Malware Analysis Report

2024-11-15 06:38

Sample ID 240604-bc5pmsgd52
Target 04aad27fda072629818afa8e15abb4d8.bin
SHA256 253e5fa36738d1820d1eccd42811326a00d9fca65f8a1a6316d11e922436cb30
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

253e5fa36738d1820d1eccd42811326a00d9fca65f8a1a6316d11e922436cb30

Threat Level: Shows suspicious behavior

The file 04aad27fda072629818afa8e15abb4d8.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

Checks SCSI registry key(s)

Checks processor information in registry

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 01:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 01:00

Reported

2024-06-04 01:03

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\vssvc.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\456c1eca8beeeac9.bin C:\Windows\System32\alg.exe N/A
File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\System32\snmptrap.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\SgrmBroker.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG C:\Windows\System32\msdtc.exe N/A
File opened for modification C:\Windows\SysWow64\perfhost.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\AgentService.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\SearchIndexer.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\System32\msdtc.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\spectrum.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\TieringEngineService.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\System32\vds.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\wbengine.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\system32\locator.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\System32\SensorDataService.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\orbd.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsgen.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\updater.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_93484\javaw.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\dotnet\dotnet.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\pack200.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\serialver.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
File opened for modification C:\Windows\DtcInstall.log C:\Windows\System32\msdtc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\spectrum.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\system32\spectrum.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\System32\SensorDataService.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\system32\spectrum.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\spectrum.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\SensorDataService.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\spectrum.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\System32\SensorDataService.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\TieringEngineService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\TieringEngineService.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\setupapi.dll,-2000 = "Setup Information" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine" C:\Windows\system32\SearchIndexer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4803 = "VBScript Encoded Script File" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration" C:\Windows\system32\SearchIndexer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection" C:\Windows\system32\SearchIndexer.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002a2120b61ab6da01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000001aa848b61ab6da01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9908 = "Wave Sound" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9937 = "3GPP Audio/Video" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E46787A1-4629-4423-A693-BE1F003B2742} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b018dab61ab6da01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\regedit.exe,-309 = "Registration Entries" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006d90b1b61ab6da01 C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9926 = "M3U file" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000ea786b61ab6da01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\wmphoto.dll,-500 = "Windows Media Photo" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000bf6a8bb61ab6da01 C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration" C:\Windows\system32\SearchIndexer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000008b0d0db61ab6da01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000009ca767b61ab6da01 C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\TieringEngineService.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\TieringEngineService.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\AgentService.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1892 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe
PID 1892 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe
PID 1892 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1892 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 3632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 5020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1464 wrote to memory of 4052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe

"C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe"

C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe

C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=113.0.5672.93 --initial-client-data=0x2c8,0x2cc,0x2d0,0x29c,0x2d4,0x140462458,0x140462468,0x140462478

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1f1cab58,0x7ffb1f1cab68,0x7ffb1f1cab78

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Windows\System32\msdtc.exe

C:\Windows\System32\msdtc.exe

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe

C:\Windows\SysWow64\perfhost.exe

C:\Windows\SysWow64\perfhost.exe

C:\Windows\system32\locator.exe

C:\Windows\system32\locator.exe

C:\Windows\System32\SensorDataService.exe

C:\Windows\System32\SensorDataService.exe

C:\Windows\System32\snmptrap.exe

C:\Windows\System32\snmptrap.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8

C:\Windows\system32\spectrum.exe

C:\Windows\system32\spectrum.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:1

C:\Windows\System32\OpenSSH\ssh-agent.exe

C:\Windows\System32\OpenSSH\ssh-agent.exe

C:\Windows\system32\TieringEngineService.exe

C:\Windows\system32\TieringEngineService.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8

C:\Windows\system32\AgentService.exe

C:\Windows\system32\AgentService.exe

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\wbengine.exe

"C:\Windows\system32\wbengine.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8

C:\Windows\system32\SearchProtocolHost.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x2ac,0x2a4,0x2a8,0x2a0,0x2b0,0x14044ae48,0x14044ae58,0x14044ae68

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x14044ae48,0x14044ae58,0x14044ae68

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 --field-trial-handle=1908,i,11473193053713361312,2007788645273076543,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 pywolwnvd.biz udp
US 54.244.188.177:80 pywolwnvd.biz tcp
US 8.8.8.8:53 ssbzmoy.biz udp
US 8.8.8.8:53 177.188.244.54.in-addr.arpa udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 ssbzmoy.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 107.10.141.18.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 pywolwnvd.biz udp
US 8.8.8.8:53 cvgrf.biz udp
US 54.244.188.177:80 cvgrf.biz tcp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 8.8.8.8:53 apis.google.com udp
US 54.244.188.177:80 cvgrf.biz tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 npukfztj.biz udp
US 8.8.8.8:53 ssbzmoy.biz udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
SG 18.141.10.107:80 ssbzmoy.biz tcp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 34.193.97.35:80 przvgke.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 34.193.97.35:80 przvgke.biz tcp
US 54.157.24.8:80 przvgke.biz tcp
US 8.8.8.8:53 105.84.221.44.in-addr.arpa udp
US 8.8.8.8:53 35.97.193.34.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 cvgrf.biz udp
GB 142.250.187.238:443 clients2.google.com tcp
US 54.244.188.177:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 44.221.84.105:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 44.208.124.139:80 przvgke.biz tcp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 44.208.124.139:80 przvgke.biz tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 139.124.208.44.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 54.157.24.8:80 przvgke.biz tcp
US 8.8.8.8:53 8.24.157.54.in-addr.arpa udp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
SG 18.141.10.107:80 knjghuig.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
RU 82.112.184.197:80 lpuegx.biz tcp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 44.200.43.61:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 8.8.8.8:53 61.43.200.44.in-addr.arpa udp
US 8.8.8.8:53 saytjshyf.biz udp
US 3.237.86.197:80 saytjshyf.biz tcp
US 8.8.8.8:53 150.16.251.13.in-addr.arpa udp
US 8.8.8.8:53 vcddkls.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 44.200.43.61:80 xlfhhhm.biz tcp
US 8.8.8.8:53 197.86.237.3.in-addr.arpa udp
US 8.8.8.8:53 ifsaia.biz udp
US 8.8.8.8:53 fwiwk.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 34.193.97.35:80 fwiwk.biz tcp
US 34.193.97.35:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 54.80.154.23:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 3.237.86.197:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 8.8.8.8:53 160.200.246.34.in-addr.arpa udp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 23.154.80.54.in-addr.arpa udp
US 8.8.8.8:53 245.26.100.208.in-addr.arpa udp
US 8.8.8.8:53 fwiwk.biz udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.208.124.139:80 fwiwk.biz tcp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 44.208.124.139:80 fwiwk.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 8.8.8.8:53 tbjrpv.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 myups.biz udp
US 8.8.8.8:53 200.78.164.35.in-addr.arpa udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 54.80.154.23:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 34.211.97.45:80 jpskm.biz tcp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
US 8.8.8.8:53 20.15.160.165.in-addr.arpa udp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 44.200.43.61:80 xlfhhhm.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
US 8.8.8.8:53 nqwjmb.biz udp
SG 13.251.16.150:80 ifsaia.biz tcp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 45.97.211.34.in-addr.arpa udp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.15.20:80 myups.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 54.80.154.23:80 gnqgo.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 3.237.86.197:80 saytjshyf.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 3.237.86.197:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
US 8.8.8.8:53 oshhkdluh.biz udp
SG 18.141.10.107:80 vcddkls.biz tcp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 yunalwv.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 34.211.97.45:80 jpskm.biz tcp
US 8.8.8.8:53 fwiwk.biz udp
US 34.193.97.35:80 fwiwk.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 54.80.154.23:80 yauexmxk.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 8.8.8.8:53 86.104.213.44.in-addr.arpa udp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 8.8.8.8:53 gnqgo.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 54.80.154.23:80 gnqgo.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 3.237.86.197:80 jhvzpcfg.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.218.204.173:80 ftxlah.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 54.80.154.23:80 yauexmxk.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 173.204.218.34.in-addr.arpa udp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
US 8.8.8.8:53 dlynankz.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 44.200.43.61:80 oflybfv.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 185.94.254.3.in-addr.arpa udp
US 8.8.8.8:53 140.228.214.85.in-addr.arpa udp
US 8.8.8.8:53 mnjmhp.biz udp
US 44.200.43.61:80 mnjmhp.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 18.208.156.248:80 opowhhece.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
SG 13.251.16.150:80 jdhhbs.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.218.204.173:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 248.156.208.18.in-addr.arpa udp
US 8.8.8.8:53 mgmsclkyu.biz udp
IE 34.246.200.160:80 mgmsclkyu.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
SG 18.141.10.107:80 warkcdu.biz tcp
US 8.8.8.8:53 esuzf.biz udp
US 34.211.97.45:80 esuzf.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 8.8.8.8:53 gcedd.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
SG 13.251.16.150:80 gcedd.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 8.8.8.8:53 brsua.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 44.200.43.61:80 oflybfv.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 8.8.8.8:53 yhqqc.biz udp
US 18.208.156.248:80 jwkoeoqns.biz tcp
US 34.211.97.45:80 yhqqc.biz tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 44.200.43.61:80 mnjmhp.biz tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 opowhhece.biz udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 18.208.156.248:80 opowhhece.biz tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 zjbpaao.biz udp
US 8.8.8.8:53 jdhhbs.biz udp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
SG 13.251.16.150:80 jdhhbs.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 44.213.104.86:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 44.221.84.105:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 8.8.8.8:53 mgmsclkyu.biz udp
US 54.244.188.177:80 rynmcq.biz tcp
IE 34.246.200.160:80 mgmsclkyu.biz tcp
US 34.193.97.35:80 fwiwk.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
SG 18.141.10.107:80 warkcdu.biz tcp
US 8.8.8.8:53 uaafd.biz udp
IE 3.254.94.185:80 uaafd.biz tcp
US 8.8.8.8:53 eufxebus.biz udp
SG 18.141.10.107:80 eufxebus.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 13.251.16.150:80 gcedd.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 34.246.200.160:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 8.8.8.8:53 pwlqfu.biz udp
IE 34.246.200.160:80 pwlqfu.biz tcp
US 8.8.8.8:53 rrqafepng.biz udp
US 44.200.43.61:80 rrqafepng.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 3.94.10.34:80 ctdtgwag.biz tcp
US 8.8.8.8:53 jwkoeoqns.biz udp
US 18.208.156.248:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 tnevuluw.biz udp
US 35.164.78.200:80 tnevuluw.biz tcp
US 54.80.154.23:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 208.100.26.245:80 gytujflc.biz tcp
US 8.8.8.8:53 whjovd.biz udp
SG 18.141.10.107:80 whjovd.biz tcp
US 8.8.8.8:53 qaynky.biz udp
SG 13.251.16.150:80 qaynky.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 44.213.104.86:80 xccjj.biz tcp
US 8.8.8.8:53 hehckyov.biz udp
US 44.221.84.105:80 hehckyov.biz tcp
US 8.8.8.8:53 rynmcq.biz udp
US 54.244.188.177:80 rynmcq.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 bumxkqgxu.biz udp
US 8.8.8.8:53 uaafd.biz udp
US 44.221.84.105:80 bumxkqgxu.biz tcp
IE 3.254.94.185:80 uaafd.biz tcp
US 8.8.8.8:53 reczwga.biz udp
US 3.237.86.197:80 reczwga.biz tcp
US 8.8.8.8:53 dwrqljrr.biz udp
US 8.8.8.8:53 eufxebus.biz udp
SG 18.141.10.107:80 eufxebus.biz tcp
US 54.244.188.177:80 dwrqljrr.biz tcp
US 8.8.8.8:53 bghjpy.biz udp
US 34.211.97.45:80 bghjpy.biz tcp
US 8.8.8.8:53 damcprvgv.biz udp
US 54.80.154.23:80 damcprvgv.biz tcp
US 8.8.8.8:53 ocsvqjg.biz udp
US 8.8.8.8:53 pwlqfu.biz udp
IE 3.254.94.185:80 ocsvqjg.biz tcp
IE 34.246.200.160:80 pwlqfu.biz tcp
US 8.8.8.8:53 ywffr.biz udp
US 8.8.8.8:53 rrqafepng.biz udp
US 54.244.188.177:80 ywffr.biz tcp
US 44.200.43.61:80 rrqafepng.biz tcp
US 8.8.8.8:53 nqwjmb.biz udp
US 35.164.78.200:80 nqwjmb.biz tcp
US 8.8.8.8:53 ctdtgwag.biz udp
US 3.94.10.34:80 ctdtgwag.biz tcp
US 8.8.8.8:53 ecxbwt.biz udp
US 8.8.8.8:53 tnevuluw.biz udp
US 54.244.188.177:80 ecxbwt.biz tcp
US 8.8.8.8:53 ytctnunms.biz udp
US 3.94.10.34:80 ytctnunms.biz tcp
US 35.164.78.200:80 tnevuluw.biz tcp
US 8.8.8.8:53 myups.biz udp
US 165.160.13.20:80 myups.biz tcp
US 8.8.8.8:53 pectx.biz udp
US 44.213.104.86:80 pectx.biz tcp
US 8.8.8.8:53 whjovd.biz udp
SG 18.141.10.107:80 whjovd.biz tcp
US 8.8.8.8:53 zyiexezl.biz udp
US 54.80.154.23:80 zyiexezl.biz tcp
US 8.8.8.8:53 oshhkdluh.biz udp
US 54.244.188.177:80 oshhkdluh.biz tcp
US 8.8.8.8:53 banwyw.biz udp
US 3.237.86.197:80 banwyw.biz tcp
US 8.8.8.8:53 muapr.biz udp
US 8.8.8.8:53 wxgzshna.biz udp
US 8.8.8.8:53 zrlssa.biz udp
US 8.8.8.8:53 yunalwv.biz udp
US 3.237.86.197:80 zrlssa.biz tcp
US 8.8.8.8:53 gjogvvpsf.biz udp
US 8.8.8.8:53 jpskm.biz udp
US 8.8.8.8:53 20.13.160.165.in-addr.arpa udp
US 8.8.8.8:53 jlqltsjvh.biz udp
US 34.211.97.45:80 jpskm.biz tcp
SG 18.141.10.107:80 jlqltsjvh.biz tcp
US 8.8.8.8:53 reczwga.biz udp
US 3.237.86.197:80 reczwga.biz tcp
US 8.8.8.8:53 lrxdmhrr.biz udp
US 8.8.8.8:53 bghjpy.biz udp
US 54.244.188.177:80 lrxdmhrr.biz tcp
US 34.211.97.45:80 bghjpy.biz tcp
US 8.8.8.8:53 wllvnzb.biz udp
US 8.8.8.8:53 damcprvgv.biz udp
SG 18.141.10.107:80 wllvnzb.biz tcp
US 54.80.154.23:80 damcprvgv.biz tcp
US 8.8.8.8:53 xyrgy.biz udp
US 54.80.154.23:80 xyrgy.biz tcp
US 8.8.8.8:53 ocsvqjg.biz udp
IE 3.254.94.185:80 ocsvqjg.biz tcp
US 8.8.8.8:53 htwqzczce.biz udp
US 34.193.97.35:80 htwqzczce.biz tcp
US 8.8.8.8:53 ywffr.biz udp
US 54.244.188.177:80 ywffr.biz tcp
US 8.8.8.8:53 ecxbwt.biz udp
US 54.244.188.177:80 ecxbwt.biz tcp
US 34.193.97.35:80 htwqzczce.biz tcp
US 8.8.8.8:53 pectx.biz udp
US 44.213.104.86:80 pectx.biz tcp
US 8.8.8.8:53 zyiexezl.biz udp
US 54.80.154.23:80 zyiexezl.biz tcp
US 8.8.8.8:53 banwyw.biz udp
US 3.237.86.197:80 banwyw.biz tcp
US 8.8.8.8:53 muapr.biz udp
US 8.8.8.8:53 wxgzshna.biz udp
US 8.8.8.8:53 zrlssa.biz udp
US 3.237.86.197:80 zrlssa.biz tcp
US 8.8.8.8:53 kvbjaur.biz udp
US 54.244.188.177:80 kvbjaur.biz tcp
US 8.8.8.8:53 jlqltsjvh.biz udp
SG 18.141.10.107:80 jlqltsjvh.biz tcp
US 8.8.8.8:53 uphca.biz udp
US 44.221.84.105:80 uphca.biz tcp
US 8.8.8.8:53 fjumtfnz.biz udp
US 34.211.97.45:80 fjumtfnz.biz tcp
US 8.8.8.8:53 gnqgo.biz udp
US 54.80.154.23:80 gnqgo.biz tcp
US 8.8.8.8:53 xyrgy.biz udp
US 54.80.154.23:80 xyrgy.biz tcp
US 8.8.8.8:53 jhvzpcfg.biz udp
US 8.8.8.8:53 hlzfuyy.biz udp
US 3.237.86.197:80 jhvzpcfg.biz tcp
US 34.211.97.45:80 hlzfuyy.biz tcp
US 8.8.8.8:53 htwqzczce.biz udp
US 44.208.124.139:80 htwqzczce.biz tcp
US 8.8.8.8:53 acwjcqqv.biz udp
SG 18.141.10.107:80 acwjcqqv.biz tcp
US 8.8.8.8:53 rffxu.biz udp
IE 34.246.200.160:80 rffxu.biz tcp
US 8.8.8.8:53 cikivjto.biz udp
US 44.213.104.86:80 cikivjto.biz tcp
US 8.8.8.8:53 qncdaagct.biz udp
US 34.218.204.173:80 qncdaagct.biz tcp
US 8.8.8.8:53 lejtdj.biz udp
US 44.208.124.139:80 htwqzczce.biz tcp
US 8.8.8.8:53 vyome.biz udp
US 44.213.104.86:80 vyome.biz tcp
US 8.8.8.8:53 kvbjaur.biz udp
US 54.244.188.177:80 kvbjaur.biz tcp
US 8.8.8.8:53 yauexmxk.biz udp
US 54.80.154.23:80 yauexmxk.biz tcp
US 8.8.8.8:53 shpwbsrw.biz udp
SG 13.251.16.150:80 shpwbsrw.biz tcp
US 8.8.8.8:53 iuzpxe.biz udp
SG 13.251.16.150:80 iuzpxe.biz tcp
US 8.8.8.8:53 uphca.biz udp
US 44.221.84.105:80 uphca.biz tcp
US 8.8.8.8:53 fjumtfnz.biz udp
US 34.211.97.45:80 fjumtfnz.biz tcp
US 8.8.8.8:53 cjvgcl.biz udp
US 54.80.154.23:80 cjvgcl.biz tcp
US 8.8.8.8:53 hlzfuyy.biz udp
US 34.211.97.45:80 hlzfuyy.biz tcp
US 8.8.8.8:53 sxmiywsfv.biz udp
SG 13.251.16.150:80 sxmiywsfv.biz tcp
US 8.8.8.8:53 neazudmrq.biz udp
US 3.237.86.197:80 neazudmrq.biz tcp
US 8.8.8.8:53 pgfsvwx.biz udp
US 8.8.8.8:53 rffxu.biz udp
IE 34.246.200.160:80 rffxu.biz tcp
US 54.80.154.23:80 pgfsvwx.biz tcp
US 8.8.8.8:53 cikivjto.biz udp
US 8.8.8.8:53 aatcwo.biz udp
US 34.218.204.173:80 aatcwo.biz tcp
US 44.213.104.86:80 cikivjto.biz tcp
US 8.8.8.8:53 qncdaagct.biz udp
US 34.218.204.173:80 qncdaagct.biz tcp
US 8.8.8.8:53 vrrazpdh.biz udp
US 34.211.97.45:80 vrrazpdh.biz tcp
US 8.8.8.8:53 kcyvxytog.biz udp
US 18.208.156.248:80 kcyvxytog.biz tcp
US 8.8.8.8:53 nwdnxrd.biz udp
US 54.244.188.177:80 nwdnxrd.biz tcp
US 8.8.8.8:53 shpwbsrw.biz udp
SG 13.251.16.150:80 shpwbsrw.biz tcp
US 8.8.8.8:53 ftxlah.biz udp
US 34.218.204.173:80 ftxlah.biz tcp
US 8.8.8.8:53 typgfhb.biz udp
SG 13.251.16.150:80 typgfhb.biz tcp
US 8.8.8.8:53 cjvgcl.biz udp
US 54.80.154.23:80 cjvgcl.biz tcp
US 8.8.8.8:53 neazudmrq.biz udp
US 44.213.104.86:80 cikivjto.biz tcp
US 3.237.86.197:80 neazudmrq.biz tcp
US 8.8.8.8:53 ptrim.biz udp
US 8.8.8.8:53 esuzf.biz udp
US 8.8.8.8:53 pgfsvwx.biz udp
SG 18.141.10.107:80 ptrim.biz tcp
US 34.211.97.45:80 esuzf.biz tcp
US 54.80.154.23:80 pgfsvwx.biz tcp
US 8.8.8.8:53 aatcwo.biz udp
US 34.218.204.173:80 aatcwo.biz tcp
US 8.8.8.8:53 gvijgjwkh.biz udp
US 3.94.10.34:80 gvijgjwkh.biz tcp
US 8.8.8.8:53 qpnczch.biz udp
US 8.8.8.8:53 kcyvxytog.biz udp
US 44.213.104.86:80 qpnczch.biz tcp
US 18.208.156.248:80 kcyvxytog.biz tcp
US 8.8.8.8:53 brsua.biz udp
US 8.8.8.8:53 nwdnxrd.biz udp
US 8.8.8.8:53 znwbniskf.biz udp
IE 3.254.94.185:80 brsua.biz tcp
US 54.244.188.177:80 nwdnxrd.biz tcp
US 34.218.204.173:80 znwbniskf.biz tcp
US 8.8.8.8:53 dlynankz.biz udp
DE 85.214.228.140:80 dlynankz.biz tcp
US 8.8.8.8:53 oflybfv.biz udp
US 44.200.43.61:80 oflybfv.biz tcp
US 8.8.8.8:53 ereplfx.biz udp
US 8.8.8.8:53 cpclnad.biz udp
US 3.237.86.197:80 cpclnad.biz tcp
US 44.213.104.86:80 ereplfx.biz tcp
US 8.8.8.8:53 yhqqc.biz udp
US 8.8.8.8:53 mjheo.biz udp
US 34.211.97.45:80 yhqqc.biz tcp
US 3.237.86.197:80 mjheo.biz tcp
US 8.8.8.8:53 ptrim.biz udp
SG 18.141.10.107:80 ptrim.biz tcp
US 8.8.8.8:53 wluwplyh.biz udp
SG 18.141.10.107:80 wluwplyh.biz tcp
US 8.8.8.8:53 mnjmhp.biz udp
US 44.200.43.61:80 mnjmhp.biz tcp
US 8.8.8.8:53 opowhhece.biz udp
US 18.208.156.248:80 opowhhece.biz tcp
US 8.8.8.8:53 znwbniskf.biz udp
US 34.218.204.173:80 znwbniskf.biz tcp
US 8.8.8.8:53 zgapiej.biz udp
US 18.208.156.248:80 zgapiej.biz tcp
US 8.8.8.8:53 jifai.biz udp
US 8.8.8.8:53 cpclnad.biz udp
US 44.221.84.105:80 jifai.biz tcp
US 3.237.86.197:80 cpclnad.biz tcp
US 8.8.8.8:53 xnxvnn.biz udp
SG 13.251.16.150:80 xnxvnn.biz tcp
US 3.237.86.197:80 cpclnad.biz tcp
US 8.8.8.8:53 wluwplyh.biz udp
SG 18.141.10.107:80 wluwplyh.biz tcp
US 8.8.8.8:53 zjbpaao.biz udp
SG 13.251.16.150:80 xnxvnn.biz tcp
US 8.8.8.8:53 ihcnogskt.biz udp
US 35.164.78.200:80 ihcnogskt.biz tcp
US 8.8.8.8:53 zgapiej.biz udp
US 18.208.156.248:80 zgapiej.biz tcp
US 8.8.8.8:53 kkqypycm.biz udp
US 8.8.8.8:53 mgmsclkyu.biz udp
IE 34.246.200.160:80 mgmsclkyu.biz tcp
SG 18.141.10.107:80 kkqypycm.biz tcp
US 44.221.84.105:80 jifai.biz tcp
US 8.8.8.8:53 warkcdu.biz udp
SG 18.141.10.107:80 warkcdu.biz tcp
US 8.8.8.8:53 xnxvnn.biz udp
SG 13.251.16.150:80 xnxvnn.biz tcp
US 8.8.8.8:53 uevrpr.biz udp
US 44.213.104.86:80 uevrpr.biz tcp
US 8.8.8.8:53 gcedd.biz udp
SG 13.251.16.150:80 gcedd.biz tcp
US 8.8.8.8:53 fgajqjyhr.biz udp
US 34.211.97.45:80 fgajqjyhr.biz tcp
US 8.8.8.8:53 ihcnogskt.biz udp
US 35.164.78.200:80 ihcnogskt.biz tcp
US 8.8.8.8:53 hagujcj.biz udp
US 18.208.156.248:80 hagujcj.biz tcp
US 8.8.8.8:53 kkqypycm.biz udp
US 8.8.8.8:53 sctmku.biz udp
US 8.8.8.8:53 jwkoeoqns.biz udp
SG 18.141.10.107:80 kkqypycm.biz tcp
US 35.164.78.200:80 sctmku.biz tcp
US 18.208.156.248:80 jwkoeoqns.biz tcp
US 8.8.8.8:53 cwyfknmwh.biz udp
US 8.8.8.8:53 qcrsp.biz udp
US 34.211.97.45:80 qcrsp.biz tcp
US 8.8.8.8:53 xccjj.biz udp
US 44.213.104.86:80 xccjj.biz tcp
US 44.221.84.105:80 tcp
US 8.8.8.8:53 udp
US 44.213.104.86:80 tcp
US 8.8.8.8:53 udp
US 3.237.86.197:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

memory/1892-6-0x0000000001FC0000-0x0000000002020000-memory.dmp

memory/4864-11-0x0000000000440000-0x00000000004A0000-memory.dmp

C:\Users\Admin\AppData\Roaming\456c1eca8beeeac9.bin

MD5 d352be64328a198d06bd704d964958f6
SHA1 2ac4f3951e4f421d86475fba5105f2774d599412
SHA256 f2c6d441ae60635e2afa97173b907509b6a1d6ff21cdd9df3468b0bcb15f8ef4
SHA512 6faf15b86677d912dc186b721678062259e3b3007b3b188836227692fdce77413a1b379b00979414a50c3c9193c6559b417d3c1649a08871b3b348740448050c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 90b8e3c077c7289cf4b7078243e26f76
SHA1 c8e3387c59c20fcff770b846e972a52f7f93591c
SHA256 001c51870a28710313d50d9037f261881517a384d3e502d9112b04ea2e8538a1
SHA512 4461003ce00d03608509d7ab645b933ec95c398623a1d8c6440c8a5b069d32e73aff391a1d3954511dfca7da698c0820970017b66629e3647800e5cc3920f1cf

memory/1892-40-0x0000000140000000-0x0000000140592000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 c5a7a6733d872f020842d3ca3bd119e6
SHA1 25f0612581d2ca0381b1492ebc4dc8bdb093558e
SHA256 e1a8c93be2d5a0769e346e4be574d65b2e413f3e119b6776f4e26d60ecc45fe4
SHA512 fc0798c924961c5b27a3871ec5ea2170e1179ea691d0fb017c61f84e086d0768e8ace5526484cf437a8143a2e16626aebbba00dd74a56fc87c72d13b2bb5da9a

memory/4848-49-0x00000000006A0000-0x0000000000700000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 dcfe9f927a0818721e1eb1b38f9ad9dc
SHA1 17272ad22ad69d1815afd5054e317135a1264ccf
SHA256 ce60e562c2e87af021315d9db4e45b90f77057c20a49bbf2ac662ee97d21b048
SHA512 dcd8841947798350dfcbcdd5c22ba705c14d66654cf8a301f2caf021c3d7943c4a3400828d7532c823c19b54321873d8c027ab040e19cc4f128dbc08bd0ea128

memory/2228-55-0x0000000000530000-0x0000000000590000-memory.dmp

memory/4848-64-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/2228-61-0x0000000000530000-0x0000000000590000-memory.dmp

memory/2228-65-0x0000000140000000-0x0000000140135000-memory.dmp

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

MD5 9dea15d3247c837b46cdfaddec11191d
SHA1 55e1479b6f8cf375076756c53ae367fde46fa865
SHA256 80c1011ccae73a56747d7215604889b901e8cd2e6e160845dcce2c81d7a04d10
SHA512 6e7eddc482fe4f73eef984a82af0ff4b7d8e7aa1cb76a014e8587b783e43a6bc1108c3e0a45da2cdcf6e76623b0c6853df3fccd37491454e5a7808d84bbbb4fb

memory/4848-43-0x00000000006A0000-0x0000000000700000-memory.dmp

memory/2704-67-0x0000000140000000-0x000000014024B000-memory.dmp

memory/2704-74-0x0000000000720000-0x0000000000780000-memory.dmp

memory/2704-68-0x0000000000720000-0x0000000000780000-memory.dmp

memory/2676-38-0x0000000000730000-0x0000000000790000-memory.dmp

memory/2676-37-0x0000000000730000-0x0000000000790000-memory.dmp

memory/3080-85-0x00000000001A0000-0x0000000000200000-memory.dmp

memory/3080-79-0x00000000001A0000-0x0000000000200000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

MD5 0036d1b9fd01a4ab7cdec18c901118a6
SHA1 f8d851d93f7c736572fd73b9bc4dbfc08b6cde57
SHA256 0051f10a6fe923309e27487677b82bed3140cae245f0aae6a81d5696b3bee3e9
SHA512 5f006d5fd387e45e9b91d85710f208f92b77082c18b99c0138398f0c579dac96fc6af2db12206026e867e157c6b78d046317ae86710a5d6cc4183c0e6fb9498c

memory/4248-90-0x0000000001A60000-0x0000000001AC0000-memory.dmp

memory/4248-98-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/4248-103-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/2228-106-0x0000000140000000-0x0000000140135000-memory.dmp

C:\Windows\System32\msdtc.exe

MD5 8cf601eda867aee9edc0f300b343f029
SHA1 2ef3deaad62cc0eab4859fc1139ec4d28b7ff535
SHA256 0ac84e0d291a82a50f2661e9a0bcdda9467369facda691eb472a5e72bd21b52d
SHA512 48038025170cc5befc52628147819729a8a38ad68858c060233d54975babd3cb12c4779d39c14f6914857e450eb6b4fb429b8c5be8072229452bdf25a6a567f1

memory/1996-116-0x0000000140000000-0x00000001400B9000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 448c6dd039fa7db2cb0123a4b429c6e2
SHA1 3596b59ae2dcd5526a6ccd0001f783a7c617f905
SHA256 ba680564ff936f6b75f758620dda569ec31b20d6ff976e87e745b99d11359ba2
SHA512 ea49929333f9ed70b80b77633bac303d9ede504797502ec2b2b4edadbedb20483df9d51b3df341afbbd8bc2fa8c8483310bfee3fa82a38bf91589aea107b657f

memory/3080-88-0x0000000140000000-0x000000014022B000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 5a3f30e2f44d79420a17275f2f682f37
SHA1 ffa59de0399a9fb51fafd434cce63aae846c10b7
SHA256 bcacd414e27a84650e71e1c364d4b07ccefec510f433145c6a7928da22a52a61
SHA512 ab2f7b3a06f3c26a3332873a9e1ad8dc6bdcecebf6578a7b9331c7bf19379e339618fde773f5c6d4c08049d7294f56130d7e036201f0f6a7b1fb8d0ebf884756

C:\Windows\SysWOW64\perfhost.exe

MD5 622b7e4ab8fc7123796f357c6f113e1a
SHA1 ccbd802ec479f7649d79d4db60ea743e429aaf0d
SHA256 f8de95a4e15caaa9ec0d0d883fe9ed39ae34ca13f22e657510a9166c150b805c
SHA512 e7cca68e5e1d2ae04843e41974d35ef8f8db9572e8077a4efb1fac96815c773eb0764ea434c68ffd3bcfafb364a0d29ac18eca55a4029dac5f0e401b00776858

C:\Windows\System32\Locator.exe

MD5 adb34c914d2df66649d7f2285817d615
SHA1 c0f40ecea4c2d81efbd4504493c0f7ec65941144
SHA256 60ffb8058daca4b7112ed1ff7cdaf99a4914d5dcf68be43840067b48aff2d84e
SHA512 7e00c89d9bc3789d7728a734214573f6df356bac46ecbd86cfbc2c4c49dd40ef82a6020ed65fac7a61e6efb0478f7c2a810b87077e225862c32403ba5dcfd9b6

C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

MD5 dcfd810b3e077ff7afd54ce96c329731
SHA1 e0e95156036efd6dd9955eb86544044d93f396f9
SHA256 c482bcfd6a5717fd1c83472eed5ab3b0887b9fd694aca517dcf6a9ea7038198d
SHA512 2618bf8e2cea8062a73f66d4619d3448b7ed23167b17fef3f2016756f21ba5466a8cd7403bd7de89248346a7e4ea58726d8e41b2bfade7d677d4060e529eb665

memory/3412-157-0x0000000140000000-0x0000000140095000-memory.dmp

memory/2072-156-0x0000000000400000-0x0000000000497000-memory.dmp

memory/732-155-0x0000000140000000-0x00000001400AB000-memory.dmp

memory/3160-169-0x0000000140000000-0x00000001401D7000-memory.dmp

C:\Windows\System32\SensorDataService.exe

MD5 81316c0bb0fe67914ea1b31c98f50dbc
SHA1 c5e1938dbce1702fe01bf7444c969ff8d6e983e2
SHA256 7e215b98003f675766e9961d585b0c0ea503a0aa6f36eb6f60cfc6eff65cead3
SHA512 32127b955e7146c017751d5addd4af78d7b4bba3b0aca8cb94355890f241bdd73d8e996e7f8dc7709fdafb2ae1c5fb66f14372e1b2a331ff384404d717774993

C:\Windows\System32\snmptrap.exe

MD5 9f1b9218dce24b3f789568d9fa77ee1a
SHA1 b11161408d3226a001a4b3abac2dab33de50f466
SHA256 8a7aaea0f521fd05b753028c33713761460750e7209d878a2e619f399200d480
SHA512 5afb0fd8e54ac1a406dc0e4ef8af2fdf397f1c79ee195136224328f13ec1e4bdfe0825ba7f643d9e21c90948b984ac2b1f763f1c285aba5d8e787e9a0eb4c324

memory/1372-180-0x0000000140000000-0x0000000140096000-memory.dmp

memory/4864-154-0x0000000140000000-0x0000000140592000-memory.dmp

memory/3648-120-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/2676-36-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/2676-30-0x0000000000730000-0x0000000000790000-memory.dmp

C:\Windows\System32\alg.exe

MD5 67925099fb187ac8273d52499c65fdcf
SHA1 72b5c710a481d6c28de02f2394255ef894dbe2dc
SHA256 140f0925065bb0537defb9d6a545ea7bae3a18ad61121cf768dde4faaad354bf
SHA512 86140193e4125cf185b028c6a480065dcf31eb5b6b03180f47ce09e4d7740ce1a9ead7a3e97d8555d4d613140d1937d60b62ee5995fbd3ab71f4b9df7298afd4

memory/1892-22-0x0000000001FC0000-0x0000000002020000-memory.dmp

memory/4864-20-0x0000000000440000-0x00000000004A0000-memory.dmp

memory/4864-19-0x0000000140000000-0x0000000140592000-memory.dmp

memory/1892-10-0x0000000140000000-0x0000000140592000-memory.dmp

\??\pipe\crashpad_1464_KUNKVXCQJNZLEADU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\System32\Spectrum.exe

MD5 22e06500057e727cae1511ea1fc68a41
SHA1 f964e6ade8ea002fdf1481e366f802c075752d2a
SHA256 44bbc99246e7334e1516cd0f408575ca4e07e4b3014cb031f95f801721f477ea
SHA512 2c5e5944f5bd42762765f2b34e216cae3e5413394e85d89f6b77ab03893a0129aeee234a1a7ae25e4f93d7c28288de8540af55e0fd6db4754e112fa1641caee0

memory/3768-195-0x0000000140000000-0x0000000140169000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 ef36a84ad2bc23f79d171c604b56de29
SHA1 38d6569cd30d096140e752db5d98d53cf304a8fc
SHA256 e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512 dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

memory/2676-194-0x0000000140000000-0x00000001400AA000-memory.dmp

memory/1892-0-0x0000000001FC0000-0x0000000002020000-memory.dmp

memory/2704-214-0x0000000140000000-0x000000014024B000-memory.dmp

memory/2536-223-0x0000000140000000-0x00000001400E2000-memory.dmp

memory/3660-211-0x0000000140000000-0x0000000140102000-memory.dmp

memory/1640-237-0x0000000140000000-0x00000001401C0000-memory.dmp

memory/532-238-0x0000000140000000-0x0000000140147000-memory.dmp

memory/3080-236-0x0000000140000000-0x000000014022B000-memory.dmp

C:\Windows\System32\vds.exe

MD5 607333bea3d4feadf8882bdc63054829
SHA1 ee644a3b9dbe56818fc18fa3f13bc2971bbccb6a
SHA256 9ce06e26148799b83ba29c1f89c85fb4cf74b4b322e925622f090acef03b2920
SHA512 ec4e322844bf04359bb05f4176817413af0443344483a6d343fb050a1898c97c1e12a54e83dfee0ed3574d9b0af3590e9c8c942b30d3d6e9986f9045c7b8ae5e

memory/1640-249-0x0000000140000000-0x00000001401C0000-memory.dmp

memory/2372-259-0x0000000140000000-0x00000001401FC000-memory.dmp

C:\Windows\System32\wbengine.exe

MD5 d6a3db9b77fb198f8a8e63bea1461277
SHA1 e47d85089ce652eaab9e7f9ccf24bb51e93ab320
SHA256 603773c1d55bd157489f387465340c4a50741d50a0b509360704760434baecc3
SHA512 d2e1be8437f0ef4383b6b4aaa54a4196cfab007c0ff16f8a64af95e802696822048743fddb7de1765c266882b3fc6b0af6b71b75fbbd117a9394e769948624f2

memory/3412-264-0x0000000140000000-0x0000000140095000-memory.dmp

memory/4868-273-0x0000000140000000-0x0000000140216000-memory.dmp

memory/3648-263-0x0000000140000000-0x00000001400CF000-memory.dmp

C:\Windows\System32\SearchIndexer.exe

MD5 57e3ba8dc6652500011ffe795d3a3c5d
SHA1 adfa9e6f45c9b70b577e8a5a00edb0ab18732e1a
SHA256 7c5b896a6db5227b0cbf8be62205026e66f629839a897c4d116c326f0a276079
SHA512 f86b5a8149a0fee000fb45807e5b2ce5a6fa045d41311d234118542359f00a64c190f9fe208257f0ed3546393efd814b65dae3dac04464c1926b0ea2250eecf1

memory/3160-294-0x0000000140000000-0x00000001401D7000-memory.dmp

memory/5148-295-0x0000000140000000-0x0000000140179000-memory.dmp

memory/2204-281-0x0000000140000000-0x00000001400C6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

MD5 af42c6e556361c2f4092a514ef41c15d
SHA1 26f7961c2d8dc62726d46df802f6382f230a7463
SHA256 8925f54d07a11143788a3bf35f619fd7a15cb0224000beb52a87e8fcda17db71
SHA512 084d7d78b02972182a7659e9b0ac0a0aa97e0837cc7a68097dbbc7a1b20721c807dc96133b1872b7e36d81de7f27ebcbfc8d7f87a83a2a66d2ae47ce7c06a3d9

memory/3768-410-0x0000000140000000-0x0000000140169000-memory.dmp

memory/3660-422-0x0000000140000000-0x0000000140102000-memory.dmp

memory/2536-434-0x0000000140000000-0x00000001400E2000-memory.dmp

memory/5488-445-0x0000000140000000-0x000000014057B000-memory.dmp

C:\Windows\TEMP\Crashpad\settings.dat

MD5 0a8c17e97526f751a8aa475e8c8b7983
SHA1 2cb070d16a547e867aca22af457f13c44c17d0e2
SHA256 81519c37e7b764606c063607c2fdc287f28845aed7cce899222c4f714f16f860
SHA512 40a71708d63ea949f7132ef01340b3202eb349119623aa849b0e103e4b7ddbea543ba7ebe98b255eb58e26ac050c09a1dde89327f31deaa77f483dcf16136593

memory/5416-432-0x0000000140000000-0x000000014057B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

MD5 64b98084e4cb8c2298369ae10f88de9e
SHA1 62ce0b1c255a47cb5be70238a36a2adfb7d5cba1
SHA256 33bb1404c2805e5224e3766e14c06f51601a2d3233dc592f82facb96df21e42e
SHA512 2f00feda60177eb74fc1bed909083e04ab36455934b9e80ffcf4a7550a9d1a8786533db58c8d0f313da42a6e277ca5469fe58ea50645b37008fe0295d381d99c

C:\Program Files\Google\Chrome\Application\SetupMetrics\d80fb502-b0db-4be7-a21e-b5bfbd30eafa.tmp

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

memory/6040-478-0x0000000140000000-0x000000014057B000-memory.dmp

memory/5416-467-0x0000000140000000-0x000000014057B000-memory.dmp

memory/5252-419-0x0000000140000000-0x000000014057B000-memory.dmp

memory/6040-409-0x0000000140000000-0x000000014057B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

MD5 05f618710075880783d353b49c7f9933
SHA1 c4389c00b98818a2e8d2515eb62d302ec01940f9
SHA256 3164df5a92779f2c2aece1a5c8a4db3b537a1a85a6b4682f1800260c7f8e62bc
SHA512 19321243a78d6477e50364bc3fb6d7801c4839534232c5b18aa9b1284149c7f47e2019abb6c1afb82bbadd2ea622cd307900a13f82c466e01280dcdb7c639909

memory/1372-398-0x0000000140000000-0x0000000140096000-memory.dmp

memory/3160-488-0x0000000140000000-0x00000001401D7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 39ac8f028633d70df0308251152eb78b
SHA1 4a571b47f75332da65f25a508785270c25d555b9
SHA256 a5311fcbd9749fdb4005c6e0f68583677a11828c9a3c0aeed9353484fdc1ba28
SHA512 31ee00eace67d4b0d772f25fa5b1e5c80bc551b31d6643d05de45c68a5e3b641e00c45599264b85565f450c7dd2b848b645e56369dcf9bcab3737a13a969f8ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 36b93bec83186b6f8ef0dac07775e408
SHA1 af5eafb19fe2b1e5ffd5fb45525e252cb461b579
SHA256 24521bbc4fa481f20b0e69a53b89679a86b4dc8752177c104ad738fff0d42af5
SHA512 d068b304ef187afaaf728a6f0b0cecfecd1cd8e140228f53ec9ebcc40ae918138707e0d3b853472205278249cf25a222004c52bd13be7f4cf792d7b2ac5f02d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe576c95.TMP

MD5 2439032641f0c53dcd64320bfa02af0a
SHA1 a1820031d22a713be8ff0a020783b7bc72860ae1
SHA256 13f018fd7e8d456a16ab52c9430b449ed2f126386dc10abb8d01ff752f92db72
SHA512 d9e02ab626313b138f721b369d987f45e68682f6cf2d76138195cedc75cea2237cf36677173a82672bf54ae9fe480b54f42c76af18e8e4c6cad76da85bc178d1

memory/532-503-0x0000000140000000-0x0000000140147000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eba70743555b9b0940e0f47fb42acd26
SHA1 d08a56b4adc02500854bf0d559576abc488a11d1
SHA256 383d47615c5c7c5e6fe7ad63d58efb03f50f3f7df55946b7ac615839186c63f9
SHA512 e9dddac9ad7eea0862c7f1e726e267e2ebb4b6ed2984c716171c771c6b1fd62a5e150c45ba8a49e9214dc1160f23f386fc352074967448801415c44833a05818

memory/2372-509-0x0000000140000000-0x00000001401FC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 57e8199000653809c51632652d84792b
SHA1 0861cbda51c8fe929db40f70d268a5dcbdf654c8
SHA256 66be6e6ee707ff68d5619c784b5d10b133b8de1b4af5d1ef3dafff044e32cd6f
SHA512 e96f666077b9243f0f050eb17b4d330fa1a086e4b1f8fe8e0b3e64ef2423d58a699e73d33cd93df34ee7ed19939923dd4fec8d4f7d56f1d551794392a7ddd774

memory/4868-517-0x0000000140000000-0x0000000140216000-memory.dmp

memory/2204-520-0x0000000140000000-0x00000001400C6000-memory.dmp

memory/5148-649-0x0000000140000000-0x0000000140179000-memory.dmp

memory/5252-650-0x0000000140000000-0x000000014057B000-memory.dmp

memory/5488-652-0x0000000140000000-0x000000014057B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 53c24efbb52c0f00702bf99523020df7
SHA1 8ec8a6bc506f24ca97944632a9fed45126eaff62
SHA256 c659eff4d5dd051cfab584913f383bd79ec72d79617f37d3f72837696f3e4296
SHA512 b61e034b9db22a1adac7de4cb9885d2eb6e8d8fbfcb8b66bde89faae28012574a5dec1981b4bb6da3bd49510f45f89085767133596b22e6af46308a15a29f91d

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 01:00

Reported

2024-06-04 01:03

Platform

win7-20240220-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe

"C:\Users\Admin\AppData\Local\Temp\04aad27fda072629818afa8e15abb4d8.exe"

Network

N/A

Files

memory/1992-0-0x0000000140000000-0x0000000140592000-memory.dmp