Analysis Overview
SHA256
bf4a93a80035a903cf9f45376bfc39296f6f06c7c81d93fc1c515a70016de4dd
Threat Level: Shows suspicious behavior
The file 2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: LoadsDriver
Uses Volume Shadow Copy service COM API
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-08 20:35
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-08 20:35
Reported
2024-06-08 20:38
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\locator.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AgentService.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\SgrmBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\System32\msdtc.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\95aa8fa4e703f493.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\msiexec.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\System32\OpenSSH\ssh-agent.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\System32\SensorDataService.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\TieringEngineService.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\wbengine.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\SgrmBroker.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\System32\SensorDataService.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\System32\snmptrap.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\System32\vds.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\AgentService.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\MSDtc\MSDTC.LOG | C:\Windows\System32\msdtc.exe | N/A |
| File opened for modification | C:\Windows\system32\SearchIndexer.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\wbem\WmiApSrv.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\spectrum.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\msiexec.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\SysWow64\perfhost.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\system32\vssvc.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_110750\java.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\ktab.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\tnameserv.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\iexplore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\policytool.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javacpl.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\kinit.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\schemagen.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\chrome_proxy.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ExtExport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javac.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jinfo.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstat.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsimport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_110750\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java-rmi.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\dotnet.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jar.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javadoc.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\orbd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmic.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javaws.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\unpack200.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe | N/A |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Windows\System32\msdtc.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Windows\System32\alg.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\TieringEngineService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\TieringEngineService.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000fc188c8be3b9da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-2 = "XSL Stylesheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{80009818-F38F-4AF1-87B5-EADAB9433E58} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f1307d89e3b9da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000076fb9381e3b9da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002a976e8ce3b9da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ca365e89e3b9da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000047202c89e3b9da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000dbd33c89e3b9da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f42e808be3b9da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{487BA7B8-4DB0-465F-B122-C74A445A095D} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006fe57c8ce3b9da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002df3658be3b9da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623525711643223" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000030d58c81e3b9da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe"
C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-08_6f3096e341608d237df9a34cdf621865_ryuk.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=124.0.6367.202 --initial-client-data=0x2bc,0x2c0,0x2c4,0x290,0x2c8,0x1403796b8,0x1403796c4,0x1403796d0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf82cab58,0x7ffaf82cab68,0x7ffaf82cab78
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2068 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4396 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:8
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4200 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:8
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae68
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 --field-trial-handle=1920,i,8381150213767024907,4277240651699781536,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.83.221.88.in-addr.arpa | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.10.141.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 44.208.124.139:80 | przvgke.biz | tcp |
| US | 44.208.124.139:80 | przvgke.biz | tcp |
| US | 44.208.124.139:80 | przvgke.biz | tcp |
| US | 44.208.124.139:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.124.208.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 44.200.43.61:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | 61.43.200.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 44.200.43.61:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 3.237.86.197:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 3.237.86.197:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | 150.16.251.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 44.208.124.139:80 | fwiwk.biz | tcp |
| US | 44.208.124.139:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | 197.86.237.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 44.208.124.139:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 54.80.154.23:80 | deoci.biz | tcp |
| US | 44.208.124.139:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.154.80.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 54.80.154.23:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | 200.78.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.10.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.13.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | 45.97.211.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 54.80.154.23:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 3.237.86.197:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 54.80.154.23:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 3.237.86.197:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 44.213.104.86:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 54.80.154.23:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 44.213.104.86:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 54.80.154.23:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | 86.104.213.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.218.204.173:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | 173.204.218.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 34.218.204.173:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 44.213.104.86:80 | qpnczch.biz | tcp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 44.200.43.61:80 | oflybfv.biz | tcp |
| US | 44.213.104.86:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | 185.94.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| US | 44.200.43.61:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 44.200.43.61:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| US | 44.200.43.61:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 44.213.104.86:80 | xccjj.biz | tcp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 44.213.104.86:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 44.200.43.61:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 44.200.43.61:80 | rrqafepng.biz | tcp |
| US | 3.94.10.34:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 35.164.78.200:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 3.94.10.34:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| SG | 18.141.10.107:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 35.164.78.200:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| SG | 18.141.10.107:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 3.237.86.197:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 34.211.97.45:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 3.237.86.197:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
| US | 54.80.154.23:80 | damcprvgv.biz | tcp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 34.211.97.45:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | ocsvqjg.biz | udp |
| IE | 3.254.94.185:80 | ocsvqjg.biz | tcp |
| US | 8.8.8.8:53 | ywffr.biz | udp |
| US | 54.244.188.177:80 | ywffr.biz | tcp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
| US | 54.80.154.23:80 | damcprvgv.biz | tcp |
| US | 8.8.8.8:53 | ocsvqjg.biz | udp |
| IE | 3.254.94.185:80 | ocsvqjg.biz | tcp |
| US | 8.8.8.8:53 | ecxbwt.biz | udp |
| US | 54.244.188.177:80 | ecxbwt.biz | tcp |
| US | 8.8.8.8:53 | ywffr.biz | udp |
| US | 54.244.188.177:80 | ywffr.biz | tcp |
| US | 8.8.8.8:53 | pectx.biz | udp |
| US | 44.213.104.86:80 | pectx.biz | tcp |
| US | 8.8.8.8:53 | ecxbwt.biz | udp |
| US | 54.244.188.177:80 | ecxbwt.biz | tcp |
| US | 8.8.8.8:53 | zyiexezl.biz | udp |
| US | 54.80.154.23:80 | zyiexezl.biz | tcp |
| US | 8.8.8.8:53 | banwyw.biz | udp |
| US | 8.8.8.8:53 | pectx.biz | udp |
| US | 3.237.86.197:80 | banwyw.biz | tcp |
| US | 44.213.104.86:80 | cikivjto.biz | tcp |
| US | 8.8.8.8:53 | muapr.biz | udp |
| US | 8.8.8.8:53 | zyiexezl.biz | udp |
| US | 8.8.8.8:53 | wxgzshna.biz | udp |
| US | 54.80.154.23:80 | zyiexezl.biz | tcp |
| US | 8.8.8.8:53 | zrlssa.biz | udp |
| US | 3.237.86.197:80 | zrlssa.biz | tcp |
| US | 8.8.8.8:53 | banwyw.biz | udp |
| US | 8.8.8.8:53 | jlqltsjvh.biz | udp |
| US | 3.237.86.197:80 | banwyw.biz | tcp |
| SG | 18.141.10.107:80 | jlqltsjvh.biz | tcp |
| US | 8.8.8.8:53 | muapr.biz | udp |
| US | 8.8.8.8:53 | wxgzshna.biz | udp |
| US | 8.8.8.8:53 | zrlssa.biz | udp |
| US | 3.237.86.197:80 | zrlssa.biz | tcp |
| US | 8.8.8.8:53 | jlqltsjvh.biz | udp |
| SG | 18.141.10.107:80 | jlqltsjvh.biz | tcp |
| US | 8.8.8.8:53 | xyrgy.biz | udp |
| US | 54.80.154.23:80 | xyrgy.biz | tcp |
| US | 8.8.8.8:53 | htwqzczce.biz | udp |
| US | 44.208.124.139:80 | htwqzczce.biz | tcp |
| US | 8.8.8.8:53 | xyrgy.biz | udp |
| US | 54.80.154.23:80 | xyrgy.biz | tcp |
| US | 44.208.124.139:80 | htwqzczce.biz | tcp |
| US | 8.8.8.8:53 | htwqzczce.biz | udp |
| US | 8.8.8.8:53 | kvbjaur.biz | udp |
| US | 44.208.124.139:80 | htwqzczce.biz | tcp |
| US | 54.244.188.177:80 | kvbjaur.biz | tcp |
| US | 44.208.124.139:80 | htwqzczce.biz | tcp |
| US | 8.8.8.8:53 | kvbjaur.biz | udp |
| US | 8.8.8.8:53 | uphca.biz | udp |
| US | 54.244.188.177:80 | kvbjaur.biz | tcp |
| US | 44.221.84.105:80 | uphca.biz | tcp |
| US | 8.8.8.8:53 | fjumtfnz.biz | udp |
| US | 34.211.97.45:80 | fjumtfnz.biz | tcp |
| US | 8.8.8.8:53 | uphca.biz | udp |
| US | 44.221.84.105:80 | uphca.biz | tcp |
| US | 8.8.8.8:53 | fjumtfnz.biz | udp |
| US | 34.211.97.45:80 | fjumtfnz.biz | tcp |
| US | 8.8.8.8:53 | hlzfuyy.biz | udp |
| US | 34.211.97.45:80 | hlzfuyy.biz | tcp |
| US | 8.8.8.8:53 | hlzfuyy.biz | udp |
| US | 34.211.97.45:80 | hlzfuyy.biz | tcp |
| US | 8.8.8.8:53 | rffxu.biz | udp |
| IE | 34.246.200.160:80 | rffxu.biz | tcp |
| US | 8.8.8.8:53 | cikivjto.biz | udp |
| US | 8.8.8.8:53 | rffxu.biz | udp |
| US | 44.213.104.86:80 | cikivjto.biz | tcp |
| IE | 34.246.200.160:80 | rffxu.biz | tcp |
| US | 8.8.8.8:53 | qncdaagct.biz | udp |
| US | 34.218.204.173:80 | qncdaagct.biz | tcp |
| US | 44.213.104.86:80 | cikivjto.biz | tcp |
| US | 8.8.8.8:53 | qncdaagct.biz | udp |
| US | 34.218.204.173:80 | qncdaagct.biz | tcp |
| US | 8.8.8.8:53 | shpwbsrw.biz | udp |
| SG | 13.251.16.150:80 | shpwbsrw.biz | tcp |
| US | 8.8.8.8:53 | shpwbsrw.biz | udp |
| SG | 13.251.16.150:80 | shpwbsrw.biz | tcp |
| US | 8.8.8.8:53 | cjvgcl.biz | udp |
| US | 54.80.154.23:80 | cjvgcl.biz | tcp |
| US | 8.8.8.8:53 | cjvgcl.biz | udp |
| US | 54.80.154.23:80 | cjvgcl.biz | tcp |
| US | 8.8.8.8:53 | neazudmrq.biz | udp |
| US | 3.237.86.197:80 | neazudmrq.biz | tcp |
| US | 8.8.8.8:53 | neazudmrq.biz | udp |
| US | 3.237.86.197:80 | neazudmrq.biz | tcp |
| US | 8.8.8.8:53 | pgfsvwx.biz | udp |
| US | 54.80.154.23:80 | pgfsvwx.biz | tcp |
| US | 8.8.8.8:53 | pgfsvwx.biz | udp |
| US | 54.80.154.23:80 | pgfsvwx.biz | tcp |
| US | 8.8.8.8:53 | aatcwo.biz | udp |
| US | 34.218.204.173:80 | aatcwo.biz | tcp |
| US | 8.8.8.8:53 | aatcwo.biz | udp |
| US | 34.218.204.173:80 | aatcwo.biz | tcp |
| US | 8.8.8.8:53 | kcyvxytog.biz | udp |
| US | 18.208.156.248:80 | kcyvxytog.biz | tcp |
| US | 8.8.8.8:53 | kcyvxytog.biz | udp |
| US | 8.8.8.8:53 | nwdnxrd.biz | udp |
| US | 18.208.156.248:80 | kcyvxytog.biz | tcp |
| US | 54.244.188.177:80 | nwdnxrd.biz | tcp |
| US | 8.8.8.8:53 | nwdnxrd.biz | udp |
| US | 54.244.188.177:80 | nwdnxrd.biz | tcp |
| US | 8.8.8.8:53 | ereplfx.biz | udp |
| US | 44.213.104.86:80 | ereplfx.biz | tcp |
| US | 8.8.8.8:53 | ereplfx.biz | udp |
| US | 8.8.8.8:53 | ptrim.biz | udp |
| US | 44.213.104.86:80 | ereplfx.biz | tcp |
| SG | 18.141.10.107:80 | ptrim.biz | tcp |
| US | 8.8.8.8:53 | ptrim.biz | udp |
| SG | 18.141.10.107:80 | ptrim.biz | tcp |
| US | 8.8.8.8:53 | znwbniskf.biz | udp |
| US | 34.218.204.173:80 | znwbniskf.biz | tcp |
| US | 8.8.8.8:53 | znwbniskf.biz | udp |
| US | 34.218.204.173:80 | znwbniskf.biz | tcp |
| US | 8.8.8.8:53 | cpclnad.biz | udp |
| US | 3.237.86.197:80 | cpclnad.biz | tcp |
| US | 8.8.8.8:53 | cpclnad.biz | udp |
| US | 3.237.86.197:80 | cpclnad.biz | tcp |
| US | 8.8.8.8:53 | mjheo.biz | udp |
| US | 3.237.86.197:80 | mjheo.biz | tcp |
| US | 8.8.8.8:53 | mjheo.biz | udp |
| US | 3.237.86.197:80 | mjheo.biz | tcp |
| US | 8.8.8.8:53 | wluwplyh.biz | udp |
| SG | 18.141.10.107:80 | wluwplyh.biz | tcp |
| US | 8.8.8.8:53 | wluwplyh.biz | udp |
| SG | 18.141.10.107:80 | wluwplyh.biz | tcp |
| US | 8.8.8.8:53 | zgapiej.biz | udp |
| US | 18.208.156.248:80 | zgapiej.biz | tcp |
| US | 8.8.8.8:53 | zgapiej.biz | udp |
| US | 18.208.156.248:80 | zgapiej.biz | tcp |
| US | 8.8.8.8:53 | jifai.biz | udp |
| US | 44.221.84.105:80 | jifai.biz | tcp |
| US | 8.8.8.8:53 | jifai.biz | udp |
| US | 8.8.8.8:53 | xnxvnn.biz | udp |
| US | 44.221.84.105:80 | jifai.biz | tcp |
| SG | 13.251.16.150:80 | xnxvnn.biz | tcp |
| US | 8.8.8.8:53 | xnxvnn.biz | udp |
| SG | 13.251.16.150:80 | xnxvnn.biz | tcp |
| US | 8.8.8.8:53 | ihcnogskt.biz | udp |
| US | 35.164.78.200:80 | ihcnogskt.biz | tcp |
| US | 8.8.8.8:53 | ihcnogskt.biz | udp |
| US | 35.164.78.200:80 | ihcnogskt.biz | tcp |
| US | 8.8.8.8:53 | kkqypycm.biz | udp |
| SG | 18.141.10.107:80 | kkqypycm.biz | tcp |
| US | 8.8.8.8:53 | kkqypycm.biz | udp |
| SG | 18.141.10.107:80 | kkqypycm.biz | tcp |
| US | 8.8.8.8:53 | uevrpr.biz | udp |
| US | 44.213.104.86:80 | uevrpr.biz | tcp |
| US | 8.8.8.8:53 | uevrpr.biz | udp |
| US | 44.213.104.86:80 | uevrpr.biz | tcp |
| US | 8.8.8.8:53 | fgajqjyhr.biz | udp |
| US | 34.211.97.45:80 | fgajqjyhr.biz | tcp |
| US | 8.8.8.8:53 | fgajqjyhr.biz | udp |
| US | 34.211.97.45:80 | fgajqjyhr.biz | tcp |
| US | 8.8.8.8:53 | hagujcj.biz | udp |
| US | 18.208.156.248:80 | hagujcj.biz | tcp |
| US | 8.8.8.8:53 | hagujcj.biz | udp |
| US | 18.208.156.248:80 | hagujcj.biz | tcp |
| US | 8.8.8.8:53 | sctmku.biz | udp |
| US | 35.164.78.200:80 | sctmku.biz | tcp |
| US | 8.8.8.8:53 | sctmku.biz | udp |
| US | 35.164.78.200:80 | sctmku.biz | tcp |
| US | 8.8.8.8:53 | cwyfknmwh.biz | udp |
| US | 8.8.8.8:53 | qcrsp.biz | udp |
| US | 34.211.97.45:80 | qcrsp.biz | tcp |
| US | 8.8.8.8:53 | cwyfknmwh.biz | udp |
| US | 8.8.8.8:53 | qcrsp.biz | udp |
| US | 34.211.97.45:80 | qcrsp.biz | tcp |
| US | 8.8.8.8:53 | sewlqwcd.biz | udp |
| US | 3.237.86.197:80 | sewlqwcd.biz | tcp |
| US | 8.8.8.8:53 | sewlqwcd.biz | udp |
| US | 3.237.86.197:80 | sewlqwcd.biz | tcp |
| US | 8.8.8.8:53 | dyjdrp.biz | udp |
| US | 54.244.188.177:80 | dyjdrp.biz | tcp |
| US | 8.8.8.8:53 | dyjdrp.biz | udp |
| US | 54.244.188.177:80 | dyjdrp.biz | tcp |
| US | 8.8.8.8:53 | napws.biz | udp |
| US | 35.164.78.200:80 | napws.biz | tcp |
| US | 8.8.8.8:53 | napws.biz | udp |
| US | 35.164.78.200:80 | napws.biz | tcp |
| US | 8.8.8.8:53 | qvuhsaqa.biz | udp |
| US | 54.244.188.177:80 | qvuhsaqa.biz | tcp |
| US | 8.8.8.8:53 | qvuhsaqa.biz | udp |
| US | 54.244.188.177:80 | qvuhsaqa.biz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 34.211.97.45:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 34.211.97.45:80 | tcp |
Files
memory/1208-9-0x00000000007D0000-0x0000000000830000-memory.dmp
memory/1208-8-0x0000000140000000-0x00000001404A3000-memory.dmp
memory/1208-24-0x0000000140000000-0x00000001404A3000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | d0df793c4e281659228b2837846ace2d |
| SHA1 | ece0a5b1581f86b175ccbc7822483448ec728077 |
| SHA256 | 4e5ceefae11a45c397cde5c6b725c18d8c63d80d2ce851fa94df1644169eafc9 |
| SHA512 | 400a81d676e5c1e8e64655536b23dbae0a0dd47dc1e87e202e065903396e6a106770cec238093d748b9c71b5859edf097ffff2e088b5b79d6a449754140a52ad |
C:\Windows\System32\alg.exe
| MD5 | 771ac77fee4bdeabccc96d366dee8d8a |
| SHA1 | 039338ba186283f6a040867a0fbaaf0c379e31e2 |
| SHA256 | 23c6a572565cd26829e1743390b20d247a1855ca91ec55872f7f5ae230be4afa |
| SHA512 | 5de25d7df9640132986b784c6d3a288834cff08996fcc2b621f8bf021c86a35653330313744975291236eecc8ac2645b43d8b96bf1069a7b55c5f7e4978bd23c |
memory/848-27-0x0000000140000000-0x00000001404A3000-memory.dmp
C:\Users\Admin\AppData\Roaming\95aa8fa4e703f493.bin
| MD5 | f2ee6255d0c8ae5fe8352c6723b8eff2 |
| SHA1 | 110ef86aa7a5ae841279304fc9a638710962e9eb |
| SHA256 | 5f0e8a0bcddd2cd6db575fb2075145484261fe121c47c1579129c194bb78cba8 |
| SHA512 | 61aa8ed740470e70add342aeb178d9c729a664afe5234415ba21fb28a3c969a9305c572d8dd5803f4ca629356e17dab7f8cd48b3b31b97df3ee229699ff0bb9a |
memory/3904-41-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/4984-50-0x0000000000580000-0x00000000005E0000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | f6d8293b6a453976f0d5b140bdc169ed |
| SHA1 | cb3743c6fba166104adddedfcaeb48a453c7ea88 |
| SHA256 | e0a427decfd2c4061182a7c73fdbcf32bc55a85d606606f99a6b2fb83b5fdb83 |
| SHA512 | 5a476b5a7d46e962a5e439657ee0d6dd6f6543711d6e21ac064f1d1426c8bd4576831a24d1b69752d066daae3822345cd21da8747e5bde115d540e1d6cdacb15 |
memory/1484-70-0x0000000000800000-0x0000000000860000-memory.dmp
memory/1828-75-0x0000000140000000-0x0000000140135000-memory.dmp
memory/2064-83-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/3444-87-0x0000000001A40000-0x0000000001AA0000-memory.dmp
C:\Windows\System32\msdtc.exe
| MD5 | 2facc456c395c5674cd64044810b4ddb |
| SHA1 | 02bc27bf695ca2fc4a309436006c49ff35e3947f |
| SHA256 | a9f62b19ac34724898501c1805fccae7bc4a58e1cb3c51a1d20078c7ac316b7e |
| SHA512 | c2c4372eb10b0d78756cf355dbf903e33d39c4dcd0c232938cbbb67d074e00f2cdf85814dae8ebeb4fad4cd061028a123245c3ad867dbff7c78acc9358e3c9b6 |
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 9f7e2535ab6cdf31ca8e54e282d0b499 |
| SHA1 | e11a8d9c06fee891994dc8ca22c080e5d77bff3d |
| SHA256 | 13ccf6265215c3d216707b9d825d647c57ec3c40e44c46cd2815746919490891 |
| SHA512 | 3515fc53ac9a50ab5ae675dd2ffd22ab5b6440493b346d507eafceb92994611311cf52a66f1153a3e9e6bf0fad9e50f0a6734d34457310a4771e346e6b46984f |
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | fdb7f5d17f26e57fb8ce9bc774a263bf |
| SHA1 | 48fdc6999ac62e8c813605a8c15f4d9ccbffd5f3 |
| SHA256 | 363385083b5bead955ef61daa5ea73a2172756f8a3675d350af197fd7fc0b243 |
| SHA512 | 0dee49500ceaa8e37d5ebec84091c684f35b32c9bb8a066af82b949171369990ae70d1d230cfb3cf278b0e286798e4d00c8113c1f67b65e3b22cec119f141d94 |
C:\Windows\SysWOW64\perfhost.exe
| MD5 | a1577dcc20dd3b2eac23458fd118daef |
| SHA1 | 65d0c617d137499f963c385727870d286ba85cd9 |
| SHA256 | 2183cfc25385b220107f5f374305fbd7061b7e890935d589cdd12c6b7725dd5e |
| SHA512 | 1a2c1b5eb8cf8668b15f66ba18573c06561dfb87068d391b8153e19bdbe4fd46d68300effca8e79a5836c121989d717dfd96a43885da96e6fed665abaa389a2f |
C:\Windows\System32\SensorDataService.exe
| MD5 | ee63809f29a6aa6069d323bf8838388f |
| SHA1 | 5e5f91fe7d8831d3681b4ff1589b93498769790c |
| SHA256 | 1ef3fd49d15c991b5ab5da161d60f150ed62b7133ec61f5328e95cb9dd6ca4b4 |
| SHA512 | a5b0265a058933d660a9a54fdf673315801c0fe863d43c2011f74e428e9f7e952dc83b8f46ace7482bc40bb5f102844905d28efd6d18480e729bd1ffaaee590e |
C:\Windows\System32\snmptrap.exe
| MD5 | 9db0540fef2fcc216232fdbf4d769f75 |
| SHA1 | 6a434bb83c5e9a2c5a46ba995fe93521f1d4a9d1 |
| SHA256 | 40c7491adf82ae65e41598526b23866b729356c7e7770ab533051a64148a4f13 |
| SHA512 | d3ff516463e7211f0bf5261572fa87f9eef8602c46860668b862271aa880f64c562053fdac5e3abeb6a11d169e3c81348cd67c98e3e602faa160ff283925b47a |
C:\Windows\System32\Spectrum.exe
| MD5 | 0337c46fdb1b7a5fa063259bad45b776 |
| SHA1 | 89d47797540bad4dda13ea933cba60b2213d2e46 |
| SHA256 | 488258159be5878cef226777f1db51390ff6768efd8055fa44e0210663229711 |
| SHA512 | 5aa141001515fbc322a9df4d5507938dddfe9d0f5d34c788e195077b04b55ecb82d7eeb042cc091563052729da308a5ab07e9953a49f779a0e9021088fcc8e6b |
memory/3172-217-0x0000000140000000-0x00000001401C0000-memory.dmp
C:\Windows\System32\VSSVC.exe
| MD5 | 923a4102e302e2075891a88052ef3148 |
| SHA1 | ce53e9d2391f5c766e8774fa81720bd1be25ca43 |
| SHA256 | 7bdf4bce5cdb81b75f0f8e4e61b0079d81e492baf41702f14c7159aacc96318a |
| SHA512 | 43cedb05a3dee47ddc0882db3e5c604b5b2f7880b1fa0c1ecdfd4e138931cd12844b3ea3942169a3c652bdabecf94e7e3571243bf6965414f7bc45efa6c2df8a |
C:\Windows\System32\wbem\WmiApSrv.exe
| MD5 | 50bd5447fa5403f903f61e779925b913 |
| SHA1 | 3faaf7cc3255894b6866bcdd7c99a39bf6962c0e |
| SHA256 | 05bfc3a3b6523daeb61568b5566baa05321f9b92e920acaf0b8f957465339ac7 |
| SHA512 | 5f5bee2d07a92e8b5b3f1f578aab44a1bf316355aec99dd2a135168359812ff5fb4fa38cc6e36bebaaaaef7358d11e79c7ef4cdb76ab45f0773a3f63b2971955 |
C:\Windows\System32\SearchIndexer.exe
| MD5 | 565f85e192c628545a111fb6c39034cf |
| SHA1 | 39af13f4b8e399c8db530624b4aed37e15784ed3 |
| SHA256 | 6bfd28b9eaac6f13d043404e4265a180d447df4922bea42401eaabff5e0a3dce |
| SHA512 | 061cc8bcc2d713cb41c6dec957c723c2ed1a7f671bde4d5dfa64e7b91e7de644434c00c49cc106398ae2abbd8676dffb9c71b408858dc8cfc04327718865549b |
C:\Windows\System32\wbengine.exe
| MD5 | ac4d2eec23de48ffd570a9165dea8d4d |
| SHA1 | dda5b585ce116d1174bea47284f2322c47aba40e |
| SHA256 | 6ba5a2a194d5a8e01311f3d54c8e7027af30970179d28a22e5bd553229cfc226 |
| SHA512 | 2680cbd10e913a1cc0097694e4fe0437982cdd2b9660074e818d257244ab64da116166d77951344ba96d4f5d0d689a32b47e985ec825a303a486a15954a3575a |
C:\Windows\System32\vds.exe
| MD5 | 85c1e52481dae1cd73e391e82e99955e |
| SHA1 | 25ad5b03d3bd2600e20cec8e2279dfd2850b1063 |
| SHA256 | 3d0e0ba93f381603f052582f733ab93b89008738e4b811ed983db7e02fce14cb |
| SHA512 | ee13449e6af948da1eb1f86893739f848ec26dfad961691c16693e1b131179cfa53dd0b593251abd486726ea364f4977f6d330ae3ac52c513855b56744d0c4e2 |
memory/1836-315-0x0000000140000000-0x0000000140095000-memory.dmp
memory/4976-323-0x0000000140000000-0x0000000140147000-memory.dmp
memory/3304-328-0x0000000140000000-0x0000000140179000-memory.dmp
memory/3516-327-0x0000000140000000-0x00000001400C6000-memory.dmp
memory/3360-326-0x0000000140000000-0x0000000140216000-memory.dmp
memory/2856-325-0x0000000140000000-0x00000001401FC000-memory.dmp
memory/1432-322-0x0000000140000000-0x00000001400E2000-memory.dmp
memory/3040-321-0x0000000140000000-0x0000000140102000-memory.dmp
memory/1440-320-0x0000000140000000-0x0000000140169000-memory.dmp
memory/712-319-0x0000000140000000-0x0000000140096000-memory.dmp
memory/4356-318-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/4336-314-0x0000000000400000-0x0000000000497000-memory.dmp
memory/5060-313-0x0000000140000000-0x00000001400AB000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
| MD5 | ef36a84ad2bc23f79d171c604b56de29 |
| SHA1 | 38d6569cd30d096140e752db5d98d53cf304a8fc |
| SHA256 | e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831 |
| SHA512 | dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be |
\??\pipe\crashpad_3192_SVSIIVZURVZZRZFF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1556-312-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/5056-311-0x0000000140000000-0x00000001400B9000-memory.dmp
memory/1484-310-0x0000000140000000-0x000000014024B000-memory.dmp
memory/2064-309-0x0000000140000000-0x000000014022B000-memory.dmp
memory/4984-308-0x0000000140000000-0x00000001400A9000-memory.dmp
C:\Windows\System32\AgentService.exe
| MD5 | 72638299dbf8279b54242ccf809ae6ce |
| SHA1 | c83bf33a4f8d498b63236b657055a2a6abbe4c88 |
| SHA256 | 7865e215b536621c826de26fb9cbfc998d1211081cbe8e96adddf32ac28b243b |
| SHA512 | 3f62e80b1da1556384871e91daa94f1a35482e253d57f0715f2e9edda9ae7ea14bf22846836f847cccd33c47087a4c0be3659927de1c5bdb62369436445cad1d |
C:\Windows\System32\TieringEngineService.exe
| MD5 | 74e9475bb53482c44762672809ddc45c |
| SHA1 | 4ba29053c29c891d9975be7eb0a160f1d76d5848 |
| SHA256 | fbb76c24a4f91b1b08897b7ad51285079ab11f9e13c3cb8f1174ba4e4d3b8bea |
| SHA512 | 6d4c79260f59b279c9924f36ff81f7f94222543fb025f0f607c56f1226016ab2b9f8676057fea45ffc4f368fb37767e220dd06659181c804a8b6c15bd919339b |
C:\Windows\System32\OpenSSH\ssh-agent.exe
| MD5 | 1faabe4d517dcaa1726bb6e9a657fcce |
| SHA1 | d5874905e6bc253b3cdae1a634ba3aa222e30f18 |
| SHA256 | d70121d36bb0f5dd72a12e2493eb2f2be4a9e0e3ae2cb49cc5723312af225824 |
| SHA512 | 518577f2bc66013b2df49ed28cd087af2722532e57a5799f76ff84df4a0752c0b03b3c106c7c569cb0e92857ab9c0039ca7bb42d9fa64bdfa4b561131243b547 |
C:\Windows\System32\Locator.exe
| MD5 | 9ff94072cd707c78d3233af578d4e358 |
| SHA1 | 8134931b8656d9e5fa79c5ac7ce9273e511955b8 |
| SHA256 | 96d52c70477796e619893edde6a6876f56e6d3d3ce369543d0e7190f3c1eba87 |
| SHA512 | 2c5800c058fa28e038a6f920c820ca07a7fb4420fc266865ac61c7867282bb45eda92e0fee2f93d0f805bfb132d49652412cd13bf98c23cb3dcba5ccee9001ad |
memory/3444-99-0x0000000140000000-0x00000001400CF000-memory.dmp
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
| MD5 | 1bc7a58a84170516539d5ec7939dc670 |
| SHA1 | c79ee403d9b350cfa6c7fd97dbba2d9a31d7928b |
| SHA256 | c8a63d78a5db9266707bc9c2966ab3076308dcb5923268c7362f43af2c8af704 |
| SHA512 | b2d38a9144bfd12b1c78782a64f0628530502754582482ba8ab3cb19c1537d37d33f458be833d94dade70a1e0b36e0bcd08538ca2b627a1f5f507f99cbdc569c |
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 37cde3022fca97f4908e2dc3d709e6eb |
| SHA1 | 8f783af26569d228cd7687419de956a485988f2a |
| SHA256 | 8d9b3fb3fc4417b1a801995a3f1daf0c2ab14aa584ba20cc0a11e7f825bef98c |
| SHA512 | 75c7bf20c50cdc83907891b437095a309448b762bbd1452d9adb9a339a99284a6349b4d28daf62a5a11af85c187d87535168e4208f92e884f77b74f534602796 |
memory/2064-77-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | b6fb1e44ccefac634bb22fab9da95309 |
| SHA1 | 80e35a1953a0e102088b236541989d325cc338d1 |
| SHA256 | a5bc1b35ca6962cefd36bca1e844a8693a9f4f2875e7ca98803ff9621322a4aa |
| SHA512 | 86a20de3344602cb8f35d355b91c2c0b96d93d20e2105e293997c36f0192e03cd37ea2a164ea28d78850a90860bfed173404b7673a51e570844a2105a79575ec |
memory/1828-73-0x0000000000950000-0x00000000009B0000-memory.dmp
memory/1484-64-0x0000000000800000-0x0000000000860000-memory.dmp
memory/1828-60-0x0000000000950000-0x00000000009B0000-memory.dmp
memory/1828-54-0x0000000000950000-0x00000000009B0000-memory.dmp
memory/4984-44-0x0000000000580000-0x00000000005E0000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | 53166778ca8a64eb809d6ae780dab76e |
| SHA1 | 725e5df3043841347eb5ed5aac915a113a4800ac |
| SHA256 | b9514b0a982e4852214bdd3cfdbc9bb7b5667660b2276fe1f423057f89e34c3a |
| SHA512 | 639c71080a4f876710e1dc22eb91d128a2cc756d8143547ec4a0cce608bb8cba5e80b63fad7a0e99c15c5b95e172ee92f3ec4ac1f9bf9e6bddc12594dc862bf1 |
memory/1484-460-0x0000000140000000-0x000000014024B000-memory.dmp
memory/3904-39-0x00000000006D0000-0x0000000000730000-memory.dmp
memory/3904-33-0x00000000006D0000-0x0000000000730000-memory.dmp
memory/848-18-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/848-12-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/1208-0-0x00000000007D0000-0x0000000000830000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
| MD5 | ca464786463ab27dc9003a7ccb43a218 |
| SHA1 | 87a0dec67fed4dd6f2f9a538fac5729f54f60921 |
| SHA256 | 3ec01ea016b9431f38a27b6a3b9b44d73e782dc81e4478eeb9f5932578e2c550 |
| SHA512 | 86ed03c546b9252a14f23ca60a4340b582fab49643c89f214ed20e94ac131e42d1b92df68e523cfee065ba9c620cd5ca6e161540d22800042cc3399916dbbac6 |
memory/5836-529-0x0000000140000000-0x000000014057B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
| MD5 | ba25db93b3cc9182bb21aba963cc20bf |
| SHA1 | 27651bd07cf5552c5e3c85a8a31c4af64e10a392 |
| SHA256 | 17866876b45eff0f5c80faaa5a57d29138a807e1f350a2e1742d075b7f9f1ea9 |
| SHA512 | a98cbe3e0cffdf11a6aee5eae093259b1c2f0124b5c7e9b4577358d3ac56e12d28c68feab9701ac683f4c73798856a1a747db0eee9dd755e2d125c2258e03296 |
memory/5908-531-0x0000000140000000-0x000000014057B000-memory.dmp
memory/6004-543-0x0000000140000000-0x000000014057B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
| MD5 | 266a5c466af5d1cc255caa355ad5bf0d |
| SHA1 | eabcf5642ce084a85eb3b862c9b498c704ac8433 |
| SHA256 | e740829187d9ff05e0c0147a6d20a6018352bfb99abf8dc67e59b81acd538995 |
| SHA512 | 8f5acf6b32f3e320a59a29f4b6375cfc73745cd0d2f84f9ac8a7e61ac8d42f3c7c05d80a2a3e2ff9a644b6032bf8b939ba02e7c500c0368f2eb5b7204fa5f603 |
memory/6092-565-0x0000000140000000-0x000000014057B000-memory.dmp
C:\Windows\TEMP\Crashpad\settings.dat
| MD5 | dd7a044bb22136e85285d21163fdef66 |
| SHA1 | 1fcea0d904998de1bdea9cfa654a50c20b3dcc5b |
| SHA256 | b918a44d48859b4ed705a9a7a23d4a816a368aa2161ad495a7a6d1c6992b61a0 |
| SHA512 | 67afbad0468b8d5b405186c63a0960f5fcda15b2ab73767c292863e221265758001b2e110a3296f5d2ba1463863d556a535850a65a107344ade40a79c33bf358 |
memory/6004-588-0x0000000140000000-0x000000014057B000-memory.dmp
memory/5836-595-0x0000000140000000-0x000000014057B000-memory.dmp
memory/4356-598-0x0000000140000000-0x00000001401D7000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 474f9a376af6a71a46e4ed7d84175b7a |
| SHA1 | 45f9f56efc58533687b1f0d206e8ad1cfecd6221 |
| SHA256 | e399097cdd7a64261de1b29df45c474d47877dabc425f4f922c193892c3532e5 |
| SHA512 | ff1e5ffbbc0a982805b45a64136f62e5b65a978adafb3b066785fdd1a80b8b33245ec91bbed52532fd189dd0cbb9b90f309c93253a2889cc0d28c0f9c196a82a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6b5563b16d44474e9d20fe9258d3e831 |
| SHA1 | 3f747e0d4d56e3d186146196c1816f7142e5005e |
| SHA256 | 9707fff3c8ee88ece53329f9f5cdc099fd1ea9a954ff5daee1f2ade215d8783d |
| SHA512 | 7752db3eb1041e33fe7e34c15110206db6b358bad95102477b86744223bd5981c504f37c3b4118ce30978f7d8f86da9cd0043749abec503fb15555e4dabd5dbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe578abb.TMP
| MD5 | 1d0245a0816fd932b1963600bab98460 |
| SHA1 | 82d188a3a5fd107ed83000e16e41e0d67eed941b |
| SHA256 | b9d8f68c1f5aeadb1748f8efa21c33a4235cca822bfdf19951d296b2f29944f6 |
| SHA512 | febc999100ab08b73d52fa2a08f7c09cf2281c420762d121150da6cecc922372a9591619163881a5d2956cc20a7bd6d1b5017b6f0575b55ca6baeeaa604632f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ea3e4e2bbd7167f1eba9d16da5593fe7 |
| SHA1 | 058a077bdab962cb21679555e8ec6ce344353965 |
| SHA256 | 71e07172096716007ee115715320ea82a261e6a8ad7e828cc23a8d9098635a7e |
| SHA512 | 0538cc0ab1cdacf73c7349bf392777824515b9036a8d62b85a12e5cef6d52a1906eadbe11498f28605da8af8ea53d14a9b39905da0e8fc123ec616bb64aa6ede |
memory/848-620-0x0000000140000000-0x00000001404A3000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 944ea219b3abe2998b1c87819ceefa87 |
| SHA1 | 005dd48ab797db6c39d41a157468a11277bfe039 |
| SHA256 | 6d43177ca2624c127387f8643e06ddc5c60ff2801fd18a4e185f80e3fcf2264a |
| SHA512 | 46378dc57059123fea133819da50618c7e9ebba831ee33b480b067dcc0df3f84497d56c6f7035ed11214e1b0f929203235729f85f0b1acea115890b21f023aeb |
memory/3904-630-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/2064-633-0x0000000140000000-0x000000014022B000-memory.dmp
memory/3516-634-0x0000000140000000-0x00000001400C6000-memory.dmp
memory/3304-635-0x0000000140000000-0x0000000140179000-memory.dmp
memory/5908-718-0x0000000140000000-0x000000014057B000-memory.dmp
memory/6092-719-0x0000000140000000-0x000000014057B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6533bceb7a429a5adf553a613dc9271b |
| SHA1 | 102b43e44ace7f8d52ef5c652e2b93cba74aec28 |
| SHA256 | e47e513153626e2b003a8812755ed17ca27f2b736802a28d85fae931b3d8c7b4 |
| SHA512 | 6b12098bdba113c6119d9554a4f38d2fd30080f8c7379cd8f8bf01c5114ac8891942e9171620e4244c9aa7f518364947b30b846964e7c86efb9ce7eab076f9c7 |
C:\Windows\system32\AppVClient.exe
| MD5 | c2ee80b3e0e8a6919b43775b8987d02c |
| SHA1 | b8c25053968003edebfee798eb7048cd1a8a9234 |
| SHA256 | 45d6261dfee53c8ffc5b805c34973b7845ddfb434ce8695da8a7575160713e46 |
| SHA512 | bd15b03d894df74e66109c8d2af94f8fc60389459c0bbb219ebb53c998877860c3d328b72388ff25327b3dabca41653f03822ab5c84a03815dffaf1934594e58 |
C:\Windows\system32\msiexec.exe
| MD5 | f3ab0d611d302190275999e11c3bded5 |
| SHA1 | 0257cd6d8261057f6096017ccda369297e936f73 |
| SHA256 | c54d347679dae6b2bd6a8470dc40d5f4d1158527383f44ef4a6855b36850426b |
| SHA512 | 27fa9429b62c4e9841d31fa2fbb9dac68b1ae967b1d13f84574e418dab241323f056483d60134c4ee300d9341b9f459eeec9fcf5b6167b86748f8926d35e8e2b |
C:\Windows\system32\SgrmBroker.exe
| MD5 | 57d1c0ac7dea8875c9ba2c95b085f161 |
| SHA1 | 6ae230461ae4aa2ac2b5fe8d1d9780bb79c07997 |
| SHA256 | 20022de57695fb7df54ac00e6a07e6b0e3e94625040b73f5947c7e28440bb16a |
| SHA512 | 969501216a2c2ebf088bdc1aeb1cf9a14c7fff9eb54a896654d99212fa9c75c6408dcd5fa67da5e7987538c5deb182f056ba613111f3bfc5198a12b625ecded2 |
C:\Program Files\Windows Media Player\wmpnetwk.exe
| MD5 | c697aa5eccc51026a528e1bb7aeba004 |
| SHA1 | cd4c8ddd8909a9c059b64bcbe22c85d8f400c056 |
| SHA256 | df74710eb9bd94b3113f47a2fb17c0bc0466c958ca38ae1729d92bc173340ab4 |
| SHA512 | 371f3f5d9cd175885c562c7b3fcff541bfb7e409687be24fcb318ad5832c2be3e95cb25bca453a38c9411d366c899529b540d7ecd5f4986f9b8d4f5d10b2591a |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | b531facf2347cba6cc6491856b4997ba |
| SHA1 | fa73b143b9486f8b88104acff3c3e56a73ce3194 |
| SHA256 | 3acb676b5c8cf830ca6c934c8b0d731dc73400fd27a0c1ad7ced257e925c0d32 |
| SHA512 | 857d836b3da5d18a94f4eed389492135f1a2f0002a0542a415dc11894f3d9203a1905b3690c1eb6d9ff6a7120383b775c19fe59ca59bf7b47b6a2f481230849a |
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe
| MD5 | 3994f728fa0c8b0f271397c6895a9d9e |
| SHA1 | d01c1a4b93cb9d553ed5ab91ad5ae6bf6e7558e9 |
| SHA256 | bb3b1c4719bb0c6782a4d1a57260563bde96e421d80e2a4fea7294ea92451b36 |
| SHA512 | 71186d6df021eddd13611d46f93d730040f5523ef1194b5ce016f258d2ba732983cc170bdbc91a9ea9049f5e80bdd2e5208f442cbc5fea459e3f62942d9cc55e |
C:\Program Files\dotnet\dotnet.exe
| MD5 | f1e0773882cd5c452c9bff8f3fc21cdf |
| SHA1 | b6f0c40ed4729f43ce638ae7dc9ea3bfdd251a1e |
| SHA256 | 16e0014bc718c33d6aec36de8b3bbe39b66119d0cb7d4f43614c30fedfff3c59 |
| SHA512 | 67ccd2caead999e76239624de180b9e9d0aaddb44ddf2f324d7bd6ee378dddea2448325c6294988c89139dc70a2ac7935fb52e35343230c5642240c7a2e042fb |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 9f40880b359fc4a300d3fd7378d031ee |
| SHA1 | dbb6046ffc43874790afb2ea4c1a6569ddb96da8 |
| SHA256 | e9002c64e0c4632c88851204d4ecdca5e44a2745402eecf385ffa5a47c0f4c50 |
| SHA512 | 5be7fe655f1c52b63a0e68f8a258ff4dc06b639bd7fbc69285020d4fc6cec55be5be8520cd002f34be6fb80d67abdfdaf59c908c94da2abdd841d371fabf49a5 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | c9b7edbe8639774afe06ae6e78c6f0c8 |
| SHA1 | 6e2b19c3fab90678481880895d5c6bc7d3a7aec5 |
| SHA256 | 9cd4613c1d96da77ccc3f47095f4134527e15c2016a8e27fbbc0d310bce79096 |
| SHA512 | c097d5507a70355234c431c306e22d8461f3950e9b392a01d85fa8bbb83c27c3d79cc8c1e7a024c7fb374dce68e6a00a6c398502c712c163661b07039ff4ce05 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 1f13d7e211fd65b910e8d417696e0602 |
| SHA1 | 5cda95322dc79c67d2f8c769d0e1dc46f407786b |
| SHA256 | ce8faa97353387a64449e5b0cb74ed9bc35044d60140bfbc85815711b395e767 |
| SHA512 | a8e669de3f3b1ea63b221b8629653064d0de3f7e1426f3a7976eda5c0b4e70ffdc38ed4019c6ba6b7be0decb82e4c2b9ef6f3f97a24cef6b8d0150cef6e389f1 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | b55586a70c54caac8ccc1465ae4110d9 |
| SHA1 | 96f80dc909056881b8af012c355beb962cf4848a |
| SHA256 | 86e139f7ca184b8b1cf920ec64a6396efadeb18b01f32ee192fd6e626bb0a3d8 |
| SHA512 | 9a051179cac0bbab1d3d221b5d4095da2959fd9d4f99066df21d2e16b103d4a5298d59c988313618ee1eb6bed44fdec717062bb5ad3669901dd72347c4039269 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 2df61fc71c929b68272f0ab580d9f75f |
| SHA1 | 279ca3a5e93499539d1213ee952e923e6de108c2 |
| SHA256 | 875f9417e92b59697ffa37d2c167e7bddcf18ac46c24bfd0c7718fe8ac8dd0a7 |
| SHA512 | 22de636f911f89659448043fd9968eeb8f6b56e68f9e324adb0375426ea8347eeb372526e84a14e9c94f59094cd4c3aca0f41f2cb442ab8f4b0551f9967f15b2 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 9b33e432120d9238d4e1aecbf614b9a1 |
| SHA1 | 1d70cc51aeb8186777b18a06b597f9cfea2f1374 |
| SHA256 | 1b05842ef7222f97539980efcd07418df7ef1d8f915daeb986b4fc96e0e800e2 |
| SHA512 | d5789d9ad3037ee8190d8bd7aa70d5bd2997ab39e8dde53b304df64efe5f123f87c8c5f033a99307241e5c6a0614cc136b81453f1c39ebdda608adf30323e871 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 0745a12d642e13dd1874cdf5c8265032 |
| SHA1 | 859502d10983fdb4b752e4dca7b2d5be9bd9943a |
| SHA256 | 2597dc5085b5453dd526d0906412c310c969df36d6ace49de0c71f37d3ff7c14 |
| SHA512 | 407a4dcaa3e20527ee0895556e877ad2cfacec39b7d84a8efbca7f41ad29ccfdfe6f9ef28f58619b765f74c65c2f6b84bae4454f581b10cfc031c41bc5502e79 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | e765446df6117f8a4b67a09e012e01d5 |
| SHA1 | faee98bad35cd2907ecff483d6332f236654539b |
| SHA256 | 23c11470b16c60ad68d95c186ee04cec8f95f8c251258d3268f841d0e75e8172 |
| SHA512 | 243b407506677708a670fa1045f2975adb9acf41d2d721d1b92725907607e2f561848274d7e6177a9b5a428b804d7b6390b85840320dd649be0fc723a66ae435 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | c3b59a4cdbda7c127177379caf54c86f |
| SHA1 | 56a0c6e55d3d370edf6baab80035742f76f68e91 |
| SHA256 | e01c14e14e94117d30c4be20cfbc984d27bf7b2bb7e68f7b6854f63912e80c4a |
| SHA512 | c6e3490e87812cb83db3bc8a2797a92890b90ec466e3c57b7e6fe58b3ce89a75da9f8a76e4ad08b0e66b44301a806d5a3ee60acb6ceee9572ad9afe74a5bc634 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 23e702c162cecc673b2ed5a3840d6896 |
| SHA1 | 2de93229c7e300e0e7bf3649a49d9ef4847db5c5 |
| SHA256 | f80f2116156a562d8be450e47b91072924fa74e4b8733a02c0fa742439c8c034 |
| SHA512 | 9f4cf4fdf4d86cbd578e40a5567821cf93c883c85b173720eb2252cbe5203b97a1a64b7054655089803b7d51e833a07ceee7b3aaa68f0483db6e329d26fb8970 |