000000400000-0x00000000004B5000-memory.dmp
memory/2892-1-0x0000000000A70000-0x0000000000AD7000-memory.dmp
memory/2892-6-0x0000000000A70000-0x0000000000AD7000-memory.dmp
memory/2892-7-0x0000000000A70000-0x0000000000AD7000-memory.dmp
memory/216-12-0x0000000140000000-0x00000001400AA000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 4eea324a5c55c057eb2af7902216688f |
| SHA1 | fc9b3d2297fa55537e8072a74762d2593289ce97 |
| SHA256 | 83ef28f64dd750fd50821bb9bc5f468afc71b04c4e984b8e70ed35837344597f |
| SHA512 | cf1968f3dd1cb8f8d372f9809bac94819205a9927a2224678d18bd6202ee5cc4f9cb6cd7fdaad3693e8597aa7d7c1f3f250f1f4908f4eb5d7e74c0d78fb9dfc4 |
memory/216-13-0x0000000000520000-0x0000000000580000-memory.dmp
memory/2892-18-0x0000000000400000-0x00000000004B5000-memory.dmp
memory/216-22-0x0000000000520000-0x0000000000580000-memory.dmp
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
| MD5 | 19357eb6df6a96bf4f6168c9a19d8ef6 |
| SHA1 | 435d8c95e0c179b0b82e4a0318007e7d73d5b261 |
| SHA256 | a35193e37e8553172d583fc2fe50c4a8b197af7fb0246fde4891acb9ba45fa0e |
| SHA512 | f41c1edf4d49ea544118c4e2dba39e5949d6a4d945a19825239c671b908e7ff6b7dd621ee7ccd83c334018fb5b172a3a7fd0db77ac3054c099c2edb75d906d40 |
memory/2200-28-0x0000000000C60000-0x0000000000CC0000-memory.dmp
memory/2200-27-0x0000000140000000-0x0000000140237000-memory.dmp
memory/2200-35-0x0000000000C60000-0x0000000000CC0000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | 30b1a32186320f97de3b0b620c76d6ff |
| SHA1 | 1a0b1cc76c5cafd67e9653ff443bec0be1a1640d |
| SHA256 | 1f6102b35b8af9af40bd28aa024cb8e224035030fb6cb42ec606fa39a8d3b4eb |
| SHA512 | fa931c3ccc9f014cafa50f119bacca7bf8151adc8adf4d11ff2ecf0f1bb21f5ce7b4f1cac2fe895c01d77989283504767362562bf915c3d897291c35e17f8c43 |
memory/932-39-0x0000000140000000-0x000000014022B000-memory.dmp
memory/932-40-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/932-47-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | efe1dc1c1f1204c40dce9f0e2dc21180 |
| SHA1 | cc68e0c912575b3e17c127da82b058cc10b9e6f6 |
| SHA256 | 5fc954b8c06ccf30c5baa087380c1fddc681bbb36ea0d21e5b135b4660911536 |
| SHA512 | 6018ef920b3bccd23c4e40beaea8ce199f189eec8ecdc1d64a567f9297e3c64ad0fb0fabe303f6f713d2761e4d8c87aa2b4482c37f5bd310d23e268eb1d87d07 |
memory/4488-52-0x00000000016A0000-0x0000000001700000-memory.dmp
memory/4488-51-0x0000000140000000-0x00000001400CA000-memory.dmp
memory/4488-58-0x00000000016A0000-0x0000000001700000-memory.dmp
memory/4488-61-0x00000000016A0000-0x0000000001700000-memory.dmp
memory/4488-64-0x0000000140000000-0x00000001400CA000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 322a0948a1ef4af2e6fcaa1af992d229 |
| SHA1 | 0b832116a334e9053713a40c09c1f67279acb2b3 |
| SHA256 | b50286b317cd89adaff5d638e0d22daa6c587e0d4da8e10d777ee24f2b8418d0 |
| SHA512 | 6a8af47e34d2306a120fe6b4f6c1e758a27877a6acf389d65495535ca5f5c652235f5bf6179e076a5e426a9b46288b9820b2e9ba6288161e51b8cb3586cbecc1 |
memory/2432-67-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/2432-66-0x00000000007E0000-0x0000000000840000-memory.dmp
memory/2432-73-0x00000000007E0000-0x0000000000840000-memory.dmp
memory/2432-74-0x00000000007E0000-0x0000000000840000-memory.dmp
memory/216-169-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/2200-233-0x0000000140000000-0x0000000140237000-memory.dmp
memory/932-237-0x0000000140000000-0x000000014022B000-memory.dmp
memory/2432-240-0x0000000140000000-0x00000001400CF000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | a9b5deb82091e3236519720d4dac4dad |
| SHA1 | 5f49d817528688559cd43d93d3b3095ce0da10d6 |
| SHA256 | c717d7f0884ee362b85e77166fc1914630c32c172d81abfc4012acee17195482 |
| SHA512 | 6b626323f6978c0729b298b10434727d1bffd668d852d31bd6878b051914ea421e6077090862149acd83d79e7c2a7e7a0676ddbd5485cd66b6cc9be67eab421a |
memory/2652-245-0x0000000000690000-0x00000000006F0000-memory.dmp
memory/2652-246-0x0000000140000000-0x00000001400A9000-memory.dmp
memory/2652-252-0x0000000000690000-0x00000000006F0000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | 5e19609bae29ba5fd3a31f400a17a286 |
| SHA1 | 99ee8660bd8efa164156d15cac1a78ce4739df33 |
| SHA256 | b6252e08fd5653ae13c18f4953059a6a7e950fed7bfe9d2d0cf8252fef2119aa |
| SHA512 | 360485340232e02df372e56da35a95193595ad00a3af517da668901e97521f3b457a1f6a426d5e573f926f242114a8274f6260cbc913e5a87e187d682b3f6a56 |
memory/1452-256-0x0000000140000000-0x0000000140135000-memory.dmp
memory/1452-257-0x0000000000E80000-0x0000000000EE0000-memory.dmp
memory/1452-264-0x0000000000E80000-0x0000000000EE0000-memory.dmp
memory/1452-270-0x0000000140000000-0x0000000140135000-memory.dmp
C:\Windows\System32\msdtc.exe
| MD5 | cc1a70b604b32545bf3493413a1a8dcd |
| SHA1 | e050623dcf95858c1c1c5bcbb0c1e3b41bc6214e |
| SHA256 | 0fbcc6927fc9adf6477b037ec90594259151163a8dcd57e529ffb69a50c6ad81 |
| SHA512 | 32f4bedb75dc7418d1feb1fc66a77d87bb6a16f05c2926a6c4e0a330c5a0da1d1fa05c786471ed66bf5d32d7eb02b7e04f1300826b350af08ddcd32353ad812f |
memory/1452-273-0x0000000000E80000-0x0000000000EE0000-memory.dmp
memory/2888-272-0x0000000140000000-0x00000001400B9000-memory.dmp
memory/2888-280-0x0000000000510000-0x0000000000570000-memory.dmp
memory/3236-286-0x0000000140000000-0x00000001400AB000-memory.dmp
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | 5f205ae608e3fb7c09a4925374dde444 |
| SHA1 | f6fb2e0bf660e0db26a023c5d171806f40a2a6ba |
| SHA256 | 6592cbd62effbab4af89c1b2b82e6fd5ab85b90464eb5748db8fa74a9ef9417c |
| SHA512 | 652fd95003791bc464e0cb11d80a3bfc86ebefb3f65924c8acb9c03f785682931cf9bc8644ef12d6cebabb9b66aba91d57691e3e9d6109d7e10934f4d141977e |
memory/3236-298-0x0000000000C10000-0x0000000000C70000-memory.dmp
C:\Windows\SysWOW64\perfhost.exe
| MD5 | 2d6e27846a826f240b66cb10781fee50 |
| SHA1 | 3c3412862b9e63c5fccb86802fb491cbb13d7388 |
| SHA256 | a9254b5961400aa05e7554e505ed1b23e5ca29f668a60f83774ea2ab04ec6905 |
| SHA512 | f145cf26d9242d88ad4c8e03c2c2953e56ac405dc176acf143979a3059961eddff8711881cbafada14ef1b0fd84361ead1a8eb2bfb8c5cb575699c22443d4d23 |
memory/60-301-0x0000000000400000-0x0000000000497000-memory.dmp
memory/60-309-0x0000000000720000-0x0000000000787000-memory.dmp
C:\Windows\System32\Locator.exe
| MD5 | d0941bc7cb47276f896ce7bfe9071f01 |
| SHA1 | 08c784b370b2d3af7e53444c6b427de62bf18ec4 |
| SHA256 | a386f82269cc875f5c8fa5e445ddc9a57012647de4debfc8c08b7dfb06a50996 |
| SHA512 | 4432dc8d344e988be3be44796e900de3cea22b2c820e5b2f7b456f4ab789a12f317c32b19d617edbed2646a80b18296772f4f7041d9422f6503c12922d6d2fff |
memory/3808-313-0x0000000140000000-0x0000000140095000-memory.dmp
memory/2652-312-0x0000000140000000-0x00000001400A9000-memory.dmp
memory/3808-322-0x0000000000520000-0x0000000000580000-memory.dmp
C:\Windows\System32\SensorDataService.exe
| MD5 | ac12f517d5493498b03f6bec3efc4c98 |
| SHA1 | 4656b8d3c75478911b76b60e6b2f2c9529e5929e |
| SHA256 | b2348a5efaf1bdbc61a9e906da996124c1abb2a632418a368cbd6f36f9e38294 |
| SHA512 | cd9ae9c23c2ffb60487088ab2e3a013575ddbf150628f7f916c19892c6e166a5144882c2a897780a05271a2df748d9c43a1c45f95928db0c47c4a430e5722ea2 |
memory/836-325-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/836-332-0x0000000000760000-0x00000000007C0000-memory.dmp
C:\Windows\System32\snmptrap.exe
| MD5 | e46a6acc2e2bf7f61a5f409f5a97f282 |
| SHA1 | d78eb39a017eb780c2318624203858ae8286188d |
| SHA256 | f911255ee7575e6e8f4a58fb5b953e82dcf742c2aa7570b748524dbe1c768c7f |
| SHA512 | 9ff3fd0b5ca62ea22a28f32aa165499f50c7fc28e13be4b37bfba9c1bdf09fc2fb23c3fd3129f60e3504035c12f2ee548323bdbc79e89f827bbcaa9d010db4be |
memory/2888-339-0x0000000140000000-0x00000001400B9000-memory.dmp
memory/1188-341-0x0000000140000000-0x0000000140096000-memory.dmp
memory/2888-347-0x0000000000510000-0x0000000000570000-memory.dmp
memory/1188-349-0x0000000000710000-0x0000000000770000-memory.dmp
C:\Windows\System32\Spectrum.exe
| MD5 | 0aa3b8e018a6dcb81412dc207a976fc1 |
| SHA1 | a114507548085371be97a966a2202109ad7667b5 |
| SHA256 | 82b61619e7eb168b71eed28b391965338ee467f0055eb7c01d840c2e0e5f16af |
| SHA512 | b4a05bc9e0e263b88b625f2be7a839ceccc20c5697a3e4f3fc62d5d0d35a1b970fa1a062b58114e5a0d3f77207f8aedded758ab6c21f2dad88cc628bce729deb |
memory/4020-353-0x0000000140000000-0x0000000140169000-memory.dmp
memory/3236-352-0x0000000140000000-0x00000001400AB000-memory.dmp
memory/4020-361-0x00000000007C0000-0x0000000000820000-memory.dmp
memory/60-366-0x0000000000400000-0x0000000000497000-memory.dmp
memory/1556-367-0x0000000140000000-0x0000000140102000-memory.dmp
C:\Windows\System32\OpenSSH\ssh-agent.exe
| MD5 | 17cb4815076762885c8d276320e976d1 |
| SHA1 | 21830d14b020769589a061e19787e374429e5197 |
| SHA256 | ee8f67cad1bd58857935dc1090fdc0fb3b58dc21c4cbf099926ea0f24d963606 |
| SHA512 | 616a9a0fdb01bf14ff30b1b1ef34d1eb1335d91298481e3763bb965043f2da6b6570c30878aaf20ac542c0dc65d85918d2db15da3081825f6754d75df068b34e |
memory/1556-376-0x0000000000440000-0x00000000004A0000-memory.dmp
C:\Windows\System32\TieringEngineService.exe
| MD5 | 28bfbb8442c2c4e27adc35f860316ef0 |
| SHA1 | 4e1dbb7a8590f08c20ed8f64ef38adb91999212c |
| SHA256 | 06515357c89e5c605ee3bc4a836a6d918cdcca2bbc65e7dfc328b7109e1a24a2 |
| SHA512 | 0bb8d513222517ca9962566772bd1b33477e351b4c884b0b5573d2097725f6dafcdb4aa94621ca21c6a49056f68a94c9ca10bee8f4e1586d64270bc6454ea700 |
memory/3808-379-0x0000000140000000-0x0000000140095000-memory.dmp
memory/980-381-0x0000000140000000-0x00000001400E2000-memory.dmp
memory/980-388-0x0000000000800000-0x0000000000860000-memory.dmp
C:\Windows\System32\AgentService.exe
| MD5 | 12aa05a6c5959be95a05d7c9abc7ffe4 |
| SHA1 | a33c1aad650f7ed088be69140278a2b7e97117b5 |
| SHA256 | 8dfa2ee69a655803a7bc0efde101d4c28459c7796257f3815a73ae4e7fb9d745 |
| SHA512 | 6273c428b59c1fe78548d7d22277d5c92531c283785108e3ce414a1932192afa06f8d4dc84efc2ea7501f86dd8edf248f674da1d52e441dc2888c3f5808ba34e |
memory/836-392-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/3136-393-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/836-402-0x0000000000760000-0x00000000007C0000-memory.dmp
memory/3136-403-0x0000000000750000-0x00000000007B0000-memory.dmp
memory/3472-411-0x0000000140000000-0x0000000140147000-memory.dmp
memory/1188-410-0x0000000140000000-0x0000000140096000-memory.dmp
C:\Windows\System32\vds.exe
| MD5 | 2e4a87fc27d9a062899d8c4e28d53e12 |
| SHA1 | 8c3fab5069c50dc78c182bbfd26095b138ceacc4 |
| SHA256 | b22f26d16f219b2b099956cfe7a53a54493053198edf4c10ddb25e824b9c111a |
| SHA512 | 0f6a9fdf317fc19b2537c348a8fa86064e59a9f65967aca472713d25ebb1c43cced3a67c8ebd79b3fc3255419d47be29cb6b321f11ae32455746dbcdd0245ddd |
memory/3136-408-0x0000000000750000-0x00000000007B0000-memory.dmp
memory/3472-419-0x0000000000C70000-0x0000000000CD0000-memory.dmp
memory/3136-407-0x0000000140000000-0x00000001401C0000-memory.dmp
C:\Windows\System32\VSSVC.exe
| MD5 | 3e4f95f2a85cecaa3428b23b8d6e7d26 |
| SHA1 | c8ef8e98f8be795e01633fbf99c50b7cec540ff3 |
| SHA256 | 9fd82a095daa2f277339c17bcc42fd78ef882866663571b55561346186278fc6 |
| SHA512 | d8441647bbedd2232b6c4e3b1d32bb10ef673d615582ca3b51fb19a25968545cc932b6d78b90fe27381abd2fe56bc835872123cbac07c938386f02f9e1a1dd61 |
memory/4020-423-0x0000000140000000-0x0000000140169000-memory.dmp
memory/3228-425-0x0000000140000000-0x00000001401FC000-memory.dmp
memory/3228-433-0x0000000000790000-0x00000000007F0000-memory.dmp
memory/1556-436-0x0000000140000000-0x0000000140102000-memory.dmp
memory/3732-438-0x0000000140000000-0x0000000140216000-memory.dmp
C:\Windows\System32\wbengine.exe
| MD5 | 73b9bdc411a85727ecc3dcc5b5e34f58 |
| SHA1 | 24c7aeeebca63d23dd438b78418be2eeb0eddbed |
| SHA256 | 9442af8c4bcc6d95e5a754f95e72d9f8adde0cfdfbf7647de5086a3787279bf6 |
| SHA512 | 783ab3d6486d47e6c08a35066c6e1c4b08d4a6f4bcb2c3261eaa89fcdbd6b64e18e8d4a91422f400d9bd0984bbcb75412b4d304d908ee88c4f81219e7dc3fed7 |
memory/3732-445-0x0000000000C50000-0x0000000000CB0000-memory.dmp
C:\Windows\System32\wbem\WmiApSrv.exe
| MD5 | 6b7e496b075c460e0a3f1a3244f79628 |
| SHA1 | 1137266dac754fa82243a3920e3402e6fba34ef7 |
| SHA256 | fe45e5c575c30eac1bc029449a88e29f94e833950e7d1786f1a877aad0850f91 |
| SHA512 | 9c9af0bdb8bf590f7c95776ede2a4a7794b8a02748e4418c1da34f70af2b24d0ddd8bb257c7286536796eb623cfc0dd127063c145722a9cf768b34f169ce8dcd |
memory/980-449-0x0000000140000000-0x00000001400E2000-memory.dmp
memory/2316-450-0x0000000140000000-0x00000001400C6000-memory.dmp
memory/2316-458-0x0000000000700000-0x0000000000760000-memory.dmp
C:\Windows\System32\SearchIndexer.exe
| MD5 | 2d263df1311de655b758fb3c7212f6d4 |
| SHA1 | ea95d5aa456959c1cc1b52395f07a9ceb719d05b |
| SHA256 | 367c21e4bbb5cf6b71236b5c7c5adc9301fa235d5e960b86176b6fc0f6d0b8bd |
| SHA512 | 862f3e245ebe3f24e3b3c54a6cf35153dc1f35303b405f143e3421eaa507559d3098d6f5d64ac49737c3309b11409176a2bc599d8f72255942f4e9dc99b10320 |
memory/1272-463-0x0000000140000000-0x0000000140179000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | cc254febf3bdde61d39e18f4e0fe3f09 |
| SHA1 | fa44c03b2938401062ddc59de0a2bf959cfc30f5 |
| SHA256 | 61642ea333ec9cbfb6048b9218a61b85fa26a215e6922cd01de25d4a373f8efe |
| SHA512 | 596d6964d757bd007955c9ef6311b2673467f874858366b7bd1df278079c8a58a3cc2aab835821c5da2515163404fe3c5b27041ff2c514a8b5407c52b70e4a16 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | e2a7ba3a345b54ddc12fa07853413ec0 |
| SHA1 | db47e464abaafdd0137dfadb1ef9ed1d3f6ea441 |
| SHA256 | 49dea682eced021c68a3e9bbcd8343fe02f447ab42d32f9e4ee592f74fdbc8d4 |
| SHA512 | db3af6eb7c5cdd015f45fdbf5dbf305064f25c6ed07c32fc754c1e539c5a07e188cce5271100ebf86c49912ee8e57fcb79e4f8fb292226215b1fbc1960e5df29 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | e7005d7d69e58fe9c5b08f4e3d1706c2 |
| SHA1 | 63de0e01a47e8a0c58bdff4136c43cb871570379 |
| SHA256 | 4a5f6dce1dd85ce6ea4dfb6d20462933300d7924222d1bfb1f0bbb7729e00af8 |
| SHA512 | c229933cbf4818f0907e7398e36ec4d534c58be1acb2e8d804588d5c0df678543798316a43f761071b3c0ac4d68c853e1641017c6a7bd56c5ab7292774f4373b |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 22a137189f54562fdfd8c3f2b6f737bc |
| SHA1 | 2c820f7fc5ce8c2e1954da241a6d77175684b2e5 |
| SHA256 | a4bc98fbec6cb1778f4e1c627cc54a02458e50c7b9b73a58a6f082b8b4909895 |
| SHA512 | ad5ba660403e8d656cbb7c18fc7298daa7e03528a5a537027449e0d0f19f10f13a1f3dd656e0164ff59a8262245ce18436c31f2a8fbf4574a83e72e1b4ff84ef |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 1b52b3587326198873a0c6e12bd9e0ac |
| SHA1 | 2dbc8945b7993c5a463de68ad3d0bc821c17a199 |
| SHA256 | cdb52a08098d017628b5666cceeab546149e60859a7a9b6391c4cfd0bfd81721 |
| SHA512 | 6bf929a0f464f6b9e16eda3f1f38b901b1e5a393bafef821333ec6cd8ecccb286ca5180d0651bf8614a23694bac348f58e996164358e558ba350b5143b97634a |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 900fdabc4feff3326ff7f59a5d567c6a |
| SHA1 | cfd1719c95368b105f662d7126e7309c889f5c84 |
| SHA256 | 13813371fe7404f7707625aca5bdd6a9c7942852ac305c3ee5fee69771eb9519 |
| SHA512 | c6f449cc1739715c315a8c4c0a62bbabbc26b328e50ac0ce281db5be9b64823c8406b270121416e908e936bf0f94dfc87b461efcac7d5f2e6550c964c5fde4f9 |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | f44ceb26342d3795d707bab52d0f073f |
| SHA1 | ac72b570ee52f1b3e761fb59679e868a3074286a |
| SHA256 | 54d95816403276e669e424b756ce727d152786d00e9c4fb3ec2b77d367a02f2f |
| SHA512 | 6fe67e6bbed185b4712044afccd686c0b7f5cf8436f3446442fd20e12b0a015f41a7f593f62a85a777d020c08bc2189f115faa81a4c9871ad3a0c1481a713a1b |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | cf786572dc4c67f372ad8e4ae7c2b8bf |
| SHA1 | 951daa9c8e28276edf8e3b5b56820fe22aa64df7 |
| SHA256 | c40f6740726d3c45eec7d042af4564afd8f95fd5ff899894c639a3baa33d92d7 |
| SHA512 | 604677c336f1454cddb0fc900939a980833b4c8ded0301f98c592a139f282a6e86aee1312683e6b5eeb157010c2b7d1ce459e7364d75bc1947b7cdc2ed1b4b2d |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | 29ce63353825212501da67fdc70973d9 |
| SHA1 | 2da7f348e99d9e4f9c6752e212c0fadcae38e183 |
| SHA256 | 90aea498381b0c6be8db38c6803ab3abb5ab324c283a3e82faf9815531abc68d |
| SHA512 | 85af36e7c843e09481830af68baa4938e92b8c9a09d128ee9d081a8db1b265f55eeaa3ed25046b8ba10ca0b90d7bce778b893af70ba6dabee6b179f8d7db61eb |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | f141820564edb7473136745fa65ccd98 |
| SHA1 | 9816f4feb6db68aab6415b2427707de2ec387ea8 |
| SHA256 | 5559b2e3552af5e57fe2aab194d299b3fc884f57ca8c41587be5622d6c16fd75 |
| SHA512 | 47a0f511649e8d94d8e9ddbd76d76d3adec0d0a1d998fd5a27b7d9c1a6cab9b1af6e260300fe3f7e6ce2635343110b670c63f727d6fd25e27d19e4c58b052e63 |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | e76ede6acce131426901db39e1540b39 |
| SHA1 | 28e63df032ebee8c0acf4c2765964f04872e1fdc |
| SHA256 | 80f7b61016d7c6cc0bd2e289a1a6d26d02b9f1dbfdc9ecff17dd5e6f16dc14fe |
| SHA512 | d372be120d06e83d2426b92c528151a897a425844921b977cf2eeb5f4a5bf0762f1260d1af47beb0de842c7de97600cf5354cf0a3d7dfd42d78893a6e46789e1 |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | d731f73287852f3b1b1967a6f0126117 |
| SHA1 | 6d888fe2f239a4fef5e7d75d7f3e734b2697f918 |
| SHA256 | ef4c679282b4dcaaf11b4bf98e6d23ddad252e7c39ea11c33c2c0b08c0426ea4 |
| SHA512 | 019e7ad540a62f8da2847bbf1d2e516c036adea4faa1b995bf5aa47c07151ee2bfc6f18b6aeb05cf080d4a296007a6d7813208cbe1ef95c78a4dfc336ce88b0b |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 318815324eaba3d36a887d365e86d5a5 |
| SHA1 | 7032e0eb216fca503735712fc13d43bd95b8cbc8 |
| SHA256 | 32daa062ce4119e3d11ab29cd5f5008f1515116355a1ca48fab3605943531fa0 |
| SHA512 | a8b51098a29e66f71c3f9275a492ac43ce1cc8694ef50ae119b873c0e0a0b5babf8d969e2158ac8391065323b318242748667b71cfede75b55f96d7bdbf51cc1 |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | a8de6919ad1c96e1d52c0a50e93ea580 |
| SHA1 | 0152c66b9b197dec4e9f5fdf8d6c463f7b762866 |
| SHA256 | 090cd6f512a320d492a33af3ec3a511ae5b197622b2a22078d5d9bba18aae738 |
| SHA512 | 1e04e63481c2a98753127ec305bd58cb7d70b44867e3a35f6ff5453784c90d5f98ef874154cadc1279e87d395dffda78e75c19fb5e31dbd9c6593308879c7bcc |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | fe49c20dfab2b6b96ef301d3f725dc37 |
| SHA1 | 56123ee264375b4215c6d5727652ad407c827fd0 |
| SHA256 | a1425781064b4c68ed2675ef6a5910f29c884d283e34234792aea00f8f011335 |
| SHA512 | 063376fb6242687697a246c8a934e8595d5315de054c514772eeff98640d2093a2033aa950b25fb15af415f04cd528ae39e89f6dbb72848800e45452f87754e9 |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 3ffc133c634a77f698c7f49dce97dc6f |
| SHA1 | 348f5be151465b111da1ee2ed0cc0dd8ca4489de |
| SHA256 | 966eeda7a5d7b8fc49e632ddac69c164290856d534d29d5fffdc0bd68efb6446 |
| SHA512 | d2db2c4c0ee01af9daa12567047a4e3b52405e71432bae4af88e74df677b3676f29ec6a1f446d60f926f8bf8ddfc49c870f8b29c5439e1b97a76ed46a31e37a2 |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 11570a711340feb53a8f27f58e5139a8 |
| SHA1 | 429daf388456a040af8136b151b2bf86b97e6457 |
| SHA256 | 826985a12ea24f77dcf5fe3fdad5433a12ea4aca11da108a330dff3b155f1dc5 |
| SHA512 | 2c72c03c210896a3a2523ccb32f4a4125c5146cd16bd2ede08a2516874cea9aad2d6ef9c6d1d51af9468757ccbc6a70cd5b75d7aff999c991679892e6cacb7e6 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | 15c3fef139c3caf45c41b94e73f5cc70 |
| SHA1 | fbe38d81498779d468339db0353728aeedea156c |
| SHA256 | 275313838b7a2f085ac5d5916d0b6bc2c7e3937b5501fc89e95f192ba9a01394 |
| SHA512 | 050dc05ae2260e8775d7c5a8fbcfc0f3e53a82852eced875753fb93a3b7bda010eea8425fa2324adca658c7ed0f3d195a97d0092312287f5437632ec9125854b |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | d9b800c64e7079894346929683727848 |
| SHA1 | 1fc652b9e4eae51a379270a39d1706a63428e393 |
| SHA256 | a52e99979d7504d484a88ef6c7669dd3464f96c9ce0ebc8d8eece056efab615a |
| SHA512 | ba52a35f0f587aca7bf106577f72351b5703026ffc0e9e3b098dd04d7938b1508bb71b1ca046ae623d5cac22ceaaf7dc4b91d49f83d3e70d63d890eeb1111731 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | f750517077bea57833a0c86e121350aa |
| SHA1 | 11e6fa5b1d81fd6e3f91f5131c5f381cca24de6c |
| SHA256 | 5e31e373ad2439248a75dff12acf4065d7d74397fc1ca2bb720e5e50f3e92e41 |
| SHA512 | 882056627e4ddc31f5f1b873e12451c0672d4e5f2926182fba3e8feb5c7e5e60899c6a63f593822fa25aeff7ea65031745a69a53bfdb38f8d2c45ae1a47639f2 |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | 0e676b278657e28ade95359bb1a6acfd |
| SHA1 | c9d9665166ac9067f443f07c89a5010594ef8615 |
| SHA256 | bf429b160b3df115b6b292dede7f7a420bf4235d0995ff9604c0d3ae0f16d5cc |
| SHA512 | 92ccaccb0fd09c96155173d9ea8eaf8cb7a8f0c634f861311a09f8645f0cd36b533361113583515944d0481f0cd986cd7abc6b86947c5e0e9f5c9e2b5172f4cf |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | 56bc9d4ca4a9661dff0a292a985190e2 |
| SHA1 | 7a96a195ae18b672a95af7d8d7ef855e49accfc3 |
| SHA256 | 1f0c3f432a695c379655b7fd6ec96638bbcce28d9c0f40c397d19eeec68811df |
| SHA512 | c200e1e71164a72636a4ca015662deae94c11d227f0fc219a351f1aae1f9bf5f4128fc1df6f746e69423c3c7956bbbaba0a4e920449838172a180dbfe2d9459e |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 5633f7154f743c6408ac9ee867280849 |
| SHA1 | 6e9a899f27b815a243b491888666a7e807795afc |
| SHA256 | 409c6a33df008c18c5aad50fe243dd41b7cf4db395a963200d9b9b773f12c076 |
| SHA512 | ac6a6829b9ffa33fb673c7dc159c0937036e94792dcce5c02ca699251246d631847089f7e44b44c2c13749d1c9da7243191f962b8050602cee14f229ee447054 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | 95c28560606a0b918cd22a45f5dfdc6d |
| SHA1 | b0655eb65af030d00e1ae6c92b15a99e827a2438 |
| SHA256 | 91666b412d014b4a6580e7ad93c7d644168661a2c7a22cc17cfc826fd34eafc6 |
| SHA512 | 180a7227da9caa8d54b1547bde70d14eb0a1c06e381aa34348fa4f81a71a218781bf72635a54055475b439acbe41f982c37edfad910b2ea0bc09dc4c3434ba42 |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | 2120207a58757cbd07539ad1f2f55a1c |
| SHA1 | 92e36c1af19bb392835a9b25da3b8c8826022199 |
| SHA256 | fd8ff7b0a197a0f4bfb7eb5fc646bb4086a3d119d74a6a7ae430f5ce9481a651 |
| SHA512 | e1fe79472bbb5339909d1bd9efec0b4fc3aacba88433ebe15815b6d6316835859a05d5b272c378633e641cdb6bbd65824a41889e0ee7c8a9c2bdf86281677c54 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 33cf79002de52fd145e5ed2bc81e4db4 |
| SHA1 | f83979ffc9c6ff5d14bc82d5237d42aa6323a63b |
| SHA256 | c439e2f1df61f157b73a413f3c47a2adc7b46ff738b3d9d6663f095b045fb9c6 |
| SHA512 | 375afb09c0ba2f2c010b1d0481f3a639aa92edc84d4ef667c3ea733e29c626b8c05f52fb2f95998f9d37347ab590e29cc7cc1fc9f5763f2a3e43b063a9b9d709 |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 6d90bfaab0d3dad6988c1fbb4333b622 |
| SHA1 | 1885633ee53c6d5adcc6d43adc5c10064d58d013 |
| SHA256 | be19ac52211ce95733da7bda2e4feb073455cc8ff8e087df3984f4c6af2be7ed |
| SHA512 | 4788af192f5d103b42a696464a59c4c227f1b79c0135f5e29556cbc6c4c94f9aacd4ca15bffc703439cfdd92b62d21e323fa7c70c1f3814441d141379ba4d89b |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 2b0f6f221f0750fab17b76b44907559e |
| SHA1 | 4cc5d501a5595537503acd6cb0dda6bff4474490 |
| SHA256 | 4ab6179299e385fdcdac469c32e555c9d84fad7bed17e3bc98e5b8ffe1401d37 |
| SHA512 | 8067acf428385c0f74bbc9553021922eecb373288fdbe5d8f954c8a3766ba14c36aba6ae7cac58e4a150e265930fb3ed34685ae98f568622334a412b50f4ae76 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
| MD5 | 2205316fa5e39dc0d0a5dd419f4ba2d7 |
| SHA1 | 614b7aa80017c240faf6b97a153a1327b1750393 |
| SHA256 | 163c11c83b4acfda6d3a66d2891f1d405790c937d3be6dc929d7679bb5929785 |
| SHA512 | 2e6666c564a42bc7faa895594bc46cb4c277154ff405825bcf99a77fd99bc815085c94ae040197ef7a54833acc36e36d5a172cb7386d266f3c8c953d1d35c508 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
| MD5 | d8c8b7236a9901a83276d0f6355a8e3f |
| SHA1 | 71f2279f9c644d4f98b55c165c354baedb0148a4 |
| SHA256 | 905c31515375b85c1cb80d2a2a80dd381dcea718415be9e5f542123ff5a4d2f8 |
| SHA512 | 8981490233411660cc4625ebdd4e24fe163507d9a0b2b713e9fe9453c977685b90e50f0298f350231d507987a4908e3bf590d92d6bae7748efb776a8b84cb836 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
| MD5 | 251699f2be9ab8dd94188a5a04919d60 |
| SHA1 | cdc21e9bcc147d0c57d40ea44c9c35d256d91673 |
| SHA256 | f3a6df923000e899a7f3fb0cf15ae81bae9a8752e234284eaed040d9de5df3fb |
| SHA512 | 377e04ce65bf7ba3c910012da0670e41ae378c83991e1774cd99a32237b27547dd834a87845ba8f60550f65eb62dcefa7bfc4fc7ec927fef995f93ad62e8fb45 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
| MD5 | a23fa599fef366a772ac016c9c7ef302 |
| SHA1 | 61534c3766b7718c9e2edeca23019e93681f18c5 |
| SHA256 | ee13a1fc85ebe8110fe66f7898d58a2526a6633aca8c1199e779b9a27e8b9085 |
| SHA512 | 54a77d7f7a84394e831288f328722eb61cd17009dfea674dde1c59cfcf634f2bed933391bf74751376a6259a0ba832ceab8a9d527dff5d839ed6171378c3a1fa |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 17aa0d625d8f1c3364f7148e9ca92874 |
| SHA1 | 5898b2f37162646310e73892e98ac74ceaa0f39d |
| SHA256 | 8608d0e6f4e09c33578fc70d78cd7ce3c3954a5dea2ab348f18c6a653951a429 |
| SHA512 | 51c37ab9fefb24f7d350a8ef8bd971416cfa728d6e5809b81f01dbc72dd0ea2f89efda29706c9be643d947ff427854f41a4904ab5679962e32794348c2440491 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 26904f42665449bd8d662b11b254603a |
| SHA1 | 13ae0978a0ca09c69a6beba00c3071596540fee7 |
| SHA256 | fc9b7fd50b2f5a684b175900697a6e9a2e762352084f6561a5dc1d3b19e41355 |
| SHA512 | 1f3cbf56a810b1e3b025d6e61b8028215a689e3c8a96c83cf32e8e212738e8de32f06d1bd4e605fc307a97554a6b2204697712671f65acea2c35cdd11098377e |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 720eb501e7bb597b630a59eff5461e52 |
| SHA1 | ea4d6fac9764c0aa5f95c82580b0b34cf85be901 |
| SHA256 | 4d86c945e7c0f146c4cd8ec7cacf60f50f8dd2ddfc21faffa9c49e8d91f656da |
| SHA512 | 8d61940e8c84cea25c5600f51da1678220aeeb6b4c8b120559a221d1e896b9ef20fd2d72f39b0fd0299df0e78221707fee2fa7e76cd946147b6c1caf716b8931 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 0c1ffaa7f94735a4ebd65b197a31e384 |
| SHA1 | 856012aac2e016ada9688242d2a5b3de7eec7707 |
| SHA256 | 0c0877643279893e218b28a4df4b4ac211aa5ddfdf8e4b63f6da3b4556f33a16 |
| SHA512 | 5ce61408fd56180b7c3390e1a3d6e0f7d2ea01d482e86d79e17bcffe681bbce1c2ed5a4d00899286f160b1a5eb5a9dd8f3320244a1ec61e73ee02f1e88d1cde1 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 1fce8d10041d817e7c5cf04d66bf3a1e |
| SHA1 | a41fe9c6f4854a13b3a7f2a0696303dd07e2d713 |
| SHA256 | 6ba6fc99beecc9ec071e96a3786d5ea1a7b992c8fdcde2c78ab7798e949d6e6a |
| SHA512 | 8e9570a81cc054c8640a6c8f0b39fdc31fac824456afa2ff559e47511b7f91b34f7c2b49d410195384ecc73ff10fc43d7b779c4e86dc0104a5eefdc62467facc |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 7ec0bed1f2e5cb46b5d3b0a0aa74d3ed |
| SHA1 | 232e2f8cc5a2b0b46e0274a051065cc65e7d53eb |
| SHA256 | 8ff522df5fbc95c803aeafaef9beb47f5d9ccedb9eb806d5f2c5823001d3d4b9 |
| SHA512 | e880f324fdce9e31ab6b811167d07e1a8417b817e1b76d33173127b13140d27bf1b8811d39d40f504b652d33c5985b51dae54f52a7e38b4af65540251aa61c31 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 065c4deb9106cfc60c984f89398b879e |
| SHA1 | 10639e56adb4f24c97d29182a64ede4e46b613d4 |
| SHA256 | 116214987c16e85da971477ffbe21666b907cac7284fa60d5dcea04fb195b254 |
| SHA512 | 42022479792be74e3adfc2d9e5a8d6b2b0b70e192c2daad7949c9c874a769fd37ba329d56d9167a9aab287a1c0277033e4cb786c1188150394b00e0343b3a568 |
C:\odt\office2016setup.exe
| MD5 | 45d7219fe5680f585ac837da393abaa7 |
| SHA1 | d00cfca3b98f7d293977e8d53dadacb35ab9f8fe |
| SHA256 | 0be7db889d8092274f9391ed116828d8c316fa078eef63e3c25052dc3f785d81 |
| SHA512 | 18d6575b82d6442460d22db5abafa93d0e4bf5d1c1d39fc0f8b94bd45516b04febe3181066ed1e89a0ee52d3c33e5a82492df457130d57227e1c2aced6cfb606 |