Analysis Overview
SHA256
9f4eb515944d0f7d264a13c6b681dce501f50fa22e686196aee34b7fe32e3d2b
Threat Level: Shows suspicious behavior
The file 17ee9ed9d9015075fd7d18fe4b945720_NeikiAnalytics.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 00:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 00:34
Reported
2024-06-04 00:37
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\MSDtc\MSDTC.LOG | C:\Windows\System32\msdtc.exe | N/A |
| File opened for modification | C:\Windows\SysWow64\perfhost.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\System32\SensorDataService.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\System32\OpenSSH\ssh-agent.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\System32\vds.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\msiexec.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\wbengine.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\System32\snmptrap.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\TieringEngineService.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\SgrmBroker.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\spectrum.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\AgentService.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\vssvc.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\17ee9ed9d9015075fd7d18fe4b945720_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\84dc846b4a48edc7.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\locator.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\wbem\WmiApSrv.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\SearchIndexer.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\System32\msdtc.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iexplore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstack.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ieinstal.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ieinstal.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javaw.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ielowutil.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\pingsender.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\keytool.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ExtExport.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\policytool.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstack.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\unpack200.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jjs.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javah.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javah.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iediagcmd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\plugin-container.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javadoc.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jar.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ktab.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\ShowRestore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_95203\javaws.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javadoc.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jinfo.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Windows\System32\msdtc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\TieringEngineService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\TieringEngineService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f23a1c3717b6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SBE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006b57753617b6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4803 = "VBScript Encoded Script File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000dbdd9d3617b6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002142813617b6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000003940bf3617b6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000efa1c13617b6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000005e29ea3617b6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000004bf4723617b6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000f16f63617b6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000039a4833617b6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4802 = "VBScript Script File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000f16f63617b6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\17ee9ed9d9015075fd7d18fe4b945720_NeikiAnalytics.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\TieringEngineService.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\TieringEngineService.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\AgentService.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5056 wrote to memory of 2288 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 5056 wrote to memory of 2288 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 5056 wrote to memory of 3456 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
| PID 5056 wrote to memory of 3456 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\17ee9ed9d9015075fd7d18fe4b945720_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\17ee9ed9d9015075fd7d18fe4b945720_NeikiAnalytics.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | 107.10.141.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 34.193.97.35:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.97.193.34.in-addr.arpa | udp |
| US | 34.193.97.35:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 44.200.43.61:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 3.237.86.197:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| US | 8.8.8.8:53 | 61.43.200.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.16.251.13.in-addr.arpa | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.86.237.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 34.193.97.35:80 | fwiwk.biz | tcp |
| US | 34.193.97.35:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 54.80.154.23:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| US | 8.8.8.8:53 | 23.154.80.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | 200.78.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | 20.13.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.10.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | 45.97.211.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 54.80.154.23:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 3.237.86.197:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 44.213.104.86:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 54.80.154.23:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | 86.104.213.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.218.204.173:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | 173.204.218.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 44.213.104.86:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 44.200.43.61:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 44.200.43.61:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | 185.94.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 44.213.104.86:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| US | 44.200.43.61:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 3.94.10.34:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 35.164.78.200:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| SG | 18.141.10.107:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 3.237.86.197:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 34.211.97.45:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
| US | 54.80.154.23:80 | damcprvgv.biz | tcp |
| US | 8.8.8.8:53 | ocsvqjg.biz | udp |
| IE | 3.254.94.185:80 | ocsvqjg.biz | tcp |
Files
memory/2908-0-0x0000000000880000-0x00000000008E0000-memory.dmp
memory/2908-6-0x0000000000880000-0x00000000008E0000-memory.dmp
memory/2908-8-0x0000000140000000-0x0000000140197000-memory.dmp
memory/2908-11-0x0000000000880000-0x00000000008E0000-memory.dmp
memory/2908-14-0x0000000140000000-0x0000000140197000-memory.dmp
memory/448-16-0x0000000000720000-0x0000000000780000-memory.dmp
memory/448-22-0x0000000000720000-0x0000000000780000-memory.dmp
memory/448-15-0x0000000140000000-0x0000000140141000-memory.dmp
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
| MD5 | 573e06d94c9ecc5534f4471bb91cb748 |
| SHA1 | bf9019790f774fa5ff54904fe5770fa0cb21d54f |
| SHA256 | 3c23ddd83e5f7ab08ffe869f5eb1e5994fa0a98ebcf1e0ee3c93eb0915f09532 |
| SHA512 | a64c557ae1d9727d9679c6464a014bc3338b9acd28b34fa862fd0fd721102ca13b3528d9f8f67343c5962185928614a9da7fbf47a15d594eea3d7ed6d53efe43 |
memory/1820-27-0x0000000000820000-0x0000000000880000-memory.dmp
memory/1820-36-0x0000000000820000-0x0000000000880000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | d6bf8abbd5f1e7711bcce79d5e9d4775 |
| SHA1 | 92f72a16a1f09ae45b1a5a482b377bd4c5c2d23f |
| SHA256 | 6a5c987a1ec9fdf4131e2fc3059411908c2c5d61ec558e6de6b01af400a5145b |
| SHA512 | 4720f7fd23de4a70353ec9340e28dee8a021732946e45c0810b73d34f5e59c2bc475b89186dd3149143451d2ffcc1c848d062896e306aabc2168e90e23d17d35 |
memory/2184-39-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/1820-35-0x0000000140000000-0x000000014024B000-memory.dmp
memory/3024-57-0x0000000000CD0000-0x0000000000D30000-memory.dmp
memory/3024-69-0x0000000000CD0000-0x0000000000D30000-memory.dmp
memory/232-72-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/232-71-0x0000000140000000-0x0000000140166000-memory.dmp
memory/232-63-0x0000000000440000-0x00000000004A0000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | adf7468919758598c9a9244a711bd80f |
| SHA1 | 0a1c76a8add182ff5c06cfab4ea2001719d78686 |
| SHA256 | 89a82ee347a093a95c8b159efbe67241e02b1488a17964588832256d10c23af5 |
| SHA512 | d4cc11ad30d5e80885f01badea102db5467ffcb60a857d371186c1ea31d80639a387d5b15eedb3113967bda47b35d62891ad0c39b9fb554df7137c1f716bf076 |
memory/3024-61-0x0000000140000000-0x0000000140166000-memory.dmp
memory/3024-51-0x0000000000CD0000-0x0000000000D30000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 2f2cede159a4e592a1753e0c12f5cc10 |
| SHA1 | 896497c145041576f2d8c717d8f66d061f07cb04 |
| SHA256 | 9d89595d22ff4855191372b2c9f11692213b3cab674ed0612fcaeeaa62331c67 |
| SHA512 | 975dc229fc4709c380c9d91927533f05e9d228135568c4bb2aa40b1f73c16974e158e6040bee25d333fd8daa5ac9d03b1eed731fb7c83493f8efaeb16c906f30 |
memory/2184-48-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/2184-47-0x0000000140000000-0x000000014022B000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 8db3c73e9dfa7a03f58dff9c1f03d9be |
| SHA1 | b6ff65928fec5827f5b2c6049312978dcfa8ce44 |
| SHA256 | 3888bed603d0bf787a02adbe5b9e111ff8ea15d882c4c180a177a75b43d0a156 |
| SHA512 | d332f54a61b0eb6a91b8f54082d83a233322153ecfdf3398963337296e8d544ae764cc5282137d38750d01b455855185c1adfd28787eaf3cfae826bf588787c9 |
memory/3024-109-0x0000000140000000-0x0000000140166000-memory.dmp
memory/448-233-0x0000000140000000-0x0000000140141000-memory.dmp
memory/1820-236-0x0000000140000000-0x000000014024B000-memory.dmp
memory/2184-237-0x0000000140000000-0x000000014022B000-memory.dmp
memory/232-238-0x0000000140000000-0x0000000140166000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | 99362a1df9a22939f18536fd2d3eb7fa |
| SHA1 | 75591738599bf78cf8f07654729612df27a67f6e |
| SHA256 | 95346f04a342b0333bcb650808a062e4b759f3f90db3cd12f5ce92fa55d40ae5 |
| SHA512 | a9b26fda2d318485f1a3a58e96de5d4218e3abd6cf3cf3021d4e9dcd4e1fe236aeb0c56ce2ea4428a45c3a5da34c7f5ff7057c8c41472671c4e5476c06880140 |
memory/3764-243-0x0000000140000000-0x0000000140140000-memory.dmp
memory/3764-244-0x00000000004C0000-0x0000000000520000-memory.dmp
memory/3764-250-0x00000000004C0000-0x0000000000520000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | 8de63ee9244550170fd2fc680ad2d5e2 |
| SHA1 | bcc766eab529c88aaadd90ce2e2d8009d2787b02 |
| SHA256 | 4727e794ac75bfde232f41f012fcec6e0f86848e41da7dfaf9e10ce3257639b4 |
| SHA512 | 7a43a456b19583647529975670ce65bf5ed1e024c7924b011665e4393fe123d8d201d85a1bdd550de3ff8e91320a9bb37cbec1c49d4884ea30b00d45a83fca7c |
memory/3912-254-0x0000000140000000-0x0000000140135000-memory.dmp
memory/3912-255-0x0000000000A50000-0x0000000000AB0000-memory.dmp
memory/3912-267-0x0000000140000000-0x0000000140135000-memory.dmp
C:\Windows\System32\msdtc.exe
| MD5 | 5751f606d4fefcdd353734b058c06f97 |
| SHA1 | da96472b0f5e4cb243cb8554ee03fbe34109fd0c |
| SHA256 | 7216d11c2c2db4870fd8d5d5f862d0e54bba50b52e2a72eb847590e7be8f9933 |
| SHA512 | d3356be6d97544d414c6ff5be0a7acbe1123d8550c3d9bc1b7f7ee8c8fa07e87802b2d4ed8426349b6d2612ccfe0177b0fca7cfb7dee9f907cb38ccbfe06ab6c |
memory/3544-269-0x0000000140000000-0x0000000140150000-memory.dmp
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | 4101d5d3b5ee52d308e0ac08a28ae07b |
| SHA1 | b9298d50dc30167e08dfcf0c3b0d09a35b9868b5 |
| SHA256 | d596c5796444a822ede6910267e5a27750a49ac21c91b0d9e49cc91a3d82a7fc |
| SHA512 | cefb1cd9823d24567d647d971ad3e4b5939ab8c27d9f976287e66ba4880d74e71ff08f8fd6703583b1ce1f1d42923cc0ccffd8ad2e3e1823c031749d2159cd61 |
memory/3948-284-0x0000000140000000-0x0000000140142000-memory.dmp
C:\Windows\SysWOW64\perfhost.exe
| MD5 | 29ee189312ace97a732577f56ce0ccf0 |
| SHA1 | 6e51136e640510979cacad08f0fb69f67f6a45dd |
| SHA256 | 207dec8fa115b9cb84f6994332f7a4f1c0ac28deba5269475cc7b0e5b9ac604e |
| SHA512 | e4700c33c03e8338fdc440bb34fe8ac354792ed7c9762b10dc3a0d0ef59af91e9ba9d13908b18e6ae3bfaf688d76c495c8fa7347dc9e0726bcdd3e6c92ffe418 |
memory/3280-295-0x0000000000400000-0x000000000052E000-memory.dmp
C:\Windows\System32\Locator.exe
| MD5 | e86f9753d21b1c1b4d87964e523ffa1b |
| SHA1 | d1b5df4fdd93c0bf60577834e532a30fed0c76ca |
| SHA256 | d7adeed8b956f8182a5d91c3adc5c85e05786a03a365a3de89e7c9bde7eb5934 |
| SHA512 | c917e1d28bbd10f9fb4ddbfc7741af3c48b8297a90a3423ce0b0d26d4a2e8cf6a8d1af67063bdf521b5918c9fc95c89103874ff26f1f5f248547735d57710221 |
memory/3468-305-0x0000000140000000-0x000000014012C000-memory.dmp
C:\Windows\System32\SensorDataService.exe
| MD5 | 9390bba7091eabcae53cfd081c751cc9 |
| SHA1 | 7e5dba2928b47cc746f1d7f2b2d291683cfa70fc |
| SHA256 | edf598cbf5462b885c72ae89d91227e16ce8aab197b1ce54541a803d764f888e |
| SHA512 | 4b4a0e4b0c53e1d82e9c32d7a6cf0f8d0f70f1587e657ec76d50a37672195d91e5367e78e34dd94bcb0251a0446091299a60819c53d4493dc85dbba2308d9f6d |
memory/952-321-0x0000000140000000-0x00000001401D7000-memory.dmp
C:\Windows\System32\snmptrap.exe
| MD5 | 182937e1a02b84a12b050eb1f0636a08 |
| SHA1 | ff840da393368edcf9f00e3904a520bebfb42c53 |
| SHA256 | fb9bd60ddf90cb551e20d020de13cec5f2bc87e79518361f2758e7c4b1da40da |
| SHA512 | a72948f75c536560ac13dd5b80a47b67b6dea70b406ee5cfe370b7290c14b3e3764ca222ebd718c28b69fcbdfaad31f83710bf69556d0fbb1eb3621bfe22fc43 |
memory/5020-328-0x0000000140000000-0x000000014012D000-memory.dmp
C:\Windows\System32\Spectrum.exe
| MD5 | fadaded7c35778edd6148f41dc217871 |
| SHA1 | 3533cd5eda5693e8a4874901b227da51b4936e16 |
| SHA256 | 305faa9bc5276c9012e43cca78db0acef50c214eb8faa69186613d568980a2bc |
| SHA512 | cabeeb49ca76aeaa6bc51753340ea6f44cf012fb05739062b10d0918a28faf10fbb4225bc8fb9298754f9da83f5ac1cff24d878dd304f0c9c314355a3cbfca64 |
memory/2232-339-0x0000000140000000-0x0000000140169000-memory.dmp
C:\Windows\System32\OpenSSH\ssh-agent.exe
| MD5 | 6da68213185563ba6f2ca2aa48823037 |
| SHA1 | 25f2b93cc7727c0a302affbf261b6a4aa8d8969e |
| SHA256 | 5476a9cc57d88a683238221a020139e9d780073269090f35fe2b76327fdb28a4 |
| SHA512 | d88c8bcdd2e11fc203ef86c93bd6073b840cef66f7fabfa38827ad57559d051f3fb7ed30cbfd51d6553f983a93b90d62daa7d5bb57ed12b6ca72d3d4ee35a3bf |
memory/1544-351-0x0000000140000000-0x0000000140199000-memory.dmp
C:\Windows\System32\TieringEngineService.exe
| MD5 | f8e0cf951f230fd157707c64e66f50f4 |
| SHA1 | 70bb1b54982aaafeee3762976c45702b7cf5e09c |
| SHA256 | e0a06f39f990835a4eaeb49a5a39949a18bf0281db8c9608a01318e1ad3181ea |
| SHA512 | 5a4ca01e634858551846d00dd22e35f99c95e7a3b37c976c12f0c4cef8df23b75215d6d3b546f6533a485139d9b09c7924b0fff36d31c4a3ff5545defda4876d |
memory/3764-370-0x0000000140000000-0x0000000140140000-memory.dmp
memory/428-372-0x0000000140000000-0x0000000140179000-memory.dmp
C:\Windows\System32\AgentService.exe
| MD5 | d329ef211b2d35e78e3d2dee78659b19 |
| SHA1 | a0e045d87a9d96c090c6dd8b15514b64a79e09bd |
| SHA256 | 2d7e5b689ec5af1232dc0fba9d55918415710eb92e14f3aa12e4cb02b3316d18 |
| SHA512 | 461b084d5b2c3af10f4a65cb8b7fbe1f9ea84e9fe2757aeb4c0521936cca6adc36d2f07c670aa62768c39abbd34f447c0afea9e2878eecc5ecc4c219bda9e367 |
memory/3700-374-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/3700-386-0x0000000140000000-0x00000001401C0000-memory.dmp
C:\Windows\System32\vds.exe
| MD5 | 9088bf35102bb2714dc7a44a153c647d |
| SHA1 | 3b3ea291b3af243581629d45771e3eb1aa326848 |
| SHA256 | 35c25a34c2e4d7c12ef289aded5f3b2a7a4f00c961aa48c8bfbab294a854ba3d |
| SHA512 | 872500e48d691be02cec6088a906669fb257b7295c015f1ce6148903399d70ec8dc014790f430c79d0c27fe19507c819ab27718fa170c7fb6be640371567738c |
memory/3544-388-0x0000000140000000-0x0000000140150000-memory.dmp
memory/5068-389-0x0000000140000000-0x0000000140147000-memory.dmp
C:\Windows\System32\VSSVC.exe
| MD5 | 5ffac651e8216084071ae430d2d919f0 |
| SHA1 | 61b5da62ece8ef12ede9f16bdd5ea968d87502c2 |
| SHA256 | e5cec3a8c99b21c605bc435d163b0505e8f7e678a0aa12fdab54bc98d844a0ec |
| SHA512 | 0c74d42412b8c730f32bfb6fbf4b9dbecbe0dfdf0ed057af60565076545a8b101446b67e49fa922c7ba87a1751794b1b78658fee67f94d2e31b9440401b49a09 |
memory/3948-400-0x0000000140000000-0x0000000140142000-memory.dmp
memory/4372-401-0x0000000140000000-0x00000001401FC000-memory.dmp
C:\Windows\System32\wbengine.exe
| MD5 | dd8d14e745ca70c9f3304f6f8643da41 |
| SHA1 | 85c26b1410208de8d9f58c45ea6d2275b46cfd05 |
| SHA256 | 5e46dfadaf7bb82f2ce344f3555038433a776abe7cf92631c8a4cdb34a6038b2 |
| SHA512 | e21497d42ed0d85fb67a1473c4cf3cf2edb21ad9eb1b5dd56fe82890b5395cca5855a36fc14654e318281eebbcbca98e3ac3c7ab9ea6b8adc5cd1b939ba72c8a |
memory/744-413-0x0000000140000000-0x0000000140216000-memory.dmp
memory/3280-412-0x0000000000400000-0x000000000052E000-memory.dmp
C:\Windows\System32\wbem\WmiApSrv.exe
| MD5 | d17cbda6755492a0993fdfb94aede215 |
| SHA1 | 6080d83ff97254448952514f48cc92455c43d624 |
| SHA256 | f93c9db8a755c124eb58df35e9196b5ce0b8d79928cfd3c8c368ddc3cd680df8 |
| SHA512 | 1827c7c6884e62211329e5ab6bfdb1a8da7af2a44cb62cc647c34a0360eda6b662b25a3274f98d51da3ce1f47d5e0f390758f9eec581c473cf8b500979817c08 |
memory/3468-424-0x0000000140000000-0x000000014012C000-memory.dmp
memory/3668-431-0x0000000140000000-0x000000014015D000-memory.dmp
C:\Windows\System32\SearchIndexer.exe
| MD5 | 2ef48d3b9f7eafa0a4df3bf139511b85 |
| SHA1 | bdc86918220fc843cac911f761540222770d897d |
| SHA256 | 24b75fd9682b737b7cff80866b87bf3241006eadc3c965337bb32633760f6bee |
| SHA512 | ed69e16deaa843181d2c0d44e35900c1d0df15827ae4a5311e2ed7947f928db1073f9243a189f4eb3b56ee1aac04dcca5834ffeefd5868b3ac1ed16d7de2a3b8 |
memory/952-437-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/5056-438-0x0000000140000000-0x0000000140179000-memory.dmp
C:\Program Files\7-Zip\7z.exe
| MD5 | 376f76b0c9c346edf7c2c7a3ff2ec25a |
| SHA1 | 83531987c3f3f48678a0bd35a887f484932f3b6e |
| SHA256 | 0bc256c2eb378c483d653cf1d361073d15da4225ab576990bea439d4178d0871 |
| SHA512 | 6d9ff7c5f9550fd9e6473eb74bf9c6a6ca4f32e899968780f8dc4c7eb308ed31d5ae51797695607e214553e3f96dd4000dca3e6222abb2fb2ab65fd33e7eddd3 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 8ca5384fc8a70a08ed5090446a71e07c |
| SHA1 | d7d614298b6524ca770083ac83adf589b312c9f5 |
| SHA256 | 64584466c505f7febf138989d500e7e9aef58a5f2e56822e021554cc5311ec53 |
| SHA512 | 82c612a17eb2c432f742a824978af76a2dee7f3db6ebed8870552613b033729ce1ac59f1ac7bdc392ec9bb4be8c5839e6f0e4911584f93c68aa7dcbb9e79d9ff |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | c555b6b01b5ff50e1bc93c5bd1b8d014 |
| SHA1 | cdf43d0ee9df4f4f291170f8b7d4aac61b4801bb |
| SHA256 | 0c4f7483ea2cb746adde7ca4d13778df3e51aeb181d525afdf86ef610d90406f |
| SHA512 | 4544f8d96e2dc552c9d07bd7f3179f934f4930ea54b734d4b179566e111397392b3ff28c96668dd80ba0e2662e7a58c588e9afd9fc0606eaa6e992a5afc0972c |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 745406ee83964ae84583e417edc58471 |
| SHA1 | 03fde8b2f4e7ecdb6b6e8641c07f951621367cf7 |
| SHA256 | 75d86690ca22f8da7607a92ac3d212bad12399f7538e04ca52165245e930d5f8 |
| SHA512 | e7939715b045b405e31150d20e9a66bf4469d06df5fc76980ac93c1806357c7e880fa1e0dd4def714478840ac75b137d946a60010de188a9cad2e659fd924b64 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 1b8fed38f3c3c236b29aacfb6368dea4 |
| SHA1 | 33b5a64765667072c28c51a449dcdc98ac34f57c |
| SHA256 | cfb5857fc1b433dc6a28deb8b212709070383a7169ecd03eb4c5ed105c7b8870 |
| SHA512 | 774d039d10a3b5823e08eefe4cb7b3e2593939cba3c4e9ed3831302ed55658ed6e8b29a27e4a2558e82ebe6afd20da4a6b31f33137980d328581ac48a9004d9e |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 7bff6cd5b0f0c31ebb27d2ff8ba80772 |
| SHA1 | 3457b4fce62bde32f3a0e81659d441f1804f6e2b |
| SHA256 | a6c0bb0a56306281eec9bec0278a4f2ac9e37917858d18981d14fa38ff0c94ee |
| SHA512 | 5f4e57f786de49a9bad66f2d292bd9c8685cf4f82daecd2c0f11d1ac07ba99b755b046aab8e49db549ba60b90c2606853f5a274ad33411c04ff68167b759a91d |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 7d8d1afcecd8b363819c1f0ac16a3a6f |
| SHA1 | fc5757acc74cc9ff5b46ffc66bb8dc71465dffeb |
| SHA256 | 9885e5b6e23e77734f05096e9491ce0994a0e969d62df12bb082d207f386462c |
| SHA512 | d7b5fe9f2c188eb5c3fa3d8663cac90d8e3e1dfd90d7ef0f925687ce27adbbb631f7f42784ca38f5badca9ee28c497bcd8d9a9bd4056ef41329dfdb329be1865 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 01ab81dc232feb130c99911b53849b26 |
| SHA1 | 84c9b85c0171b6b945f7e65b63dd42f24c23d033 |
| SHA256 | e02b708feecdd5eeb681aa3a648e6e9ea9a59760524f68bcfa1bef976ff915a9 |
| SHA512 | 527e5cf9aa0c15c64c98310a068069890a348c1171dd50fca343b5a807d74098a26f41e4b7d3a3a7d40e165903c5dc4baeb4b712095a8141f0cb50aeedde5082 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe
| MD5 | c1af27509d8b3bc8a11f0fb4f74f8c0c |
| SHA1 | bd254ec33d296660e70f17db1a285cac38972e41 |
| SHA256 | 63c215d4644623ed273422b3e83cec04c896f9e9a332e95838688a7812ca48a4 |
| SHA512 | 4e5163b1a10d1a56985f38d790d52f125eea7a75f8edea15fa645edb18a2704553d0515ad15087922b52b90fe3cd0cd2f915aca3cb7daa358d6de6e82797e5dc |
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
| MD5 | 6eefeb7f556f4dd99622550fd97904be |
| SHA1 | fcf910a7b392d1162897e76e30deeb2e2251605c |
| SHA256 | 378ff01fd337d2068496750c2b5002d05eefa6027c08bd583f2899811fe5d3bc |
| SHA512 | 7b49080b46db2fd400b3915f5ae5815f2d127167a243331e170abaa6e8a48f59974884c1d2d0cc3c7faaaa99cf683e54c19ccbbaf581f714adaa947e38b46dbc |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | 6acbc8128af95fb0231bcfefdeccaa67 |
| SHA1 | 8a8c6b0f202b59721fa47b9da1f8ece906fbc043 |
| SHA256 | 5c4bdd4546ca345172bd163c68dd7cfdcc9346700b4a2b55aac9b0f0073ecba9 |
| SHA512 | 91e073e5794878098302fc3bebe1eb69d279d0744391bbba50da2c3b8c9909ce90f9e05b55abe1c5ae22370c9f491518378bd49ea97b4ab6419b7228b7172b3c |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | 85c73617397e0c5dd1d7acf041d0d25c |
| SHA1 | dd5aac66c74e7654c0771726e39ed7729840ff49 |
| SHA256 | ca341448000b1818734702d183951d06fcf6b010331ff6bb97486b9041862c6b |
| SHA512 | 0c4a5c45dff4d2429351dfa55e82e9bcb5a51b6ccf8da446e8f8729d40635d9cc413d903151a37ab695634b68cf097aa90641f50a1fbcdda2345fe6f3bd91bce |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | 6e83071feda9de1511c1c5fcf329a0b6 |
| SHA1 | 9ad874c3bddc3deded2c1e33906866122595824a |
| SHA256 | 26b0c914757461ecb25d154a21dd3fb6437723ca98464d19fd9d6156369f5e22 |
| SHA512 | 76a574f02bc1c0714ab9509d9f2f2cd9b8bb5cc3138214003e09acffe652ac85994d7128156c0cdc4fb4b2c43fc384e5e66c1de0903ba36dc2143623efb03b12 |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | 71d93afdc28f3413a57963084f9399ae |
| SHA1 | 23571cd7b9fa2b92e09aee6bd28cd2f8eee1dc3c |
| SHA256 | e5e143852dce22ab3b1713049329fe3d4201f9de8001c38bb28c6ccc196d09fd |
| SHA512 | 26c40251d964cb0c9034555d0a49d83818d8d03257d08933b198eda69c8aa7abb748bc58f8f0d0b51dfb086d01f19d19a62c7fd965ab4958ef47df96dc6754b2 |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | 73df6df3b3ce1e9f7923afa23a50488e |
| SHA1 | 15c8965bd05953006ab2c8545ba0f00adc8e94c6 |
| SHA256 | f7da012ec7444bdaa6c5a06ac8f2459ba3d1b4e5e916dcbc3abe82d6ae57194b |
| SHA512 | eab16315655a8c6ba89e40cba54104c0b67d1bb3c5a8c36f2107b299fff08d9a8680e805a0e7a94253ddc8dc2bd49416367320c9cf0582ade3c7d78c2a0bfa93 |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 3ce17e4399ff74eaf8561cf0228e9a5d |
| SHA1 | 020ab75d7bf530626ff9c7638d75ae3c13a4dfea |
| SHA256 | 472c320bfc0090f5c2929a46cc15c044c81af667cdd36e63d973e9e4289b10cf |
| SHA512 | a342eaac983ef86afd43e9247d6d1ae8af8297f3f8d38c018f144de2955cc5343d052b7eb82e5949e33afa0891c0c97e516deea2136d39cb83067b1bedd90432 |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | c6786d4ae0a93f7191fe7a1ca0bdac85 |
| SHA1 | 155beaad78c485a093ef833eb7d072b223663686 |
| SHA256 | 01fd6e3fdad2a1195bff596fd43b38f1c483e00388185a83312ba2afc9695d8c |
| SHA512 | a0bf78da47e8307b2ba234f7366819e66c12f412678c8549ef65b92b93fb196c95f44234b70a5a773fda457abba75d1ed84ed8cfaa40ba4b7ff17e1028478cf8 |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | 034295f3e9aab0f2c7f961bb4fa817f1 |
| SHA1 | ad8e0da9bbf68e9712468b41d5d92353e2ff2b25 |
| SHA256 | 3507491af28864272cbd250c826be202b80e53d96a91c6d66e02d5c0bf6a1b02 |
| SHA512 | f2da026cc899c37224db3e6bda393cc93e241e67cc1b933ef4dea4112dad41a42244e3f30448c0ae46ecc90390e4d0935606500735338965bfe748d19679f149 |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 5ea6a1a5e17e6a2b2932db9e23610f1d |
| SHA1 | f53d4e6db19155ab1f3aa447f903c997d84654aa |
| SHA256 | 53a072ff4cd08e34a98741dff3411f7e26626183e392ad3061d2aff09d0e6814 |
| SHA512 | 325cab425355180e2baf4c48fbefe1773652861da9fe2e60a67173cc63905253ed4f0652b64e5f6567abaab49053f8d09b23cf77a44bf800fbf3f541d15c47a2 |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 059cb3d5ffb2ca5b0dafcfd5fc68fc26 |
| SHA1 | 9f733ad709132b457afaf0b9046554769a8723c8 |
| SHA256 | 81bb14711f247b85ad2ae11444ebff6745caf5837c8a029da7b1766c1c0854c4 |
| SHA512 | 91229974b3d2d2fa21a61946e3eaf663df84a93cdc58acd7add0ceba4031f779e142640d773c11df3aaa572f3a9fd4cc948646ae821a8a69261878cda0f63b5b |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | db56c737622f06df1eadade2a969e2fc |
| SHA1 | 213dc26a3993e859a67bfc71db155d0a27579f9a |
| SHA256 | 039a3c12de0d0c3979b0d0ea6d4ec1970292a80728c63690d1ff8cebcd7a05f2 |
| SHA512 | 0714a7db27e46c29cba9906a2b5cb91c93d8cd8f03ea28de56c4477c40bf573900bae5e2349df3c9fd3271588f2301bc18da04b58bdf4ce5bfab7116766568b8 |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | 51d65e56af44f795975d9f352c8bb2eb |
| SHA1 | d29fcc083e35e3f16b6a92900fdfff42e808b641 |
| SHA256 | 17c7d0134b70ad722e668ecd2f0786a1f6ff1e9988dbfc589b56f81315573e3b |
| SHA512 | eeb8f29bdfe4ff9192b39ecea9e2bdf4c341db68123aa926546d17d8281f203f1f533b718c6c92a910535b81717d71adb34580bd001e22c6cc234c65067da87b |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | 4155d44150c8e9135b73eac1760a7806 |
| SHA1 | edba30445c0a74f7f11e7f506d8e16b0a450884d |
| SHA256 | a001faf8182de83f1ac7682365e8716c011eef3fb586a4ffb1b30bc4591d0f90 |
| SHA512 | 755e4fc7d2fa8126c74900a5cda20d51d2110458ddba886f42433d3666833ce20ea3a66bff221f5462a612ea2af8c0327b3dbae321b4764d6ec77e5286e719e5 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | 21337a9a3b499fe2c865f3c15a53d255 |
| SHA1 | 69632d60d0798f5da9e722bc7c9d47523e43a501 |
| SHA256 | 391c41937843b050817b50bf186275522593a6127d2a90b348e957276be82eb1 |
| SHA512 | b61c3aadc06558dfe9bdfb31376090df9f71d55fa66e7626af684233e5e8c519f494b4f59477337d0d234a1d09f6274db2ba0505504bed0bdad678bb827aa1d9 |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | d128b71a783aca9bdcaab0980e40d4cb |
| SHA1 | c1bebbbbe017f0d3bd9529451e2c8fc03804a6ba |
| SHA256 | d05d813f27873e0d70c1452f99aca957cbdc001a3978eee55cdd25a3e0c784dd |
| SHA512 | 4bbb2c63c1607ac3355a99dcc1eb5232b938d7c898ab3be9cca9830b8218ecca0d9bb502db617e5500d3d1cc7f10d27b3eb28208ce1e7651af51e51194dabdcb |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | 2df50c65f63ed1f82e2975d0d39ea7df |
| SHA1 | 63bed9471a5292677a142777e722148e61c20f79 |
| SHA256 | 78502acf48e83216ce89ed52d3eabc6a35c13b5da2a42576eba90371de1e7696 |
| SHA512 | 5db6b0f256ff9d7ce387d37b48544621be2247f0283cdd0f664b7604265f96fffe562456564ec39eff1c18a502c66d96ddc81f23cbf9388ce540988b060a95e9 |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | bf414482100623b9541ec1489f2eb673 |
| SHA1 | eaf29290ab68ede555aba3e88553699dca92bff3 |
| SHA256 | 543f56f1cd9c6b81120a709f840de67b0bc0aaf9ee970b57664f1d47f482e4c7 |
| SHA512 | a2d4eda7430cb65893173ceedd5b2b45dba0dd3ec5e1ebfbd5bbabfe75131d8c33b2bccf683ec876b24b975e25772bb9642f75b440cebdbbaabe3ba503e889d3 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | d83e98889fe561b46651638d85d02852 |
| SHA1 | 0f6f092eef34c7af6f7f4bb074a21abcaacd8387 |
| SHA256 | 87c41d6c601fa3112c8bb2e9934daabb3981fe7a54e73ce6998f7f338b339cfe |
| SHA512 | 95a0508b0d3ba85c17c79da3a7223d130b132253a7d259e7fc5fed56b93808a37edb249ce7bf70a6e9217da8376bb6719e2b61dc48d7cb7ce04080212415aa66 |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | bd13f3490d70fa7bb9f882b3014ba4af |
| SHA1 | 693fc089891d5d764462772702eea1109f54cca7 |
| SHA256 | 6204174781b884ea83d5267ca8f9cf0d2d4fbebca5fb5449931365dd98352fdc |
| SHA512 | 7d9daf6b77aeb927fe39b206f1a8a69f30bcba7c199d4fa44436ccbc6285408ca6a13e8e5e426ecbca1b2e7d7796ed0f17a6f691aa0541365b72d52bd04115f7 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 92bff46eea10d053591350c639c7a057 |
| SHA1 | 2802d93ae1acabf22a6de99b3fedc95da4159a4a |
| SHA256 | d0533cfc7a6ca9d8b1f297b104503531141bfe0f6e4879d6a162821fd96ef371 |
| SHA512 | c25dba650a4418c4245c715d31c9c9f329684f1a0a9dfcea94aace93feca2e0326d0804c829fb9260c1827d81399dea82901345c1380fe443ec92f62856f7cfe |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 13562ec6b85a3ba369f0e3d0c5b9a484 |
| SHA1 | c81f1ed9bed6bb70d2a718ae58300659aabcd9f5 |
| SHA256 | 3793f3977fb6a9243ac945205a25fcc6b50dbe8b07b33a548d4492a6b08b68c3 |
| SHA512 | f8f9fd2b8234ecf94ef1de4065c46e4f58b1e4fa5c0f4a97416a990bb1f8a1987723e09b78d4b646f3e75ad2544baa59305ff4d282614fc3cf8800cede377af4 |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 44e96eb297346685f6c5df6f70693115 |
| SHA1 | a79898c89c372b66a6ab555fab00aae9c0c31ef1 |
| SHA256 | 22ed1f9806db348f453ac4681538725071035d749505e4919ecd31eac1001750 |
| SHA512 | c60191d3afd90fb9b8bcc49807281c1be0c973186b9f635c1e92addf34f2af92cbe56f978190d7a0d52946f84a0ce4fb9748329effa61c74943f5140a88ad6bf |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 34b22de08e9b91ffd23ba2ccc9c090f5 |
| SHA1 | 9b08feb342ce8583e3b921d1ca12565430cc2b9d |
| SHA256 | bc6f1e07b2b433ca2028c352a334db72959f1762a0d0c2e65e71ad4f6c36b99b |
| SHA512 | 5a57bee513f2621b9654da37f3d72dc1431c58b5683111908978135eb71f215a7dc3935a04ab463f31699c78a891fa79be62ab7d782aa16e9f299b9375692ec8 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe
| MD5 | cb532ec9271e2914fcfe38232254ae99 |
| SHA1 | b16cadb96d853c038a48e20b26c466d92edd56c8 |
| SHA256 | 4e93c94a43a7451f0715d312a9b905069d03336f2974e838d2711c2b81b70f35 |
| SHA512 | 1d400334465b5eb5359c28a7958b9852f0d4e465f18658f0ee5a30d366902e615c368312f26c5a123083a7711c143fdb2794ffff7d718f1915ff7b1020981665 |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
| MD5 | 0c34d0374622dd74f73d836074eef042 |
| SHA1 | 81b9195c4e7649213b7c52ef3d2141ffe1e05db4 |
| SHA256 | d21d41a3b72c38218e8d68b435acb572954556ba66285fb7f7a2cc75cc2e2e81 |
| SHA512 | 9fde4754f4fe50e01a8486e0e9c6677e2bf5698fd40e8510f08b4407e5d769a6b0f3a41a3d21cf14654b4a25f1f17b07592fe36c966bf5d864e6c0ea0dde707b |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
| MD5 | ab0ef6db96a08bdff4ab539be097589d |
| SHA1 | d748e5083179f8cfc6bba3255e7a118c48cfbb55 |
| SHA256 | 8518e8894d750ae29814afefc646210164de0a6c5f044172f24941f41bcf0c14 |
| SHA512 | f45a1a7880aa778c01158e7a276f64318c7a99c393479eb645805dc1730acf8c3ccfd7a98a47ad832eca4a380e2ac86773fc96821af6a731e5400d900dcb3659 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 8c441e489b5496bff86d0b608fd2e347 |
| SHA1 | 2860b283c2d155a62afa92dbaa01a1970363de02 |
| SHA256 | 7fa53a204ddf1e245c1ca86aa5724449594bc89337b93fcbaa3ee83c98fbb165 |
| SHA512 | 0f6766b32363fab26702338337f56dd83bd0f9114900e98dadc2223cd601a4f9331e0150bd9087b3e8f3d9ee99ba743b491a1cf3b02cc981ad530a06d8ea99cc |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | ca51ae60f06b573c33aee58eb300fde0 |
| SHA1 | 0879aa574afce2219e7b076ef98aa19ee043ee90 |
| SHA256 | aa4216bb8d3ea826489a9327f9be022ed566bb163ae32cbc570b0c9cc4a2dafa |
| SHA512 | 5def4c8acddfb38e9a1effcf832a315c7cdc3ffb2f654e45eb37981a7b08a2c018d531d4fda97328f596d766a34320552bc2951e8741c23cd3912bde52fbc30d |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | 5b6d96e86780070f951f3e923b3a5e75 |
| SHA1 | c52cb4ea0af52fb06422d92a37a995a6a4157b3a |
| SHA256 | 2612ababbfa8742348c7d1eae8c8ceda4d0193796e0272e4f47ac6a8e7bbdd83 |
| SHA512 | f24fcd3dd41afbf298ac1843cbbf3d4e260f9b676bc2823350ba38bef816a691dbf981ceec19d18633c73fe7eb5c435a017fee20fe0002edd0d24afd1276bf3b |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 1a8fe1bf77c9b54eb0411c48e5eb499a |
| SHA1 | 77154ec27d648207ccf1c2f4a8a531f7203262e8 |
| SHA256 | 8abbea1b6836175b4c8ed81da7fb16a0055acaccae75f1ee1d18f3b3599c86d5 |
| SHA512 | ff83f5475d6d8e9e832c063c36cc02c8859457a1166009db255d893860fc56ff98a0a4f1af4870e045f8bc4f4207e825ad6a2fb38525f91b3dac6129a773e4f2 |
memory/5020-637-0x0000000140000000-0x000000014012D000-memory.dmp
memory/2232-654-0x0000000140000000-0x0000000140169000-memory.dmp
memory/952-657-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/1544-658-0x0000000140000000-0x0000000140199000-memory.dmp
memory/428-659-0x0000000140000000-0x0000000140179000-memory.dmp
memory/5068-662-0x0000000140000000-0x0000000140147000-memory.dmp
memory/4372-663-0x0000000140000000-0x00000001401FC000-memory.dmp
memory/744-664-0x0000000140000000-0x0000000140216000-memory.dmp
memory/3668-665-0x0000000140000000-0x000000014015D000-memory.dmp
memory/5056-667-0x0000000140000000-0x0000000140179000-memory.dmp