Analysis Overview
SHA256
5f8ed3bea7026f766bbeeb4ec8fdddcae6e1c286e7948134f00eac8e2c7a3c3b
Threat Level: Shows suspicious behavior
The file 2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: LoadsDriver
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:38
Reported
2024-04-07 19:40
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javaws.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java-rmi.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javac.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdeps.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\unpack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77625\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ielowutil.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\pingsender.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\servertool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\private_browsing.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jhat.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jjs.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\xjc.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\pingsender.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77625\javaw.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ieinstal.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\policytool.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\serialver.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsimport.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\mip.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdb.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\dotnet.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\tnameserv.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javapackager.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe | C:\Windows\System32\alg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Windows\System32\msdtc.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\SensorDataService.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\TieringEngineService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\TieringEngineService.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9910 = "Windows Media Audio/Video playlist" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d6c5315c2389da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b129155c2389da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e874615c2389da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d1b21e5c2389da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\wshext.dll,-4803 = "VBScript Encoded Script File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000004a8df85b2389da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000fdee195c2389da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000fdee195c2389da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SBE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d1b21e5c2389da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000004a8df85b2389da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe"
C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x2d0,0x2d4,0x2e0,0x2dc,0x2e4,0x140384698,0x1403846a4,0x1403846b0
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xc4,0x108,0x7ff875ce9758,0x7ff875ce9768,0x7ff875ce9778
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:2
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 351aa6df0d5863170130ddcb0a85c1f1 Ne2l+pV3RE+Eqzs3bUBV+A.0.1.0.0.0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x298,0x28c,0x290,0x288,0x29c,0x1403b7688,0x1403b7698,0x1403b76a8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x29c,0x294,0x298,0x290,0x2a0,0x1403b7688,0x1403b7698,0x1403b76a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4088 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 172.217.16.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 170.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.186.250.142.in-addr.arpa | udp |
| DE | 172.217.16.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 142.250.186.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 110.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| DE | 216.58.206.46:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 46.206.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| ID | 34.128.82.12:80 | ssbzmoy.biz | tcp |
| ID | 34.128.82.12:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 104.198.2.251:80 | cvgrf.biz | tcp |
| US | 104.198.2.251:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | 12.82.128.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 34.174.61.199:80 | npukfztj.biz | tcp |
| US | 34.174.61.199:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 72.52.178.23:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| ID | 34.128.82.12:80 | knjghuig.biz | tcp |
| ID | 34.128.82.12:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | 251.2.198.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.61.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.178.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 34.29.71.138:80 | xlfhhhm.biz | tcp |
| US | 34.29.71.138:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 34.143.166.163:80 | ifsaia.biz | tcp |
| SG | 34.143.166.163:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | 138.71.29.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 34.67.9.172:80 | saytjshyf.biz | tcp |
| US | 34.67.9.172:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | 163.166.143.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| ID | 34.128.82.12:80 | vcddkls.biz | tcp |
| ID | 34.128.82.12:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | 172.9.67.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 67.225.218.6:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| NL | 34.91.32.224:80 | tbjrpv.biz | tcp |
| NL | 34.91.32.224:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 8.8.8.8:53 | 6.218.225.67.in-addr.arpa | udp |
| US | 34.174.78.212:80 | deoci.biz | tcp |
| US | 34.174.78.212:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 34.143.166.163:80 | qaynky.biz | tcp |
| SG | 34.143.166.163:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 224.32.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.78.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 34.174.61.199:80 | bumxkqgxu.biz | tcp |
| US | 34.174.61.199:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 34.41.229.245:80 | dwrqljrr.biz | tcp |
| US | 34.41.229.245:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 8.8.8.8:53 | 245.229.41.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 34.174.206.7:80 | ytctnunms.biz | tcp |
| US | 34.174.206.7:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.15.20:80 | myups.biz | tcp |
| US | 165.160.15.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 8.8.8.8:53 | 7.206.174.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.15.160.165.in-addr.arpa | udp |
| US | 34.41.229.245:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 34.41.229.245:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 34.41.229.245:80 | lrxdmhrr.biz | tcp |
| US | 34.41.229.245:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| ID | 34.128.82.12:80 | wllvnzb.biz | tcp |
| ID | 34.128.82.12:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 34.174.78.212:80 | gnqgo.biz | tcp |
| US | 34.174.78.212:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 34.67.9.172:80 | jhvzpcfg.biz | tcp |
| US | 34.67.9.172:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| ID | 34.128.82.12:80 | acwjcqqv.biz | tcp |
| ID | 34.128.82.12:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 34.174.78.212:80 | yauexmxk.biz | tcp |
| US | 34.174.78.212:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 34.143.166.163:80 | iuzpxe.biz | tcp |
| SG | 34.143.166.163:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 34.143.166.163:80 | sxmiywsfv.biz | tcp |
| SG | 34.143.166.163:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.168.225.46:80 | vrrazpdh.biz | tcp |
| US | 34.168.225.46:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 8.8.8.8:53 | 46.225.168.34.in-addr.arpa | udp |
| US | 34.94.160.21:80 | ftxlah.biz | tcp |
| US | 34.94.160.21:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 34.143.166.163:80 | typgfhb.biz | tcp |
| SG | 34.143.166.163:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | 21.160.94.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.168.225.46:80 | esuzf.biz | tcp |
| US | 34.168.225.46:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 34.174.206.7:80 | gvijgjwkh.biz | tcp |
| US | 34.174.206.7:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 34.162.170.92:80 | qpnczch.biz | tcp |
| US | 34.162.170.92:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| NL | 35.204.181.10:80 | brsua.biz | tcp |
| NL | 35.204.181.10:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 34.29.71.138:80 | oflybfv.biz | tcp |
| US | 34.29.71.138:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | 92.170.162.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.181.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 34.168.225.46:80 | yhqqc.biz | tcp |
| US | 34.168.225.46:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 34.29.71.138:80 | mnjmhp.biz | tcp |
| US | 34.29.71.138:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 34.29.71.138:80 | opowhhece.biz | tcp |
| US | 34.29.71.138:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 34.143.166.163:80 | jdhhbs.biz | tcp |
| SG | 34.143.166.163:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| NL | 34.91.32.224:80 | mgmsclkyu.biz | tcp |
| NL | 34.91.32.224:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| ID | 34.128.82.12:80 | warkcdu.biz | tcp |
| ID | 34.128.82.12:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 34.143.166.163:80 | gcedd.biz | tcp |
| SG | 34.143.166.163:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 104.155.138.21:80 | jwkoeoqns.biz | tcp |
| US | 104.155.138.21:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 34.162.170.92:80 | xccjj.biz | tcp |
| US | 34.162.170.92:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 34.174.61.199:80 | hehckyov.biz | tcp |
| US | 34.174.61.199:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 8.8.8.8:53 | 21.138.155.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| NL | 35.204.181.10:80 | uaafd.biz | tcp |
| NL | 35.204.181.10:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| ID | 34.128.82.12:80 | eufxebus.biz | tcp |
| ID | 34.128.82.12:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| NL | 34.91.32.224:80 | pwlqfu.biz | tcp |
| NL | 34.91.32.224:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| US | 34.29.71.138:80 | rrqafepng.biz | tcp |
| US | 34.29.71.138:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 34.174.206.7:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 34.94.245.237:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| US | 34.174.206.7:80 | ctdtgwag.biz | tcp |
| ID | 34.128.82.12:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 34.94.245.237:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | 237.245.94.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| ID | 34.128.82.12:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 34.67.9.172:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 34.168.225.46:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
| US | 34.67.9.172:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 34.168.225.46:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | ocsvqjg.biz | udp |
| NL | 35.204.181.10:80 | ocsvqjg.biz | tcp |
| NL | 35.204.181.10:80 | ocsvqjg.biz | tcp |
| US | 8.8.8.8:53 | ywffr.biz | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
memory/1780-0-0x0000000000510000-0x0000000000570000-memory.dmp
memory/1780-3-0x0000000140000000-0x00000001404AD000-memory.dmp
memory/4216-12-0x00000000020C0000-0x0000000002120000-memory.dmp
memory/4216-13-0x0000000140000000-0x00000001404AD000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | b81a9c12405919f7ed40ff37a0f3e3da |
| SHA1 | f980b689d5ccf267266254f86347ef212545ed88 |
| SHA256 | 32dd2849828ad8b5f87b2a2038acaf2956d61584609431865237b90dd4041c91 |
| SHA512 | 1d550a6aa5e6d7b8ec9e52d085adea145fdd9be376274975dc94a589911790f9955ad42d603cc3134f95a532f440d79401799474e11f4b1eea8cdcef0bb2fc1a |
memory/1780-8-0x0000000000510000-0x0000000000570000-memory.dmp
memory/4960-17-0x0000000140000000-0x00000001401E9000-memory.dmp
memory/4960-16-0x00000000006E0000-0x0000000000740000-memory.dmp
memory/4960-29-0x00000000006E0000-0x0000000000740000-memory.dmp
memory/4216-27-0x00000000020C0000-0x0000000002120000-memory.dmp
memory/1780-38-0x0000000140000000-0x00000001404AD000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | ed934bb42e908b65468501ef47d375e7 |
| SHA1 | 449eed75ed041b4301ad5049fb27f526f8e620e5 |
| SHA256 | a144b757ceaaa38b14001908e4524269736b30e4ee3548883f2d9c1f403f14a1 |
| SHA512 | 77ae06736592a690a229b57730b2f4abb4d924bcbeb5c67a60f424bb6678fcb72f1481154018ca60603b246bdd10933952bb1324b76b7b1649d9b79795919cb0 |
memory/4952-42-0x00000000007E0000-0x0000000000840000-memory.dmp
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
| MD5 | a31e411522cb4b16a770653cdd09508a |
| SHA1 | e5d48487c967dfb685eb397252ac7aee9caac806 |
| SHA256 | ea0be9524882b3a945746e4bcb3a41580230ba9c035c32cd3621be06c2df6acb |
| SHA512 | 9dff95a558ebaf5622d7f0092e7ccda10e49bbf780c3280fb97b7e6e444a29a3ab9784f1d4c19c847177595d46667ffe1a059a7c226c4c828effd3e0474b47d8 |
memory/4952-43-0x0000000140000000-0x0000000140237000-memory.dmp
C:\Users\Admin\AppData\Roaming\b5d0db02c4fd1e7a.bin
| MD5 | ca58b559d9edf7475d92ec5b15367423 |
| SHA1 | a95d2afe690a272063bc3dd9a8cec552015f95e7 |
| SHA256 | 5271487f8fdcfedacf72d324e135523f7918762c9c0bc354d8673e31d8818248 |
| SHA512 | af0c685318919aeba0d416c471c19c7674d1f15f75c7b26cd6625216ab9d8d3a21d511f551d224d633dca7f6e70ab807b80551140bfa0a14bd1745e553914415 |
memory/4952-51-0x00000000007E0000-0x0000000000840000-memory.dmp
memory/3612-56-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/3612-57-0x0000000140000000-0x000000014022B000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | bbe66acbb797e42efcc859dc8fab69dd |
| SHA1 | b81d5717ddadafc8bb8ef98051e3f3c6f40cac31 |
| SHA256 | 4e2e022bb156156e00cfcee8362290d9cb19bc4e4a87fd5c48f0aa846188bc06 |
| SHA512 | 61755d7a915f78299e6b985eec76715dd3331c72210b1a95ccafa4a31e2dc5f56e68165d00f7e1de597f144296494b0f47da64e08dbc1f09ecd5a9143d0b3252 |
memory/3612-64-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 6a9f571b5d97ebe386baca6c5da6d58e |
| SHA1 | f703dea95db98a62ea7b2226cbac6e9db303f789 |
| SHA256 | 37558427e86c2f07e8cf1a1beb15b9c16e89e6b89bb0300e27550e867b1c3021 |
| SHA512 | 9624e9835c01e6fb69870191ba3628067171fdab70f1291af0a8b615c5d85e3f49d6605972538f3965c7e14a0d148cf0087a75f95623b5908ecee4120385ea8b |
memory/2176-68-0x0000000000D10000-0x0000000000D70000-memory.dmp
memory/2176-69-0x0000000140000000-0x0000000140209000-memory.dmp
memory/2176-75-0x0000000000D10000-0x0000000000D70000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
| MD5 | ef36a84ad2bc23f79d171c604b56de29 |
| SHA1 | 38d6569cd30d096140e752db5d98d53cf304a8fc |
| SHA256 | e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831 |
| SHA512 | dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be |
\??\pipe\crashpad_5016_YTNRHXPYZHSJLBPX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4584-100-0x0000000140000000-0x000000014020E000-memory.dmp
memory/2176-97-0x0000000140000000-0x0000000140209000-memory.dmp
memory/4216-96-0x0000000140000000-0x00000001404AD000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 7530c39f41e862a9d0ffae6095ebf859 |
| SHA1 | 4dcfcd8965ffc4984f1fbad3b0aa8a102430a870 |
| SHA256 | df77c65d3d027225dd4c65e3080ff8d5069f5b98d6a7c64e446b45b50bc455bb |
| SHA512 | 4e4336894293b64fb310cf6b00eb3301222f43129c071acbeb743a093f64678f3b5867fd045a6ba1519af0cd4a57a1590dbf2fd7a5ed138f2a6fef54f446436f |
memory/4584-90-0x0000000000710000-0x0000000000770000-memory.dmp
memory/4584-107-0x0000000000710000-0x0000000000770000-memory.dmp
memory/2176-79-0x0000000000D10000-0x0000000000D70000-memory.dmp
memory/4952-112-0x00000000007E0000-0x0000000000840000-memory.dmp
memory/4952-118-0x0000000140000000-0x0000000140237000-memory.dmp
memory/4960-273-0x0000000140000000-0x00000001401E9000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
| MD5 | 018820980348c4e20d7c348e2be5f0bb |
| SHA1 | 1f3372a42ccecf4750700e75e67cd08ec28208e9 |
| SHA256 | c5f459b0f7bd86c934e5bb55b88131d153bbfc67200f274f127ed130b975a366 |
| SHA512 | c2644a3429b49bd629d2392639bc31ff9b90a220accf21bd4119abadc38bc20682d92c41256a9a3f9745708925fac1d0db9ffd393debc90bf2e6e9dcd2a8d245 |
memory/3644-287-0x0000000002090000-0x00000000020F0000-memory.dmp
memory/3644-289-0x0000000140000000-0x00000001404F5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
| MD5 | d0b8f235916d3d9ea2c0452629069865 |
| SHA1 | 244735e63728fbcfc316da6b21a737661bae9f93 |
| SHA256 | dbc0b68fe9c4d24363763997cf1e5fef70738a2763d5aa9b626223d8d93ade4f |
| SHA512 | 4ccb6b4b88da3abb0e182ebe8c14273425c99c2de30231b80f719ac50d0e67c197dcfe7046c5405ea561ce5c81a224242c0e128f291b62c67d4165bf8b008ce1 |
memory/4500-301-0x0000000140000000-0x00000001404F5000-memory.dmp
memory/3644-298-0x0000000002090000-0x00000000020F0000-memory.dmp
memory/3612-308-0x0000000140000000-0x000000014022B000-memory.dmp
memory/4500-310-0x0000000000810000-0x0000000000870000-memory.dmp
memory/4224-316-0x0000000140000000-0x00000001404F5000-memory.dmp
memory/4224-324-0x0000000000510000-0x0000000000570000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
| MD5 | f267c362bc62e1dfdf991434d6a995d6 |
| SHA1 | ccf87019ec6c889c48be19be15cbd2ea2c401491 |
| SHA256 | becdebd978e700b22a0eed2aed421c9388779a1865ead25ef0e1edaa4d1c9b2c |
| SHA512 | 834438146fda6067894d6a93da9930f7199fc7e1d5bbf61265167cf1df3b16f1196a55575e674768a2d8ca73c8345772b8fb29b6477ea2949288ae346b65b6f3 |
memory/532-328-0x0000000140000000-0x00000001404F5000-memory.dmp
memory/4584-336-0x0000000140000000-0x000000014020E000-memory.dmp
memory/532-339-0x0000000001FE0000-0x0000000002040000-memory.dmp
C:\Windows\TEMP\Crashpad\settings.dat
| MD5 | 2100de2aad08d29a00d3c437d14c3e51 |
| SHA1 | 36f743b567967691732dcc12be982ab5af66dcdf |
| SHA256 | 7f178b514e08273f35498e058197130f73ccae9a935c71a2c876973b8922b33f |
| SHA512 | b391cc0e4803611ce3e2947e7160d43b417dd94aff9e607952b434fa1973b49cba10462a72b620a4bccbdbdd6ccf3214a782324e809e57f40df4abd65a249f36 |
memory/4224-347-0x0000000140000000-0x00000001404F5000-memory.dmp
memory/4224-348-0x0000000000510000-0x0000000000570000-memory.dmp
C:\Program Files\Google\Chrome\Application\SetupMetrics\54ef9155-ddee-4a62-a436-c33ffe2d6312.tmp
| MD5 | 6d971ce11af4a6a93a4311841da1a178 |
| SHA1 | cbfdbc9b184f340cbad764abc4d8a31b9c250176 |
| SHA256 | 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783 |
| SHA512 | c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f |
memory/3644-360-0x0000000140000000-0x00000001404F5000-memory.dmp
memory/3644-361-0x0000000002090000-0x00000000020F0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d9ed64673352f41fecfd826934148acc |
| SHA1 | de0c1ad387c4e8aec7fb646f034ca5d33c10e419 |
| SHA256 | d7833100938b9e3a2ee3a753676027e3c17a412ea0d5a9d6ad25acf9c468d856 |
| SHA512 | d218491b34fbce37a882ee0edfd9c434b7e312e15e39287a394d717b63b106b154533aeeab7ec6490ab99dea66e4d91fd2f10ed6aa629ea3d6c0f32eed4d4354 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 16c67a19ffb70796b695fcb94e094f8e |
| SHA1 | 3198287938d865843deb8aa00fd63ca1050b8ed1 |
| SHA256 | 6fb5014477dcbde5b1e65f2f3d34cc8ab429e7425f034d31d76bc4536a58f89c |
| SHA512 | a661e77ac8cb6f05cad162d63ce7630dba03e0fa15d8beb41c6c19bbebf957516a47b5663bfd40aa85e88545d5c88fa442d2e18013f61222e7980c7b9f8613e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe5768cc.TMP
| MD5 | 96369edd1a4ffbe3b82168be4cf74b6c |
| SHA1 | b3fcff571d5bdfa454dbdba1993921f374561acc |
| SHA256 | 99957138c3a3b80e8db4d353e5990f2d0f9dda00f16402c4c918657c7c155c61 |
| SHA512 | 702ea20ec2cc6f6b526759ef549c9cad339c69ee3d2c3c2e7eab8323273049d0ce333abab50e4d4abf860389c417c5e88a526a7dfd84c7354b3e3b868e999d35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7ee47bd8a588ce4383ac5bec1f86f6a1 |
| SHA1 | 1c846927332ba4e9f5e1b10c964f1c1a7146b334 |
| SHA256 | 2d7587e7df93fafec1ce0e9606aee890b57bbd36fac9fbc3326a604f9264a78c |
| SHA512 | 47c604aafcf0fa4fa754d80df4f0779bd3f166a8f16d4500a9109132aa2359e36841d72297f5396d84639e75ee201c443dc9a22c2c1aa77e4a48ed85cb56fb10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 7b424514d6fbabfe24633f34962f06cb |
| SHA1 | baa2d90923de5893f9c016d5261d39e39b8a2ce4 |
| SHA256 | 1a05d87885293a79110ae716239b7becdf20efa95255c6456ab5496e8028e609 |
| SHA512 | 6ff3950ba49c884c0b023714a7281a52140053eaabdadcdd7b88ddd43def9930d6926255bedf327adb07b50e1735747e9eb3364be17b00cf1b0f6a4dec180869 |
memory/4500-396-0x0000000140000000-0x00000001404F5000-memory.dmp
memory/532-399-0x0000000140000000-0x00000001404F5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3cb2229bfc1dce315b2826d443aac3ef |
| SHA1 | cfe8080a964d5a938eb92827d5456e0c922567b1 |
| SHA256 | 47ad469b89bd6ceab5146bcca9665d4dc5e6160d2ce00ddc9299a92e7de7314a |
| SHA512 | 419fb40498d6e29c0dcae73383c310e1d4226133fa290ed2d7beb42d279d49c34634ae73e054dfb057e2f0f587a966c71ff675e69e13ddc26f988bb1e978727d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e7297d0029697bafce210c4c75bc2d2e |
| SHA1 | 3028038befe4b71c34177ceaa7fc11556d33fc51 |
| SHA256 | 7bc73e53eddcf978d1f6a47776b8b814582fe9d977194a28758eed92752bfc9e |
| SHA512 | baf7dd56b4ce5362695c9125dd7b4e5595d8f7f877fc9613f6df5d097f546f34af81ebd249e5ade089c04329f4487e9d9bce2def39abcb3185ddd2004b2ae4b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cfce689815d981106f2852f0d3387611 |
| SHA1 | 52a0a33c2e7e6c4a9896c5eb26ee3f28008f1990 |
| SHA256 | 16896bb27a59045eaa847a257c4cfc58694567e47f3c0ef3f3cd29b1f975d7d7 |
| SHA512 | d349c07bba0651d579f14c826f875dd689c05b4f8da14e88d4b2316860de60cf2d44bfe2fb63939288e29ad92763eb7fd8e839cf5eb1dd31edda0759348b072f |
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | 6a4f404916a779a74e385146d4892a8f |
| SHA1 | 00f601d2e458e109d80849635bd794f0781b8d73 |
| SHA256 | 27ae68e38fe992d980d4d588a8ddd73054c4ef16ca141dd1d8cb7345aba95698 |
| SHA512 | 5d687db71bbf73dbf1ed1b9fdf6f756f26b85bb67e15d857d12109d672983cc6bdef71043896d2deee357649504659a23c489fa9cec8892eabdb024fd5293817 |
memory/2560-429-0x0000000140000000-0x00000001401E8000-memory.dmp
memory/2560-437-0x0000000000690000-0x00000000006F0000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | 4dd7da4933661e9a0c8e625f493f429c |
| SHA1 | e3f9cd6a749b19e6daf157ff3b6bd234f6bd6607 |
| SHA256 | 3b54f283e7773a155ddf6efa16ebc267e1e547668537e3aeccaa499f24d86ce8 |
| SHA512 | 6dfc76bb267a84a34451b3414b7ce4064ba26f898bf600f0fb79671028e86aa65a355da9cea6cd5448b8b5afb7fe5b4c2042b1d9035df6ab4893349b5af099f6 |
memory/3056-440-0x0000000140000000-0x0000000140135000-memory.dmp
memory/3056-449-0x0000000000EB0000-0x0000000000F10000-memory.dmp
C:\Windows\System32\msdtc.exe
| MD5 | b737774826cac65b2856566fd83c0dce |
| SHA1 | 0e3b1f43e92e6ca5f196773b1e1391efe254aba5 |
| SHA256 | 11f22b9331acbda018f3a3519072317c3fc5c583141a30f56e923821904e6961 |
| SHA512 | 2a105330587f207b5225809b206353d1230bbbce51c4f189071a0be17f305f7fe1ac0c8708dab23e78b46b40b6eb3940f169dcb756578752ea50eb603b0db613 |
memory/3056-455-0x0000000000EB0000-0x0000000000F10000-memory.dmp
memory/3056-454-0x0000000140000000-0x0000000140135000-memory.dmp
memory/2684-457-0x0000000140000000-0x00000001401F8000-memory.dmp
memory/2684-467-0x0000000000CC0000-0x0000000000D20000-memory.dmp
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | e30fe81543e06bf735c3c41ef1051b2e |
| SHA1 | f9b1c6b49f935a1beab892d2f11f585c7d113646 |
| SHA256 | bb5a349e07a5a14ca5623e04d78db79a8223af92d14bfd44db5789958867ba6a |
| SHA512 | 2b402d305ef5c18c54addc641453d3ca0569658629a6e4d36d1cf7ddac77a435f02ae172ff4ba41b11a2b9c48085519326530f4f633fc7ea7c03f0f2f910f9dd |
memory/1620-474-0x0000000140000000-0x00000001401EA000-memory.dmp
memory/1620-482-0x0000000000BB0000-0x0000000000C10000-memory.dmp
C:\Windows\SysWOW64\perfhost.exe
| MD5 | eb4735697b8ae3d32afca4dbbd122eb9 |
| SHA1 | f294f402b593484e64bbbb1d4369d04ee630a755 |
| SHA256 | 2bab1ec29ba086afbaca8f9147c83d121152d857ae7f2cdb5060e521212bed59 |
| SHA512 | 6e8059a578c8572d1fc77cae16c6ac787a7dd16856964eaf15ad0cf3e16803e2bc7d8ab32b1d0a87c977d4ee76d310fda7d4b56c6beadadaf30b813dd68eff26 |
memory/3036-485-0x0000000000400000-0x00000000005D6000-memory.dmp
C:\Windows\System32\Locator.exe
| MD5 | 45c0d6260dc35cb4110447da31e42493 |
| SHA1 | 87775d50f8489fac657c5710cd0cf98d2eb9495f |
| SHA256 | db3c909b639166b7ebc2799771314e3843e8b5d4ceabc8d22dbf736b82ec8799 |
| SHA512 | 75b9ec5da63a3d87e623670269c4e74b5b24d0f977431762610e7e44e4a846bca1098dd31ad57315f0990a93b975c47b6415f36e528f667e83d68a6b4d24fb6d |
memory/1644-489-0x0000000140000000-0x00000001401D4000-memory.dmp
C:\Windows\System32\SensorDataService.exe
| MD5 | 1d4f740e3eea1b0448eb92a2d4bae9ad |
| SHA1 | 77cfc5db8adcc4d3bd48e7909db35f9020af2e72 |
| SHA256 | 13bdaf3d8347dd271467e640e4b936aafd0b9ba1d100fc2151236f26d5bdb60c |
| SHA512 | 9b1ec1eaea3aa0060402afc1f7c3806db8499110fbc1b7327d40c5580e94f8346fd2b84cf178dae7060fc8b36d477a60e60748898f28c92f754c38efb11dc351 |
memory/4568-504-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/1644-498-0x0000000000780000-0x00000000007E0000-memory.dmp
memory/4568-510-0x0000000000720000-0x0000000000780000-memory.dmp
memory/2560-497-0x0000000140000000-0x00000001401E8000-memory.dmp
C:\Windows\System32\snmptrap.exe
| MD5 | 55d48b5d7f5e6df1a797c462a8decf33 |
| SHA1 | 333907036ef07a5c8492429afa93a685a070bd0a |
| SHA256 | 9b76712fe4fcb50d43a71850c00977d661d7cf57dd1859928799af151f593524 |
| SHA512 | bd43c16f2848b76bc7112a9e647251953fc7c515f1fb971e44dffad4b7030272e564d5797b6c3c2a06cdf9ca5982f8ed7a62c03cc4360ff24e01b627a74a2c39 |
memory/3144-515-0x0000000140000000-0x00000001401D5000-memory.dmp
memory/2684-522-0x0000000140000000-0x00000001401F8000-memory.dmp
memory/3144-523-0x00000000006F0000-0x0000000000750000-memory.dmp
memory/4428-527-0x0000000140000000-0x0000000140169000-memory.dmp
memory/4428-537-0x0000000000750000-0x00000000007B0000-memory.dmp
memory/1620-536-0x0000000140000000-0x00000001401EA000-memory.dmp
memory/3516-542-0x0000000140000000-0x0000000140241000-memory.dmp
C:\Windows\System32\OpenSSH\ssh-agent.exe
| MD5 | 9cbe693c64cc217697fb2aa4b46ca4ba |
| SHA1 | 866fee444acd9167d61b52a4dc5da4980acb404a |
| SHA256 | 14e38d8351efb4d7543088dbcc2ce15b67fa67d3c0effc7e834c4fbc49c76bee |
| SHA512 | 331b3efb567585abec9a5d5b161a0758f4cb3509f6dfe97aba2937dc25f60552c4fb8add500aea113df36fe3cb77d8e6556505edaeefeae0170f45505e10528c |
memory/3516-552-0x0000000000820000-0x0000000000880000-memory.dmp
C:\Windows\System32\TieringEngineService.exe
| MD5 | 0c7dd5a45342d40d8029253679ab4518 |
| SHA1 | 6094da24ad2538d4a71e4506870416e5185ee388 |
| SHA256 | 90d9c9544be461b8f765da628e569b3ad6995a227df609a62f3db6d1d2b5c74b |
| SHA512 | 63e3a69a389d326ca3cd6df8231ffd8b7b0ad47c54d0edae741a3a8fb57ce0fc07ad7b099deb7bacef7e8919a9a2beca991babc443dc70f097b45aae5caea3b0 |
memory/1644-555-0x0000000140000000-0x00000001401D4000-memory.dmp
memory/3796-557-0x0000000140000000-0x0000000140221000-memory.dmp
memory/3036-551-0x0000000000400000-0x00000000005D6000-memory.dmp
C:\Windows\System32\Spectrum.exe
| MD5 | 1860df157f4877d406ed1290b54e6a28 |
| SHA1 | 2e9bbfa8d9501718a2eeaba0b8ec7ffb7b51d47d |
| SHA256 | 8e20381cc57f80611da3aa7e09fe3e6d142f07b148d91cb962d1f2bc564a77aa |
| SHA512 | 1303b630965bbb80afb592edd8112b3cdb7f2fba12a9bba6ec6a31e34ce76b78f9591b318ba3f18caf2d8c3b46d75fef05e9c067218886959f529d2fd81e3e4f |
C:\Windows\System32\AgentService.exe
| MD5 | e86fe0141bf85fb597163bc6fbf0caa1 |
| SHA1 | e1cb781fccaae70c20b6737d28c4e66cda941279 |
| SHA256 | 639c5d1b1c7462dfea412d0058e9a57a1fd2f1799023d40e8f0cfbd9ddb22828 |
| SHA512 | 1b3d20d0d23c945fe4f4bf6ecac014df1634ae86d0c055d5345b37aae48f5da6e754685db8e0d9439205268ad3d9ad893755d01b3b2c123f98cc072ee146fa5b |
memory/4568-568-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/3796-564-0x0000000000890000-0x00000000008F0000-memory.dmp
memory/2216-571-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/2216-576-0x0000000000C30000-0x0000000000C90000-memory.dmp
C:\Windows\System32\vds.exe
| MD5 | f6d4b6dbe4a90be4c86b6787f1714ddb |
| SHA1 | f397c2d8104b6d18400e78dbd92df5ddc768f618 |
| SHA256 | 5e225ec416da83423d1b014e2de0257657c468f21948ad3195457adce2714271 |
| SHA512 | 5011a56c19bb9711088d473bbce8e36af0adcda893581b2048d95f25e684f07430fec9289f56575529f321a9a1cb0b1cb0b72dae47b813d4ae4322e0c11a0250 |
C:\Windows\System32\VSSVC.exe
| MD5 | aa93dcf1e87fe6fef42bbe682268043d |
| SHA1 | 3f687cbe77766eba5baa486d397f4188e401ecd9 |
| SHA256 | 3a0301786b32adbd6a3cde2255bdf49b9be947e483ca483186993b236bb6dfe3 |
| SHA512 | a64cbf6e46e0510014c0fa8a83d40bbc001f3147c201f8f9e2761e957815b67768d463d2b89051cf9ba2e6819506af2efda95d143a9014afca1d5ba3772a1d65 |
memory/2216-582-0x0000000000C30000-0x0000000000C90000-memory.dmp
memory/2216-581-0x0000000140000000-0x00000001401C0000-memory.dmp
C:\Windows\System32\wbengine.exe
| MD5 | 0fb9b24ba7481c33d49eb79c8ce144e8 |
| SHA1 | dd88988e160e42cc613d78960be73f8bf5f58337 |
| SHA256 | 8607180d079d4481bcc08269a42e7e2acf01a6fe5c6f9caba1507226e50c4457 |
| SHA512 | fc8f2da0af9958a5f3279326294bc79d27cf67563ad00d77bde78465db67bd72295c83ae86f6f610ff3aff84f492fa04035fad3bcc62b465cc43d81be04518ce |
C:\Windows\System32\wbem\WmiApSrv.exe
| MD5 | 0bd0a3f2272c3843bfc5145c36a0a59f |
| SHA1 | ee30b9af1ad8b66e9e2c2e04e3923650c8775beb |
| SHA256 | d35d573445a8ac3bb469cf21300ec429a3fae59a01a83bc0448dedea34e3b9d1 |
| SHA512 | 7f461d721aed311067e9840eefe6520419a5150d95bad524a9770194f7b31ebd82bbd617cf9edb35ffd7b6247ef8d948110d9de48753bab6d7d396731992ba9d |
C:\Windows\System32\SearchIndexer.exe
| MD5 | 0953f1c5a3e3ba35e5ac8bc16c898efd |
| SHA1 | 9db755be52b821a2d5deed09781f02a7ec61521a |
| SHA256 | 7cff38fa7449e6e5918a9cbf893b32a9d73cbcb933afb1958d2c8d5cb648704d |
| SHA512 | 8f5896ef5dd9bf9d8da61fc437c74f3cd8d66df6e9b2f10760e646ae0d265c6bc4117638b1b5ab15dc54fd1dd23669d39773d766b489526fb6ee59630bd7c501 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | a78d7de9b1560e68f0fdd1dc0bc73371 |
| SHA1 | 9b9890c1253cf372d4b18d8ad163a92187368fb4 |
| SHA256 | 15db72efef7b5f132748d75942c3c8416901fd9edeff14fddfa7c2d9836ef253 |
| SHA512 | d6e80ef20e73480c531bd9340391183951375f7596803f2084a55b4e0a1727b8b5bb78a973f9e511e945b750047a2950ca19e31a33ed89ef4c2118304b0a371a |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | e96de010b05f4839c86e3ce7648e34ac |
| SHA1 | 23d002bfdb16174cc3822879d2a2c019871b43ae |
| SHA256 | eedb723c9eb3a98653092a0ad912b6462114ba362b1b7096047189128d06e583 |
| SHA512 | b8b903e4ae21d9a8640fbab8e76c72a0d8945fa172aa9e6d46b7bf6b4d062c22cf9b1e7fc1b0c1a675cfc61de2d5a27b8a1e8b406540e4b27c125f1a4ca6ffc5 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
| MD5 | 4384de2d4e1b8c25f3cb6b7b6ff7738b |
| SHA1 | 01f49330cc2b870cacb0838874c67dd0a5e4207e |
| SHA256 | 317be30561bc70bea24f85e27bf2185177fcc5470e756956580d748dcf6c1267 |
| SHA512 | 2e922c6dbbf4827513c728fc8f7cf2380d563d53f85c67703ef946dce676bffcfc73fb04065621ebbb06525ab2c7a9457cd004c06eaf9c19f4dbcb538a7f9dae |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
| MD5 | b947286bf90517eada149315b1b57dee |
| SHA1 | ef76f81917f763aaa1c0af705739600e70b9ba04 |
| SHA256 | 51c5154509359e653c809423d68cf3bcb5aba4875da89e3dc6fd73f1e29ee7a0 |
| SHA512 | 36c96b5d1bf7edeb8630d480c22242cc429408b83105695fc2fd7f4faf083412fd9da7e7643eadff2160b9a9a2e2b5b3f1a4f3174ac56afd3f4e6ac1a49f1e65 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
| MD5 | 03ba9c60551aa93515f2134e00d61424 |
| SHA1 | cea0c64e2ca8a6cc72e553b0befacea5238437c9 |
| SHA256 | 2c07476d3a9ac4dd87d15c12b79302f94e2734adafa8cce5731d2ea024be1072 |
| SHA512 | 53b2ecd63134546b708f7768997a3c5f487e8049cf54cc7b3cf2df74db1ab93d7a29cb833c46f798fb3bfacd1281701a7dc395276abae2bbcd98147d39cb33a3 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 7d5ffe3fe1297b4731ed4d01baa2a625 |
| SHA1 | e00f2a9d4a50e72b3a23b7b7291147b1c4630bf9 |
| SHA256 | 5f9695eb7eb233ef6d17a85f69a6f3cd68fce5bffe1d7e7e82a834502bc40b7d |
| SHA512 | 52c7ea3eca43b49866f45a7f0e2bb274e379a14e658692ec7f7d3f2ec77606e53de51c4beaa4f13cf6a5caff7e3a6cb6080e1344e0e7feaeca6b59db65fcded3 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 8876090190cde300f611988a374317c9 |
| SHA1 | 1960af309eeb6fcd822071465a10775755e6a7a4 |
| SHA256 | 176b4527d1b816dda2632427f71d0bec1dd43b9901310286c2d800c47daab828 |
| SHA512 | c3e1ad9240d69505a8e91df8d0ffc9c68ac92d4e16583372a3b8be88a3471d53c94d0513d1681ad9f322343eaed7a60c929682c4e3ce6231dbfbe92b5fd7295a |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | d3a5effc18b566aadcc238af716e66eb |
| SHA1 | 375da4dabb738a5a57b53b31ff073833f44bf5a0 |
| SHA256 | d387dd0e4060fd4b33c74c1bd66b56b7e7cc41599357c393b19ea74faade947b |
| SHA512 | e89fd120d7169ed08706a2f710478422557fc93db97c931d0fb6b5849811e06e7861d4e71a1238af1c49cd1193ef10a8f59271dc8888505107ef434fb0355ba5 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | d742435143c5582a7735794effbe80b7 |
| SHA1 | d36220e46f499591f6177f8e9201cc022f409a04 |
| SHA256 | cd0034e795e19359cd5865186585a3e028dc25977bc7dd351a53d070900d6364 |
| SHA512 | f5acee09eeadc9fc438ded9b411b79ddc1b0c2ae2d72ec24f558d201e7aa41bdce0bd12dbe95cf719afe6a51f81bb9b66f65c5b70fe99f09b95a443f46b64721 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 4f60d18b4c40255b5a084707bbf9448c |
| SHA1 | 40c681b7350e6a6a60fba866967a28bb7b69fe34 |
| SHA256 | 1f3891c6a64fa4e44e66d47f628b97b9b319321ee911b91d421569b3941e6458 |
| SHA512 | aa93fd6d2555c922252643e7f4d713169fe47b6d3c5788f50a720713d52509081ffdf5206aa7d9286ea2bcf11b1d0ad2525f314681f773bc8d55d3ed21dacd39 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 243723f4f59a42d46def763bd670ea8c |
| SHA1 | 4ca82bf713f276613cf99ca7b48833f4a56bf4b1 |
| SHA256 | feeb512c6325bdc135599a164bac9fee0739d15f2a071214314126b3230b5a11 |
| SHA512 | 2eb2f3455beedd0443db1c606a5426c9005bd6fa8f88dd370b589d9e3b1e1915f47ee466a041287f6305071c52eeef27d1d3079bb6c7f9d58397e63623a5dee3 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | b36e8680f78ccdbd574af8dc10c02950 |
| SHA1 | 882d02d0cc84a992bc73f9c2f8be1e41ec63ab25 |
| SHA256 | 76ef0085cd1c4fd9436676bb5b415bfb6edb4518b98ef3980d7301250bdbcd7f |
| SHA512 | b8c30b38bf954ec2d8cf2919835bc69ae55ef348718956f5044c3fc6776ddf32d0db9aaac6b0b06af00b398d07189b608ba7249b086a739625d108c133a68cff |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | a42b82b1d7e931a78a13092730490785 |
| SHA1 | 408d16d91b24b7b45796676b986ea4c133c9e3b7 |
| SHA256 | dc7eeedbeb91851eaa08d1e76cfb3ce160e6e3080dc30d9d694b5aac6dbb0f4a |
| SHA512 | a86dadc1e4b5e1feffa9e8f5a3e9a36dad6f1ceac96389d66f8a8d296a5b6ddeae28bbbf8393cec41cde89d1682c1c1688547566e420d1a0bf1d3f63d95c4e2f |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 717e0cf59b712649742cba8fa71f80d2 |
| SHA1 | 20589429525802874390af09ed9fc0591b347042 |
| SHA256 | ce7b5fc41b96aacea4ab3dba99ba9cbb59363488ac1a88889280321328acc9c9 |
| SHA512 | b9276386b937aa1c1da7143d42e47a6de9f943c525b855d35a79d7c047b34359a40dedd96696bc770313874f17d601d7a8f1b8031ff2270618cb05d1101e3481 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 21c20664ae15da947250c2c12da6b7fe |
| SHA1 | d8ff5a480de2f67b75ad2c34950bb2931ad789dc |
| SHA256 | 5704a09baeb34c4965ba92c58260a4d6c2e97ab1fafb59e9ae4f9082d97e4656 |
| SHA512 | 999fe6822576ece1b704fd7743371bb1961296a15b71b225c0cfa350945bea64aae4f87b137fc019d6604d6137828bf0779534431a35878ef26f7c9e7b73aaa7 |
C:\Program Files\7-Zip\7z.exe
| MD5 | d2eb449a5692355cd8eaad95e6948666 |
| SHA1 | 2ccbdfa98b3fd5deefb813b84aa379a6d3c6e972 |
| SHA256 | cec9badd172e0893f8682cb22ea18a09b8f039df1912884a51a424e0bc667086 |
| SHA512 | 48703e44e9caabf70dcb9c990a64f312faeebc41750d05f70a0c15aef08c12f9b2cdbc5dbba05bcf9382bc5e3ec88a201c3e2a0e279c70164a4ed44b702131a1 |
C:\odt\office2016setup.exe
| MD5 | f200fda28a2c33397ef054cbecc2c90d |
| SHA1 | 94aa2fdd5482a8750ca97bc65a7687879bf07228 |
| SHA256 | e64db0ed4d5e61cd641ca3707a27f4164f4011dc0dfb4b71a640486b43c728d4 |
| SHA512 | ee3bf7047c608cc9da58f19dca820b04f06669f7842547c04df304dbe9359ad18194030bd6ae120ebbed7fbe07e56198196b2263654d65e2e176b16b320b08a8 |