Analysis Overview
SHA256
253e5fa36738d1820d1eccd42811326a00d9fca65f8a1a6316d11e922436cb30
Threat Level: Shows suspicious behavior
The file 04aad27fda072629818afa8e15abb4d8.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Checks SCSI registry key(s)
Checks processor information in registry
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 01:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 01:00
Reported
2024-06-04 01:03
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\vssvc.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\456c1eca8beeeac9.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\System32\snmptrap.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\SgrmBroker.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\System32\OpenSSH\ssh-agent.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\MSDtc\MSDTC.LOG | C:\Windows\System32\msdtc.exe | N/A |
| File opened for modification | C:\Windows\SysWow64\perfhost.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\AgentService.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\SearchIndexer.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\System32\msdtc.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\spectrum.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\TieringEngineService.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\System32\vds.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\wbengine.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\wbem\WmiApSrv.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\msiexec.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\system32\locator.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\System32\SensorDataService.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javadoc.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\orbd.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsgen.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jar.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\policytool.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\iexplore.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstat.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\servertool.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_93484\javaw.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File created | C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\dotnet.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\keytool.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\kinit.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\policytool.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iediagcmd.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jcmd.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\unpack200.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javaws.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmid.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jhat.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\pack200.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\serialver.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe | N/A |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Windows\System32\msdtc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\TieringEngineService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\TieringEngineService.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\setupapi.dll,-2000 = "Setup Information" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4803 = "VBScript Encoded Script File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002a2120b61ab6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000001aa848b61ab6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9908 = "Wave Sound" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9937 = "3GPP Audio/Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E46787A1-4629-4423-A693-BE1F003B2742} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b018dab61ab6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\regedit.exe,-309 = "Registration Entries" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006d90b1b61ab6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9926 = "M3U file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000ea786b61ab6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\wmphoto.dll,-500 = "Windows Media Photo" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000bf6a8bb61ab6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000008b0d0db61ab6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000009ca767b61ab6da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe
"C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe"
C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe
C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2c8,0x2cc,0x2d0,0x29c,0x2d4,0x140462458,0x140462468,0x140462478
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1f1cab58,0x7ffb1f1cab68,0x7ffb1f1cab78
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:1
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x2ac,0x2a4,0x2a8,0x2a0,0x2b0,0x14044ae48,0x14044ae58,0x14044ae68
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x14044ae48,0x14044ae58,0x14044ae68
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.10.141.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 34.193.97.35:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 34.193.97.35:80 | przvgke.biz | tcp |
| US | 54.157.24.8:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.97.193.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 44.208.124.139:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 44.208.124.139:80 | przvgke.biz | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 139.124.208.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 54.157.24.8:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | 8.24.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 44.200.43.61:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | 61.43.200.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 3.237.86.197:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | 150.16.251.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 44.200.43.61:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | 197.86.237.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 34.193.97.35:80 | fwiwk.biz | tcp |
| US | 34.193.97.35:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 54.80.154.23:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 3.237.86.197:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 23.154.80.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.208.124.139:80 | fwiwk.biz | tcp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 44.208.124.139:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 8.8.8.8:53 | 200.78.164.35.in-addr.arpa | udp |
| US | 165.160.15.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 54.80.154.23:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | 20.15.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 44.200.43.61:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | 45.97.211.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.15.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 54.80.154.23:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 3.237.86.197:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 3.237.86.197:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 34.193.97.35:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 44.213.104.86:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 54.80.154.23:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | 86.104.213.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 54.80.154.23:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 3.237.86.197:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.218.204.173:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 44.213.104.86:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 54.80.154.23:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | 173.204.218.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 44.213.104.86:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 44.200.43.61:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | 185.94.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 44.200.43.61:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.218.204.173:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 44.213.104.86:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 44.200.43.61:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 44.200.43.61:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 44.213.104.86:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 34.193.97.35:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| US | 44.200.43.61:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 3.94.10.34:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 35.164.78.200:80 | tnevuluw.biz | tcp |
| US | 54.80.154.23:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| SG | 18.141.10.107:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 44.213.104.86:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 3.237.86.197:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 34.211.97.45:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
| US | 54.80.154.23:80 | damcprvgv.biz | tcp |
| US | 8.8.8.8:53 | ocsvqjg.biz | udp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 3.254.94.185:80 | ocsvqjg.biz | tcp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | ywffr.biz | udp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| US | 54.244.188.177:80 | ywffr.biz | tcp |
| US | 44.200.43.61:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 3.94.10.34:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | ecxbwt.biz | udp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 54.244.188.177:80 | ecxbwt.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 35.164.78.200:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | pectx.biz | udp |
| US | 44.213.104.86:80 | pectx.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| SG | 18.141.10.107:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | zyiexezl.biz | udp |
| US | 54.80.154.23:80 | zyiexezl.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | banwyw.biz | udp |
| US | 3.237.86.197:80 | banwyw.biz | tcp |
| US | 8.8.8.8:53 | muapr.biz | udp |
| US | 8.8.8.8:53 | wxgzshna.biz | udp |
| US | 8.8.8.8:53 | zrlssa.biz | udp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 3.237.86.197:80 | zrlssa.biz | tcp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 8.8.8.8:53 | 20.13.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jlqltsjvh.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| SG | 18.141.10.107:80 | jlqltsjvh.biz | tcp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 3.237.86.197:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 34.211.97.45:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 54.80.154.23:80 | damcprvgv.biz | tcp |
| US | 8.8.8.8:53 | xyrgy.biz | udp |
| US | 54.80.154.23:80 | xyrgy.biz | tcp |
| US | 8.8.8.8:53 | ocsvqjg.biz | udp |
| IE | 3.254.94.185:80 | ocsvqjg.biz | tcp |
| US | 8.8.8.8:53 | htwqzczce.biz | udp |
| US | 34.193.97.35:80 | htwqzczce.biz | tcp |
| US | 8.8.8.8:53 | ywffr.biz | udp |
| US | 54.244.188.177:80 | ywffr.biz | tcp |
| US | 8.8.8.8:53 | ecxbwt.biz | udp |
| US | 54.244.188.177:80 | ecxbwt.biz | tcp |
| US | 34.193.97.35:80 | htwqzczce.biz | tcp |
| US | 8.8.8.8:53 | pectx.biz | udp |
| US | 44.213.104.86:80 | pectx.biz | tcp |
| US | 8.8.8.8:53 | zyiexezl.biz | udp |
| US | 54.80.154.23:80 | zyiexezl.biz | tcp |
| US | 8.8.8.8:53 | banwyw.biz | udp |
| US | 3.237.86.197:80 | banwyw.biz | tcp |
| US | 8.8.8.8:53 | muapr.biz | udp |
| US | 8.8.8.8:53 | wxgzshna.biz | udp |
| US | 8.8.8.8:53 | zrlssa.biz | udp |
| US | 3.237.86.197:80 | zrlssa.biz | tcp |
| US | 8.8.8.8:53 | kvbjaur.biz | udp |
| US | 54.244.188.177:80 | kvbjaur.biz | tcp |
| US | 8.8.8.8:53 | jlqltsjvh.biz | udp |
| SG | 18.141.10.107:80 | jlqltsjvh.biz | tcp |
| US | 8.8.8.8:53 | uphca.biz | udp |
| US | 44.221.84.105:80 | uphca.biz | tcp |
| US | 8.8.8.8:53 | fjumtfnz.biz | udp |
| US | 34.211.97.45:80 | fjumtfnz.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 54.80.154.23:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | xyrgy.biz | udp |
| US | 54.80.154.23:80 | xyrgy.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 8.8.8.8:53 | hlzfuyy.biz | udp |
| US | 3.237.86.197:80 | jhvzpcfg.biz | tcp |
| US | 34.211.97.45:80 | hlzfuyy.biz | tcp |
| US | 8.8.8.8:53 | htwqzczce.biz | udp |
| US | 44.208.124.139:80 | htwqzczce.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | rffxu.biz | udp |
| IE | 34.246.200.160:80 | rffxu.biz | tcp |
| US | 8.8.8.8:53 | cikivjto.biz | udp |
| US | 44.213.104.86:80 | cikivjto.biz | tcp |
| US | 8.8.8.8:53 | qncdaagct.biz | udp |
| US | 34.218.204.173:80 | qncdaagct.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 44.208.124.139:80 | htwqzczce.biz | tcp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 44.213.104.86:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | kvbjaur.biz | udp |
| US | 54.244.188.177:80 | kvbjaur.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 54.80.154.23:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | shpwbsrw.biz | udp |
| SG | 13.251.16.150:80 | shpwbsrw.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | uphca.biz | udp |
| US | 44.221.84.105:80 | uphca.biz | tcp |
| US | 8.8.8.8:53 | fjumtfnz.biz | udp |
| US | 34.211.97.45:80 | fjumtfnz.biz | tcp |
| US | 8.8.8.8:53 | cjvgcl.biz | udp |
| US | 54.80.154.23:80 | cjvgcl.biz | tcp |
| US | 8.8.8.8:53 | hlzfuyy.biz | udp |
| US | 34.211.97.45:80 | hlzfuyy.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | neazudmrq.biz | udp |
| US | 3.237.86.197:80 | neazudmrq.biz | tcp |
| US | 8.8.8.8:53 | pgfsvwx.biz | udp |
| US | 8.8.8.8:53 | rffxu.biz | udp |
| IE | 34.246.200.160:80 | rffxu.biz | tcp |
| US | 54.80.154.23:80 | pgfsvwx.biz | tcp |
| US | 8.8.8.8:53 | cikivjto.biz | udp |
| US | 8.8.8.8:53 | aatcwo.biz | udp |
| US | 34.218.204.173:80 | aatcwo.biz | tcp |
| US | 44.213.104.86:80 | cikivjto.biz | tcp |
| US | 8.8.8.8:53 | qncdaagct.biz | udp |
| US | 34.218.204.173:80 | qncdaagct.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | kcyvxytog.biz | udp |
| US | 18.208.156.248:80 | kcyvxytog.biz | tcp |
| US | 8.8.8.8:53 | nwdnxrd.biz | udp |
| US | 54.244.188.177:80 | nwdnxrd.biz | tcp |
| US | 8.8.8.8:53 | shpwbsrw.biz | udp |
| SG | 13.251.16.150:80 | shpwbsrw.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.218.204.173:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | cjvgcl.biz | udp |
| US | 54.80.154.23:80 | cjvgcl.biz | tcp |
| US | 8.8.8.8:53 | neazudmrq.biz | udp |
| US | 44.213.104.86:80 | cikivjto.biz | tcp |
| US | 3.237.86.197:80 | neazudmrq.biz | tcp |
| US | 8.8.8.8:53 | ptrim.biz | udp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 8.8.8.8:53 | pgfsvwx.biz | udp |
| SG | 18.141.10.107:80 | ptrim.biz | tcp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 54.80.154.23:80 | pgfsvwx.biz | tcp |
| US | 8.8.8.8:53 | aatcwo.biz | udp |
| US | 34.218.204.173:80 | aatcwo.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 8.8.8.8:53 | kcyvxytog.biz | udp |
| US | 44.213.104.86:80 | qpnczch.biz | tcp |
| US | 18.208.156.248:80 | kcyvxytog.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| US | 8.8.8.8:53 | nwdnxrd.biz | udp |
| US | 8.8.8.8:53 | znwbniskf.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 54.244.188.177:80 | nwdnxrd.biz | tcp |
| US | 34.218.204.173:80 | znwbniskf.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 44.200.43.61:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | ereplfx.biz | udp |
| US | 8.8.8.8:53 | cpclnad.biz | udp |
| US | 3.237.86.197:80 | cpclnad.biz | tcp |
| US | 44.213.104.86:80 | ereplfx.biz | tcp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 8.8.8.8:53 | mjheo.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 3.237.86.197:80 | mjheo.biz | tcp |
| US | 8.8.8.8:53 | ptrim.biz | udp |
| SG | 18.141.10.107:80 | ptrim.biz | tcp |
| US | 8.8.8.8:53 | wluwplyh.biz | udp |
| SG | 18.141.10.107:80 | wluwplyh.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 44.200.43.61:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | znwbniskf.biz | udp |
| US | 34.218.204.173:80 | znwbniskf.biz | tcp |
| US | 8.8.8.8:53 | zgapiej.biz | udp |
| US | 18.208.156.248:80 | zgapiej.biz | tcp |
| US | 8.8.8.8:53 | jifai.biz | udp |
| US | 8.8.8.8:53 | cpclnad.biz | udp |
| US | 44.221.84.105:80 | jifai.biz | tcp |
| US | 3.237.86.197:80 | cpclnad.biz | tcp |
| US | 8.8.8.8:53 | xnxvnn.biz | udp |
| SG | 13.251.16.150:80 | xnxvnn.biz | tcp |
| US | 3.237.86.197:80 | cpclnad.biz | tcp |
| US | 8.8.8.8:53 | wluwplyh.biz | udp |
| SG | 18.141.10.107:80 | wluwplyh.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| SG | 13.251.16.150:80 | xnxvnn.biz | tcp |
| US | 8.8.8.8:53 | ihcnogskt.biz | udp |
| US | 35.164.78.200:80 | ihcnogskt.biz | tcp |
| US | 8.8.8.8:53 | zgapiej.biz | udp |
| US | 18.208.156.248:80 | zgapiej.biz | tcp |
| US | 8.8.8.8:53 | kkqypycm.biz | udp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| SG | 18.141.10.107:80 | kkqypycm.biz | tcp |
| US | 44.221.84.105:80 | jifai.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | xnxvnn.biz | udp |
| SG | 13.251.16.150:80 | xnxvnn.biz | tcp |
| US | 8.8.8.8:53 | uevrpr.biz | udp |
| US | 44.213.104.86:80 | uevrpr.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | fgajqjyhr.biz | udp |
| US | 34.211.97.45:80 | fgajqjyhr.biz | tcp |
| US | 8.8.8.8:53 | ihcnogskt.biz | udp |
| US | 35.164.78.200:80 | ihcnogskt.biz | tcp |
| US | 8.8.8.8:53 | hagujcj.biz | udp |
| US | 18.208.156.248:80 | hagujcj.biz | tcp |
| US | 8.8.8.8:53 | kkqypycm.biz | udp |
| US | 8.8.8.8:53 | sctmku.biz | udp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| SG | 18.141.10.107:80 | kkqypycm.biz | tcp |
| US | 35.164.78.200:80 | sctmku.biz | tcp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | cwyfknmwh.biz | udp |
| US | 8.8.8.8:53 | qcrsp.biz | udp |
| US | 34.211.97.45:80 | qcrsp.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 44.213.104.86:80 | xccjj.biz | tcp |
| US | 44.221.84.105:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 44.213.104.86:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 3.237.86.197:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
memory/1892-6-0x0000000001FC0000-0x0000000002020000-memory.dmp
memory/4864-11-0x0000000000440000-0x00000000004A0000-memory.dmp
C:\Users\Admin\AppData\Roaming\456c1eca8beeeac9.bin
| MD5 | d352be64328a198d06bd704d964958f6 |
| SHA1 | 2ac4f3951e4f421d86475fba5105f2774d599412 |
| SHA256 | f2c6d441ae60635e2afa97173b907509b6a1d6ff21cdd9df3468b0bcb15f8ef4 |
| SHA512 | 6faf15b86677d912dc186b721678062259e3b3007b3b188836227692fdce77413a1b379b00979414a50c3c9193c6559b417d3c1649a08871b3b348740448050c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 90b8e3c077c7289cf4b7078243e26f76 |
| SHA1 | c8e3387c59c20fcff770b846e972a52f7f93591c |
| SHA256 | 001c51870a28710313d50d9037f261881517a384d3e502d9112b04ea2e8538a1 |
| SHA512 | 4461003ce00d03608509d7ab645b933ec95c398623a1d8c6440c8a5b069d32e73aff391a1d3954511dfca7da698c0820970017b66629e3647800e5cc3920f1cf |
memory/1892-40-0x0000000140000000-0x0000000140592000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | c5a7a6733d872f020842d3ca3bd119e6 |
| SHA1 | 25f0612581d2ca0381b1492ebc4dc8bdb093558e |
| SHA256 | e1a8c93be2d5a0769e346e4be574d65b2e413f3e119b6776f4e26d60ecc45fe4 |
| SHA512 | fc0798c924961c5b27a3871ec5ea2170e1179ea691d0fb017c61f84e086d0768e8ace5526484cf437a8143a2e16626aebbba00dd74a56fc87c72d13b2bb5da9a |
memory/4848-49-0x00000000006A0000-0x0000000000700000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | dcfe9f927a0818721e1eb1b38f9ad9dc |
| SHA1 | 17272ad22ad69d1815afd5054e317135a1264ccf |
| SHA256 | ce60e562c2e87af021315d9db4e45b90f77057c20a49bbf2ac662ee97d21b048 |
| SHA512 | dcd8841947798350dfcbcdd5c22ba705c14d66654cf8a301f2caf021c3d7943c4a3400828d7532c823c19b54321873d8c027ab040e19cc4f128dbc08bd0ea128 |
memory/2228-55-0x0000000000530000-0x0000000000590000-memory.dmp
memory/4848-64-0x0000000140000000-0x00000001400A9000-memory.dmp
memory/2228-61-0x0000000000530000-0x0000000000590000-memory.dmp
memory/2228-65-0x0000000140000000-0x0000000140135000-memory.dmp
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
| MD5 | 9dea15d3247c837b46cdfaddec11191d |
| SHA1 | 55e1479b6f8cf375076756c53ae367fde46fa865 |
| SHA256 | 80c1011ccae73a56747d7215604889b901e8cd2e6e160845dcce2c81d7a04d10 |
| SHA512 | 6e7eddc482fe4f73eef984a82af0ff4b7d8e7aa1cb76a014e8587b783e43a6bc1108c3e0a45da2cdcf6e76623b0c6853df3fccd37491454e5a7808d84bbbb4fb |
memory/4848-43-0x00000000006A0000-0x0000000000700000-memory.dmp
memory/2704-67-0x0000000140000000-0x000000014024B000-memory.dmp
memory/2704-74-0x0000000000720000-0x0000000000780000-memory.dmp
memory/2704-68-0x0000000000720000-0x0000000000780000-memory.dmp
memory/2676-38-0x0000000000730000-0x0000000000790000-memory.dmp
memory/2676-37-0x0000000000730000-0x0000000000790000-memory.dmp
memory/3080-85-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/3080-79-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | 0036d1b9fd01a4ab7cdec18c901118a6 |
| SHA1 | f8d851d93f7c736572fd73b9bc4dbfc08b6cde57 |
| SHA256 | 0051f10a6fe923309e27487677b82bed3140cae245f0aae6a81d5696b3bee3e9 |
| SHA512 | 5f006d5fd387e45e9b91d85710f208f92b77082c18b99c0138398f0c579dac96fc6af2db12206026e867e157c6b78d046317ae86710a5d6cc4183c0e6fb9498c |
memory/4248-90-0x0000000001A60000-0x0000000001AC0000-memory.dmp
memory/4248-98-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/4248-103-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/2228-106-0x0000000140000000-0x0000000140135000-memory.dmp
C:\Windows\System32\msdtc.exe
| MD5 | 8cf601eda867aee9edc0f300b343f029 |
| SHA1 | 2ef3deaad62cc0eab4859fc1139ec4d28b7ff535 |
| SHA256 | 0ac84e0d291a82a50f2661e9a0bcdda9467369facda691eb472a5e72bd21b52d |
| SHA512 | 48038025170cc5befc52628147819729a8a38ad68858c060233d54975babd3cb12c4779d39c14f6914857e450eb6b4fb429b8c5be8072229452bdf25a6a567f1 |
memory/1996-116-0x0000000140000000-0x00000001400B9000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 448c6dd039fa7db2cb0123a4b429c6e2 |
| SHA1 | 3596b59ae2dcd5526a6ccd0001f783a7c617f905 |
| SHA256 | ba680564ff936f6b75f758620dda569ec31b20d6ff976e87e745b99d11359ba2 |
| SHA512 | ea49929333f9ed70b80b77633bac303d9ede504797502ec2b2b4edadbedb20483df9d51b3df341afbbd8bc2fa8c8483310bfee3fa82a38bf91589aea107b657f |
memory/3080-88-0x0000000140000000-0x000000014022B000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 5a3f30e2f44d79420a17275f2f682f37 |
| SHA1 | ffa59de0399a9fb51fafd434cce63aae846c10b7 |
| SHA256 | bcacd414e27a84650e71e1c364d4b07ccefec510f433145c6a7928da22a52a61 |
| SHA512 | ab2f7b3a06f3c26a3332873a9e1ad8dc6bdcecebf6578a7b9331c7bf19379e339618fde773f5c6d4c08049d7294f56130d7e036201f0f6a7b1fb8d0ebf884756 |
C:\Windows\SysWOW64\perfhost.exe
| MD5 | 622b7e4ab8fc7123796f357c6f113e1a |
| SHA1 | ccbd802ec479f7649d79d4db60ea743e429aaf0d |
| SHA256 | f8de95a4e15caaa9ec0d0d883fe9ed39ae34ca13f22e657510a9166c150b805c |
| SHA512 | e7cca68e5e1d2ae04843e41974d35ef8f8db9572e8077a4efb1fac96815c773eb0764ea434c68ffd3bcfafb364a0d29ac18eca55a4029dac5f0e401b00776858 |
C:\Windows\System32\Locator.exe
| MD5 | adb34c914d2df66649d7f2285817d615 |
| SHA1 | c0f40ecea4c2d81efbd4504493c0f7ec65941144 |
| SHA256 | 60ffb8058daca4b7112ed1ff7cdaf99a4914d5dcf68be43840067b48aff2d84e |
| SHA512 | 7e00c89d9bc3789d7728a734214573f6df356bac46ecbd86cfbc2c4c49dd40ef82a6020ed65fac7a61e6efb0478f7c2a810b87077e225862c32403ba5dcfd9b6 |
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | dcfd810b3e077ff7afd54ce96c329731 |
| SHA1 | e0e95156036efd6dd9955eb86544044d93f396f9 |
| SHA256 | c482bcfd6a5717fd1c83472eed5ab3b0887b9fd694aca517dcf6a9ea7038198d |
| SHA512 | 2618bf8e2cea8062a73f66d4619d3448b7ed23167b17fef3f2016756f21ba5466a8cd7403bd7de89248346a7e4ea58726d8e41b2bfade7d677d4060e529eb665 |
memory/3412-157-0x0000000140000000-0x0000000140095000-memory.dmp
memory/2072-156-0x0000000000400000-0x0000000000497000-memory.dmp
memory/732-155-0x0000000140000000-0x00000001400AB000-memory.dmp
memory/3160-169-0x0000000140000000-0x00000001401D7000-memory.dmp
C:\Windows\System32\SensorDataService.exe
| MD5 | 81316c0bb0fe67914ea1b31c98f50dbc |
| SHA1 | c5e1938dbce1702fe01bf7444c969ff8d6e983e2 |
| SHA256 | 7e215b98003f675766e9961d585b0c0ea503a0aa6f36eb6f60cfc6eff65cead3 |
| SHA512 | 32127b955e7146c017751d5addd4af78d7b4bba3b0aca8cb94355890f241bdd73d8e996e7f8dc7709fdafb2ae1c5fb66f14372e1b2a331ff384404d717774993 |
C:\Windows\System32\snmptrap.exe
| MD5 | 9f1b9218dce24b3f789568d9fa77ee1a |
| SHA1 | b11161408d3226a001a4b3abac2dab33de50f466 |
| SHA256 | 8a7aaea0f521fd05b753028c33713761460750e7209d878a2e619f399200d480 |
| SHA512 | 5afb0fd8e54ac1a406dc0e4ef8af2fdf397f1c79ee195136224328f13ec1e4bdfe0825ba7f643d9e21c90948b984ac2b1f763f1c285aba5d8e787e9a0eb4c324 |
memory/1372-180-0x0000000140000000-0x0000000140096000-memory.dmp
memory/4864-154-0x0000000140000000-0x0000000140592000-memory.dmp
memory/3648-120-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/2676-36-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/2676-30-0x0000000000730000-0x0000000000790000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 67925099fb187ac8273d52499c65fdcf |
| SHA1 | 72b5c710a481d6c28de02f2394255ef894dbe2dc |
| SHA256 | 140f0925065bb0537defb9d6a545ea7bae3a18ad61121cf768dde4faaad354bf |
| SHA512 | 86140193e4125cf185b028c6a480065dcf31eb5b6b03180f47ce09e4d7740ce1a9ead7a3e97d8555d4d613140d1937d60b62ee5995fbd3ab71f4b9df7298afd4 |
memory/1892-22-0x0000000001FC0000-0x0000000002020000-memory.dmp
memory/4864-20-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/4864-19-0x0000000140000000-0x0000000140592000-memory.dmp
memory/1892-10-0x0000000140000000-0x0000000140592000-memory.dmp
\??\pipe\crashpad_1464_KUNKVXCQJNZLEADU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\System32\Spectrum.exe
| MD5 | 22e06500057e727cae1511ea1fc68a41 |
| SHA1 | f964e6ade8ea002fdf1481e366f802c075752d2a |
| SHA256 | 44bbc99246e7334e1516cd0f408575ca4e07e4b3014cb031f95f801721f477ea |
| SHA512 | 2c5e5944f5bd42762765f2b34e216cae3e5413394e85d89f6b77ab03893a0129aeee234a1a7ae25e4f93d7c28288de8540af55e0fd6db4754e112fa1641caee0 |
memory/3768-195-0x0000000140000000-0x0000000140169000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
| MD5 | ef36a84ad2bc23f79d171c604b56de29 |
| SHA1 | 38d6569cd30d096140e752db5d98d53cf304a8fc |
| SHA256 | e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831 |
| SHA512 | dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be |
memory/2676-194-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/1892-0-0x0000000001FC0000-0x0000000002020000-memory.dmp
memory/2704-214-0x0000000140000000-0x000000014024B000-memory.dmp
memory/2536-223-0x0000000140000000-0x00000001400E2000-memory.dmp
memory/3660-211-0x0000000140000000-0x0000000140102000-memory.dmp
memory/1640-237-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/532-238-0x0000000140000000-0x0000000140147000-memory.dmp
memory/3080-236-0x0000000140000000-0x000000014022B000-memory.dmp
C:\Windows\System32\vds.exe
| MD5 | 607333bea3d4feadf8882bdc63054829 |
| SHA1 | ee644a3b9dbe56818fc18fa3f13bc2971bbccb6a |
| SHA256 | 9ce06e26148799b83ba29c1f89c85fb4cf74b4b322e925622f090acef03b2920 |
| SHA512 | ec4e322844bf04359bb05f4176817413af0443344483a6d343fb050a1898c97c1e12a54e83dfee0ed3574d9b0af3590e9c8c942b30d3d6e9986f9045c7b8ae5e |
memory/1640-249-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/2372-259-0x0000000140000000-0x00000001401FC000-memory.dmp
C:\Windows\System32\wbengine.exe
| MD5 | d6a3db9b77fb198f8a8e63bea1461277 |
| SHA1 | e47d85089ce652eaab9e7f9ccf24bb51e93ab320 |
| SHA256 | 603773c1d55bd157489f387465340c4a50741d50a0b509360704760434baecc3 |
| SHA512 | d2e1be8437f0ef4383b6b4aaa54a4196cfab007c0ff16f8a64af95e802696822048743fddb7de1765c266882b3fc6b0af6b71b75fbbd117a9394e769948624f2 |
memory/3412-264-0x0000000140000000-0x0000000140095000-memory.dmp
memory/4868-273-0x0000000140000000-0x0000000140216000-memory.dmp
memory/3648-263-0x0000000140000000-0x00000001400CF000-memory.dmp
C:\Windows\System32\SearchIndexer.exe
| MD5 | 57e3ba8dc6652500011ffe795d3a3c5d |
| SHA1 | adfa9e6f45c9b70b577e8a5a00edb0ab18732e1a |
| SHA256 | 7c5b896a6db5227b0cbf8be62205026e66f629839a897c4d116c326f0a276079 |
| SHA512 | f86b5a8149a0fee000fb45807e5b2ce5a6fa045d41311d234118542359f00a64c190f9fe208257f0ed3546393efd814b65dae3dac04464c1926b0ea2250eecf1 |
memory/3160-294-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/5148-295-0x0000000140000000-0x0000000140179000-memory.dmp
memory/2204-281-0x0000000140000000-0x00000001400C6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
| MD5 | af42c6e556361c2f4092a514ef41c15d |
| SHA1 | 26f7961c2d8dc62726d46df802f6382f230a7463 |
| SHA256 | 8925f54d07a11143788a3bf35f619fd7a15cb0224000beb52a87e8fcda17db71 |
| SHA512 | 084d7d78b02972182a7659e9b0ac0a0aa97e0837cc7a68097dbbc7a1b20721c807dc96133b1872b7e36d81de7f27ebcbfc8d7f87a83a2a66d2ae47ce7c06a3d9 |
memory/3768-410-0x0000000140000000-0x0000000140169000-memory.dmp
memory/3660-422-0x0000000140000000-0x0000000140102000-memory.dmp
memory/2536-434-0x0000000140000000-0x00000001400E2000-memory.dmp
memory/5488-445-0x0000000140000000-0x000000014057B000-memory.dmp
C:\Windows\TEMP\Crashpad\settings.dat
| MD5 | 0a8c17e97526f751a8aa475e8c8b7983 |
| SHA1 | 2cb070d16a547e867aca22af457f13c44c17d0e2 |
| SHA256 | 81519c37e7b764606c063607c2fdc287f28845aed7cce899222c4f714f16f860 |
| SHA512 | 40a71708d63ea949f7132ef01340b3202eb349119623aa849b0e103e4b7ddbea543ba7ebe98b255eb58e26ac050c09a1dde89327f31deaa77f483dcf16136593 |
memory/5416-432-0x0000000140000000-0x000000014057B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
| MD5 | 64b98084e4cb8c2298369ae10f88de9e |
| SHA1 | 62ce0b1c255a47cb5be70238a36a2adfb7d5cba1 |
| SHA256 | 33bb1404c2805e5224e3766e14c06f51601a2d3233dc592f82facb96df21e42e |
| SHA512 | 2f00feda60177eb74fc1bed909083e04ab36455934b9e80ffcf4a7550a9d1a8786533db58c8d0f313da42a6e277ca5469fe58ea50645b37008fe0295d381d99c |
C:\Program Files\Google\Chrome\Application\SetupMetrics\d80fb502-b0db-4be7-a21e-b5bfbd30eafa.tmp
| MD5 | 6d971ce11af4a6a93a4311841da1a178 |
| SHA1 | cbfdbc9b184f340cbad764abc4d8a31b9c250176 |
| SHA256 | 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783 |
| SHA512 | c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f |
memory/6040-478-0x0000000140000000-0x000000014057B000-memory.dmp
memory/5416-467-0x0000000140000000-0x000000014057B000-memory.dmp
memory/5252-419-0x0000000140000000-0x000000014057B000-memory.dmp
memory/6040-409-0x0000000140000000-0x000000014057B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
| MD5 | 05f618710075880783d353b49c7f9933 |
| SHA1 | c4389c00b98818a2e8d2515eb62d302ec01940f9 |
| SHA256 | 3164df5a92779f2c2aece1a5c8a4db3b537a1a85a6b4682f1800260c7f8e62bc |
| SHA512 | 19321243a78d6477e50364bc3fb6d7801c4839534232c5b18aa9b1284149c7f47e2019abb6c1afb82bbadd2ea622cd307900a13f82c466e01280dcdb7c639909 |
memory/1372-398-0x0000000140000000-0x0000000140096000-memory.dmp
memory/3160-488-0x0000000140000000-0x00000001401D7000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 39ac8f028633d70df0308251152eb78b |
| SHA1 | 4a571b47f75332da65f25a508785270c25d555b9 |
| SHA256 | a5311fcbd9749fdb4005c6e0f68583677a11828c9a3c0aeed9353484fdc1ba28 |
| SHA512 | 31ee00eace67d4b0d772f25fa5b1e5c80bc551b31d6643d05de45c68a5e3b641e00c45599264b85565f450c7dd2b848b645e56369dcf9bcab3737a13a969f8ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 36b93bec83186b6f8ef0dac07775e408 |
| SHA1 | af5eafb19fe2b1e5ffd5fb45525e252cb461b579 |
| SHA256 | 24521bbc4fa481f20b0e69a53b89679a86b4dc8752177c104ad738fff0d42af5 |
| SHA512 | d068b304ef187afaaf728a6f0b0cecfecd1cd8e140228f53ec9ebcc40ae918138707e0d3b853472205278249cf25a222004c52bd13be7f4cf792d7b2ac5f02d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe576c95.TMP
| MD5 | 2439032641f0c53dcd64320bfa02af0a |
| SHA1 | a1820031d22a713be8ff0a020783b7bc72860ae1 |
| SHA256 | 13f018fd7e8d456a16ab52c9430b449ed2f126386dc10abb8d01ff752f92db72 |
| SHA512 | d9e02ab626313b138f721b369d987f45e68682f6cf2d76138195cedc75cea2237cf36677173a82672bf54ae9fe480b54f42c76af18e8e4c6cad76da85bc178d1 |
memory/532-503-0x0000000140000000-0x0000000140147000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eba70743555b9b0940e0f47fb42acd26 |
| SHA1 | d08a56b4adc02500854bf0d559576abc488a11d1 |
| SHA256 | 383d47615c5c7c5e6fe7ad63d58efb03f50f3f7df55946b7ac615839186c63f9 |
| SHA512 | e9dddac9ad7eea0862c7f1e726e267e2ebb4b6ed2984c716171c771c6b1fd62a5e150c45ba8a49e9214dc1160f23f386fc352074967448801415c44833a05818 |
memory/2372-509-0x0000000140000000-0x00000001401FC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 57e8199000653809c51632652d84792b |
| SHA1 | 0861cbda51c8fe929db40f70d268a5dcbdf654c8 |
| SHA256 | 66be6e6ee707ff68d5619c784b5d10b133b8de1b4af5d1ef3dafff044e32cd6f |
| SHA512 | e96f666077b9243f0f050eb17b4d330fa1a086e4b1f8fe8e0b3e64ef2423d58a699e73d33cd93df34ee7ed19939923dd4fec8d4f7d56f1d551794392a7ddd774 |
memory/4868-517-0x0000000140000000-0x0000000140216000-memory.dmp
memory/2204-520-0x0000000140000000-0x00000001400C6000-memory.dmp
memory/5148-649-0x0000000140000000-0x0000000140179000-memory.dmp
memory/5252-650-0x0000000140000000-0x000000014057B000-memory.dmp
memory/5488-652-0x0000000140000000-0x000000014057B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 53c24efbb52c0f00702bf99523020df7 |
| SHA1 | 8ec8a6bc506f24ca97944632a9fed45126eaff62 |
| SHA256 | c659eff4d5dd051cfab584913f383bd79ec72d79617f37d3f72837696f3e4296 |
| SHA512 | b61e034b9db22a1adac7de4cb9885d2eb6e8d8fbfcb8b66bde89faae28012574a5dec1981b4bb6da3bd49510f45f89085767133596b22e6af46308a15a29f91d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 01:00
Reported
2024-06-04 01:03
Platform
win7-20240220-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe
"C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe"
Network
Files
memory/1992-0-0x0000000140000000-0x0000000140592000-memory.dmp