Analysis Overview
SHA256
94200f004a7ec0cca1b2e7282ec3f1ab562bcb0a28126569babc5402cba4de47
Threat Level: Shows suspicious behavior
The file 2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Suspicious behavior: LoadsDriver
Checks processor information in registry
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 23:42
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 23:42
Reported
2024-10-25 23:45
Platform
win7-20241010-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe"
Network
Files
memory/2024-6-0x00000000002C0000-0x0000000000327000-memory.dmp
memory/2024-0-0x00000000002C0000-0x0000000000327000-memory.dmp
memory/2024-5-0x0000000000400000-0x0000000000597000-memory.dmp
memory/2024-12-0x0000000000400000-0x0000000000597000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 23:42
Reported
2024-10-25 23:45
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe | N/A |
| File opened for modification | C:\Windows\system32\vssvc.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\SysWow64\perfhost.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\System32\OpenSSH\ssh-agent.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\System32\snmptrap.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\spectrum.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\wbem\WmiApSrv.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\SgrmBroker.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\System32\vds.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\locator.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\AgentService.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\1415227acad6a2b9.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\System32\SensorDataService.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\TieringEngineService.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\System32\msdtc.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\MSDtc\MSDTC.LOG | C:\Windows\System32\msdtc.exe | N/A |
| File opened for modification | C:\Windows\system32\wbengine.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\SearchIndexer.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\fxssvc.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\system32\msiexec.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Internet Explorer\ieinstal.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstatd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\keytool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78984\javaw.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\servertool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iexplore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\idlj.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\servertool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Install\{ACF3742B-09B5-421B-BDF2-BEE548AB1938}\chrome_installer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdeps.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jconsole.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\pingsender.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsimport.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\policytool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\serialver.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\uninstall.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javac.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jhat.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\uninstall.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\servertool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iediagcmd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javacpl.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javac.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javaws.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\pack200.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78984\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsgen.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Install\{ACF3742B-09B5-421B-BDF2-BEE548AB1938}\chrome_installer.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Windows\System32\msdtc.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\SensorDataService.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\TieringEngineService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\TieringEngineService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007f51edc43727db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000fb2da8c43727db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\wmphoto.dll,-500 = "Windows Media Photo" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9926 = "M3U file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000029437dc43727db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000dd2ae6c43727db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000800a44c43727db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000043bb54c43727db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000057429cc43727db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000cb68a3c43727db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\TieringEngineService.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\TieringEngineService.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\AgentService.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2284 wrote to memory of 4384 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 2284 wrote to memory of 4384 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 2284 wrote to memory of 2544 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
| PID 2284 wrote to memory of 2544 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-25_cf037bc284c4711ef1bfed20846b34af_bkransomware_karagany.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 107.10.141.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 172.234.222.138:80 | przvgke.biz | tcp |
| US | 172.234.222.138:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.222.234.172.in-addr.arpa | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| SG | 47.129.31.212:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.31.129.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 8.8.8.8:53 | 150.16.251.13.in-addr.arpa | udp |
| US | 44.221.84.105:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 172.234.222.138:80 | fwiwk.biz | tcp |
| US | 172.234.222.138:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 18.208.156.248:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.78.164.35.in-addr.arpa | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 34.10.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.13.160.165.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | 45.97.211.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 18.208.156.248:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 44.221.84.105:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 44.213.104.86:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 18.208.156.248:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | 86.104.213.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| SG | 47.129.31.212:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 44.213.104.86:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| SG | 47.129.31.212:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.94.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| SG | 47.129.31.212:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 44.213.104.86:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| SG | 47.129.31.212:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 3.94.10.34:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 35.164.78.200:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| SG | 18.141.10.107:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 44.221.84.105:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 34.211.97.45:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
| US | 18.208.156.248:80 | damcprvgv.biz | tcp |
| US | 8.8.8.8:53 | ocsvqjg.biz | udp |
| IE | 3.254.94.185:80 | ocsvqjg.biz | tcp |
| US | 8.8.8.8:53 | ywffr.biz | udp |
| US | 54.244.188.177:80 | ywffr.biz | tcp |
| US | 8.8.8.8:53 | ecxbwt.biz | udp |
| US | 54.244.188.177:80 | ecxbwt.biz | tcp |
| US | 8.8.8.8:53 | pectx.biz | udp |
| US | 44.213.104.86:80 | pectx.biz | tcp |
| US | 8.8.8.8:53 | zyiexezl.biz | udp |
| US | 18.208.156.248:80 | zyiexezl.biz | tcp |
| US | 8.8.8.8:53 | banwyw.biz | udp |
| US | 44.221.84.105:80 | banwyw.biz | tcp |
| US | 8.8.8.8:53 | muapr.biz | udp |
| US | 8.8.8.8:53 | wxgzshna.biz | udp |
| US | 72.52.178.23:80 | wxgzshna.biz | tcp |
| US | 72.52.178.23:80 | wxgzshna.biz | tcp |
| US | 8.8.8.8:53 | 23.178.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zrlssa.biz | udp |
| US | 44.221.84.105:80 | zrlssa.biz | tcp |
| US | 8.8.8.8:53 | jlqltsjvh.biz | udp |
| SG | 18.141.10.107:80 | jlqltsjvh.biz | tcp |
| US | 8.8.8.8:53 | xyrgy.biz | udp |
| US | 18.208.156.248:80 | xyrgy.biz | tcp |
| US | 8.8.8.8:53 | htwqzczce.biz | udp |
| US | 172.234.222.143:80 | htwqzczce.biz | tcp |
| US | 172.234.222.143:80 | htwqzczce.biz | tcp |
| US | 8.8.8.8:53 | kvbjaur.biz | udp |
| US | 54.244.188.177:80 | kvbjaur.biz | tcp |
| US | 8.8.8.8:53 | 143.222.234.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uphca.biz | udp |
| US | 44.221.84.105:80 | uphca.biz | tcp |
| US | 8.8.8.8:53 | fjumtfnz.biz | udp |
| US | 34.211.97.45:80 | fjumtfnz.biz | tcp |
| US | 8.8.8.8:53 | hlzfuyy.biz | udp |
| US | 34.211.97.45:80 | hlzfuyy.biz | tcp |
| US | 8.8.8.8:53 | rffxu.biz | udp |
| IE | 34.246.200.160:80 | rffxu.biz | tcp |
| US | 8.8.8.8:53 | cikivjto.biz | udp |
| US | 44.213.104.86:80 | cikivjto.biz | tcp |
| US | 8.8.8.8:53 | qncdaagct.biz | udp |
| SG | 47.129.31.212:80 | qncdaagct.biz | tcp |
| US | 8.8.8.8:53 | shpwbsrw.biz | udp |
| SG | 13.251.16.150:80 | shpwbsrw.biz | tcp |
| US | 8.8.8.8:53 | cjvgcl.biz | udp |
| US | 18.208.156.248:80 | cjvgcl.biz | tcp |
| US | 8.8.8.8:53 | neazudmrq.biz | udp |
| US | 44.221.84.105:80 | neazudmrq.biz | tcp |
| US | 8.8.8.8:53 | pgfsvwx.biz | udp |
| US | 18.208.156.248:80 | pgfsvwx.biz | tcp |
| US | 8.8.8.8:53 | aatcwo.biz | udp |
| SG | 47.129.31.212:80 | aatcwo.biz | tcp |
| US | 8.8.8.8:53 | kcyvxytog.biz | udp |
| US | 18.208.156.248:80 | kcyvxytog.biz | tcp |
| US | 8.8.8.8:53 | nwdnxrd.biz | udp |
| US | 54.244.188.177:80 | nwdnxrd.biz | tcp |
| US | 8.8.8.8:53 | ereplfx.biz | udp |
| US | 44.213.104.86:80 | ereplfx.biz | tcp |
| US | 8.8.8.8:53 | ptrim.biz | udp |
| SG | 18.141.10.107:80 | ptrim.biz | tcp |
| US | 8.8.8.8:53 | znwbniskf.biz | udp |
| SG | 47.129.31.212:80 | znwbniskf.biz | tcp |
| US | 8.8.8.8:53 | cpclnad.biz | udp |
| US | 44.221.84.105:80 | cpclnad.biz | tcp |
| US | 8.8.8.8:53 | mjheo.biz | udp |
| US | 44.221.84.105:80 | mjheo.biz | tcp |
| US | 8.8.8.8:53 | wluwplyh.biz | udp |
| SG | 18.141.10.107:80 | wluwplyh.biz | tcp |
| US | 8.8.8.8:53 | zgapiej.biz | udp |
| US | 18.208.156.248:80 | zgapiej.biz | tcp |
| US | 8.8.8.8:53 | jifai.biz | udp |
| US | 44.221.84.105:80 | jifai.biz | tcp |
| US | 8.8.8.8:53 | xnxvnn.biz | udp |
| SG | 13.251.16.150:80 | xnxvnn.biz | tcp |
| US | 8.8.8.8:53 | ihcnogskt.biz | udp |
| US | 35.164.78.200:80 | ihcnogskt.biz | tcp |
| US | 8.8.8.8:53 | kkqypycm.biz | udp |
| SG | 18.141.10.107:80 | kkqypycm.biz | tcp |
| US | 8.8.8.8:53 | uevrpr.biz | udp |
| US | 44.213.104.86:80 | uevrpr.biz | tcp |
| US | 8.8.8.8:53 | fgajqjyhr.biz | udp |
| US | 34.211.97.45:80 | fgajqjyhr.biz | tcp |
| US | 8.8.8.8:53 | hagujcj.biz | udp |
| US | 18.208.156.248:80 | tcp |
Files
memory/4188-0-0x0000000000400000-0x0000000000597000-memory.dmp
memory/4188-1-0x0000000002310000-0x0000000002377000-memory.dmp
memory/4188-8-0x0000000002310000-0x0000000002377000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | e370e7ed8da01987ee33126cd6b36427 |
| SHA1 | bcfd024eb271ed8c92c086006a02d54eb4f963f2 |
| SHA256 | 4e651c85c9389fdeb8a4c77d190da479fc4ee112373016705b8f8b46f737bf3e |
| SHA512 | 7768f3d42c4bbf936e4c719aece653e5c757dc570fecf4b111ec8d8519f11283da5aeae461696d6bda099a31dde102946b3e6417263beb0ce55db0f595fe5f2f |
memory/3388-14-0x00000000006E0000-0x0000000000740000-memory.dmp
memory/3388-12-0x0000000140000000-0x0000000140191000-memory.dmp
memory/3388-21-0x00000000006E0000-0x0000000000740000-memory.dmp
memory/4188-27-0x0000000000400000-0x0000000000597000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | 49d73f6ac4ee32c2e7c715e33332a7f2 |
| SHA1 | 645a7f3a5d0e0d853289be50c7697cefd78e135c |
| SHA256 | b810d491b7d2f41926846cf3f42402e6374ed3e0a493db6b358a09b8c89d0cf0 |
| SHA512 | d39e2b69b3f0b60413c288c675a6e58e989bb64a8eef47ed7230079b64c4004d238ab9307515ceb98dfbc5aa81f283b019b1d9b4f5b09588924e78f7c1766feb |
memory/3568-30-0x0000000000720000-0x0000000000780000-memory.dmp
memory/3568-38-0x0000000140000000-0x0000000140234000-memory.dmp
memory/3568-39-0x0000000000720000-0x0000000000780000-memory.dmp
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
| MD5 | d11cd01a53384d371a743d02f5972e93 |
| SHA1 | cee29b510550b3f2eea925f41be0abe09b88e48c |
| SHA256 | 3a944ca809784d4c14f2f8cc76f707b26d9bcd3fd7862eeac0ed5ca30fbf58ac |
| SHA512 | 5bbbed51cfe5919980c41c78a44bf50e4d8739fc7dcebf806959a8777294d2815973e6f201d7663e83248dfc0fdca3b1c062ce7887397da4d90474c11966493e |
memory/3036-42-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/3036-51-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/3036-50-0x0000000140000000-0x000000014022B000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | 54f382d58c15700995ac9ace3bc966ba |
| SHA1 | e451a2e1d6d0ca0fbf5c38826381f0a69a6fc8bb |
| SHA256 | 737fa87ccbb487277125361b1e667872d4e8eb01dcc2d4c73b91b05e3e8b31a6 |
| SHA512 | e34f59315417c5daa2b2a9f35d354d99c6fa699c39a72889c44b72864bd7a0fa62ed3fbf788505f6b8c0ce5ae06edbc9c98c2e59a26a404c8bced35cc77fbe25 |
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | e96db00a0da0c53a0d7dd9a3a281e03e |
| SHA1 | e4baa9cac44523acf6a187355876339e74b23ba7 |
| SHA256 | a4015aa48b03f7d3e229b71ffc389ad5ef457d6f27b2efa9c1ea2ecec9ed39cb |
| SHA512 | 84b46ea361f6c9fbd27c4e5b176515d6d89f2ad10a2ce3dd8b3f560b34726731a2a0d078492c8e73af43bfc8969b89c7180736db2e106deb7b039e99a3c3e57e |
memory/4932-60-0x0000000000C00000-0x0000000000C60000-memory.dmp
memory/4932-62-0x0000000140000000-0x00000001401B6000-memory.dmp
memory/4932-54-0x0000000000C00000-0x0000000000C60000-memory.dmp
memory/4932-64-0x0000000000C00000-0x0000000000C60000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | febf66783e3b5ecad087b00264d3c282 |
| SHA1 | 0cf618bc9c51c5b0e2e1da09d8681cb595f5b1aa |
| SHA256 | d4523475cb420cefc2a8c01cd712aa90838e302ac97d14c9c79035c28b136868 |
| SHA512 | 4156339ab6e8a2d37be80fd95a8a4c33c903af53851d028c1f889e79eee087bf430e56fdc3833d9e45a89ef5643eddab672c97d171c939a7cbc36d353cd664dd |
memory/384-75-0x0000000000710000-0x0000000000770000-memory.dmp
memory/384-69-0x0000000000710000-0x0000000000770000-memory.dmp
memory/4932-67-0x0000000140000000-0x00000001401B6000-memory.dmp
memory/384-80-0x0000000140000000-0x00000001401B6000-memory.dmp
memory/3388-211-0x0000000140000000-0x0000000140191000-memory.dmp
memory/3568-230-0x0000000140000000-0x0000000140234000-memory.dmp
memory/3036-235-0x0000000140000000-0x000000014022B000-memory.dmp
memory/384-236-0x0000000140000000-0x00000001401B6000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | 5db08d1557a815bda6d5a71d4bd8d215 |
| SHA1 | e8fcb42b7cf3cf9aca5d30a65904ac37b1105639 |
| SHA256 | 4530ba9465e79e4e97d24e7c242e708053d7fea55795cfaceef051a24dd42373 |
| SHA512 | 67ac1a7696852fb711f26320d3d60e8239fdd4ee47362f2e8f256a710309000391b1bac649f9db7aaf08c6acadd5fc26bcc4a5429151a9ef0ecbaf15233d94d6 |
memory/1248-250-0x0000000140000000-0x0000000140190000-memory.dmp
memory/1248-248-0x00000000006B0000-0x0000000000710000-memory.dmp
memory/1248-242-0x00000000006B0000-0x0000000000710000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | de70d7493e528a65391c43ccfaa6bd0e |
| SHA1 | c87269dc0f417b6421544371c04135672b19f26c |
| SHA256 | abb06ad8a5fe71c97fd208c238191c51dae940dab20805d37789b7ff383bd142 |
| SHA512 | 7c849346034b63f092c7695ce30a853d58146ffcf0779fd3eb9556610b02e1a73f6ef67241b9a3add37aad13509cb11c808e5a910eeb6b3d738b78321a88bc6b |
memory/2232-253-0x0000000140000000-0x0000000140135000-memory.dmp
memory/2232-255-0x0000000000E90000-0x0000000000EF0000-memory.dmp
memory/2232-266-0x0000000140000000-0x0000000140135000-memory.dmp
C:\Windows\System32\msdtc.exe
| MD5 | 5a5ce61b8cd110a5885049fb9f76f0a0 |
| SHA1 | 6375b1c3f36beabd70be45fb6dd7028d045bfdb7 |
| SHA256 | 0d1b52d802a3474c947caa6c56bbfe3e667753c71449a533a1e837d9f1098ef8 |
| SHA512 | cc203bccc6585326139f5600e8d5565158e8489154a904ebebf65f6c1b21109b5c4b5c357476222dcbbfe1ae06b3c879f4282928b11c41dd76882b1628c8a1b6 |
memory/4600-268-0x0000000140000000-0x00000001401A0000-memory.dmp
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | e71785c3b5be0d0c484f76a8ff7a1389 |
| SHA1 | cb1d0f8769fd372a9f6aa990180591bdcf231030 |
| SHA256 | 0f759702bf2e2c8ae610da16ea730807c990ea4ff23b1446f473e7755f52bf90 |
| SHA512 | cac1f317446cc55ea5ad60d7f32d85ee6b2868925bb95772e3dedb80514205842ce0161ebb8d49379842baacfc62e9924371b6faad241b42cb38e91026465ecc |
memory/4712-283-0x0000000140000000-0x0000000140192000-memory.dmp
C:\Windows\SysWOW64\perfhost.exe
| MD5 | f3ec0c7a0507d3ab5277b5644bb439a6 |
| SHA1 | f30a193d64a2e0a878484229232bc561363fa704 |
| SHA256 | a24ea6a491854e0340726a1cd39aa663ae733c7ee3f9b7c342a1ec0fc9a78f5e |
| SHA512 | dee2a9e0aaa04d6e95551ba805504d3c36e42f5a64596aa7addbd8add057e26d1e90232894ea6044fb09a0e277d7821438b1746980edbf951777296923e8561e |
memory/4360-294-0x0000000000400000-0x000000000057E000-memory.dmp
C:\Windows\System32\Locator.exe
| MD5 | 31deafb7098bc7a400e18fecd81d99c6 |
| SHA1 | 9a8812e278f2195e0e18c4fd4637b91b59d0f232 |
| SHA256 | 5eb1a72419df7a75d607d1501e50ab5cf38549f2db650795f15603762e8298e0 |
| SHA512 | ccf86abd70eb9d717dc27ce5cc7deef539961c5b1a78295621325cde4079d0d3de4448c1df864aa1744278ec5d89d8dd84fb101be2a0ed56fb8903aed6458b53 |
memory/1176-297-0x0000000140000000-0x000000014017C000-memory.dmp
C:\Windows\System32\SensorDataService.exe
| MD5 | d74086dd8d4b812c710398fb68f669b9 |
| SHA1 | 982a19141a377fb8e7c6c81146709452c8396421 |
| SHA256 | 013c19168362fa5d2ee16e2e8b2b1a449750b2a9280eadb6eea2b2734951ef1b |
| SHA512 | 9284a99766cb2cdfd42945f8b552e2b993be729847e79181c1f6d49136c66a307172abfbaca68eb842663ff048aa59059fd21a1b9e715415bd99fed4759f3530 |
memory/4040-308-0x0000000140000000-0x00000001401D7000-memory.dmp
C:\Windows\System32\snmptrap.exe
| MD5 | b2c5b0a1c0e5ed8468c07342d5a3017d |
| SHA1 | 3c13129a2318ec58d3d3331375ba6bf098c58103 |
| SHA256 | 885f7170b469a2a1e0c5f15c4efa9be8a9dccfcd161c0fdb78e622536331a805 |
| SHA512 | 3fcda846ceb564e8ef2661f729a2330372910fdab9f1763cff1aa59a2084a2ed03a80d516c4101be1f212d9702e6100f9115419a0f1052e59c81a30691f5928f |
memory/4776-328-0x0000000140000000-0x000000014017D000-memory.dmp
C:\Windows\System32\Spectrum.exe
| MD5 | 36a372b60ed2726958ef30909a67dcec |
| SHA1 | 92e3e686b4294d26b6641ed8a95e32f0a6b01c32 |
| SHA256 | 2d7dead2f640d6d39fbda5af180790bd8e4b23c41d2263f018f0321e79483fc2 |
| SHA512 | 013f8a14416973375d10232c29d86302648b8edb37e5f7a301d2997e39d2dee896f7570b764aebd88f8fc14904607780ae94312c7be6eb112ea4e29d168eb975 |
memory/780-331-0x0000000140000000-0x0000000140169000-memory.dmp
C:\Windows\System32\OpenSSH\ssh-agent.exe
| MD5 | 118d2e14aebc255f8361d79d3d9fb61c |
| SHA1 | 448a43585b5c597e7cf35894369a3fb049f3531a |
| SHA256 | 8693655f99531b01da20aad5cc19723b9d3f21d2b3a9f7218988bf35cf2878aa |
| SHA512 | 6173bbff6d2ef8c52d8555f6e6d9aea54e7af136190a45925e4c642a0bd5cfbbc6a8c45f4552ffc4ab542c53c28fad1b9fd4e887d70341cadd9aeadf4b0017a6 |
memory/4772-343-0x0000000140000000-0x00000001401E9000-memory.dmp
C:\Windows\System32\TieringEngineService.exe
| MD5 | 3b006e27a27986ef6b12fcdc4eb73dd4 |
| SHA1 | 5f50707a821be94b490e9c67e2057979debee9ed |
| SHA256 | 3c3a8948c49070619b55231f43e754d546a7e15d6c8c1a1c3006a6f0405f444c |
| SHA512 | 5642bb25b227817b9b96405c4d1a82d7702d1c94c837be4a31e690bec2ca82a94c46743a800c84fb6a8cb6239bf1d576b8e9526a2a7526d62cc91dc6fa0b2ae5 |
memory/1248-354-0x0000000140000000-0x0000000140190000-memory.dmp
memory/4876-355-0x0000000140000000-0x00000001401C9000-memory.dmp
C:\Windows\System32\AgentService.exe
| MD5 | 57c4506cf316ef43fa198f76d7ec7989 |
| SHA1 | ff40430475a702d295fc3dfd28b7cb1b2a6998e2 |
| SHA256 | 5bcdcc8ca2e9fcd12b8667ccf0b9f1d0746848167b8f193a123f4149165ee483 |
| SHA512 | f2fbcdd6aa03fc75c934a914eed33151dc3ed166db5f01adda2ac89a284a4f85bc8bcdc0ede43afc57cde24de67315020129d61259abada0702e119c12933e8f |
memory/3032-366-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/3032-378-0x0000000140000000-0x00000001401C0000-memory.dmp
C:\Windows\System32\vds.exe
| MD5 | 4dfb08d5694d63afb18f25fa7f72eed2 |
| SHA1 | 3317ee45d0a614d8eddf786499c7f88992d9dc86 |
| SHA256 | 533424d2d614a5bed4f0412795273764627a967f9c423bae228ae278ff7a21e9 |
| SHA512 | 0251dea7fc9e1e1fb2f06b5e3cd0a1ad4e5ff1e88f9b9c40c8069e837db3a6a78808451f1023b0dd6c895c10c7bc795c234169ef31432d00dd8895abf3d93c8a |
memory/4600-380-0x0000000140000000-0x00000001401A0000-memory.dmp
memory/4088-389-0x0000000140000000-0x0000000140147000-memory.dmp
C:\Windows\System32\VSSVC.exe
| MD5 | a2a3394e0e379bd50047aff785e2d12a |
| SHA1 | b6418a82a48e3d06df41cabde15e30e61d7d4a87 |
| SHA256 | ec79bee694efc5e95533789ef94a5513271c401c901cecfe42b2aff6ee7d5d21 |
| SHA512 | 432f2b698905835eee8496ea6d961a977081a79f2f73ec209fa1348d2497f635326302a3b6f78f204860a0f6b82ccd0bcdbc92490866d81ca3e407b6017fdbab |
memory/4712-392-0x0000000140000000-0x0000000140192000-memory.dmp
memory/3276-393-0x0000000140000000-0x00000001401FC000-memory.dmp
C:\Windows\System32\wbengine.exe
| MD5 | 4a01e2b7588c460255debd28f5b47533 |
| SHA1 | 092cbbc27450be073311f947095e670efe02f168 |
| SHA256 | 5acfd979b4d76748e07e5266724e552538b6344048fae2815bdb305e587ded0a |
| SHA512 | ae0ed5d31f4948b70d85d900043e4d971a7d4f133a8306d876fb1e538099f24cb1e8e274683ce912a2353557c9dff0a6f4844ed9e15d4668dc055ed2682c0687 |
memory/3308-405-0x0000000140000000-0x0000000140216000-memory.dmp
memory/4360-404-0x0000000000400000-0x000000000057E000-memory.dmp
memory/1176-416-0x0000000140000000-0x000000014017C000-memory.dmp
C:\Windows\System32\wbem\WmiApSrv.exe
| MD5 | 6754c1dcfdfe27660caef7106d3cd078 |
| SHA1 | aa83433fab99b48f917ab947b58fb167fd63e178 |
| SHA256 | 22d8bca6c247d49b0336c70f9ca6cdc1b6d5b1a0c9663ffdebea68079549514a |
| SHA512 | 9e6257a614438743e74a1f06a0a0c5cef3e9efda12b32c1cbb014bab695b7fe635962ccc1f18f644e1a6efc80b9f70642908297d54e5c74c4fffe8248954c330 |
memory/3060-417-0x0000000140000000-0x00000001401AD000-memory.dmp
C:\Windows\System32\SearchIndexer.exe
| MD5 | 2fe4e7ca49a04e64e9477425acec0ef1 |
| SHA1 | 632f1aed43b25b7ba48183a70cc14cee1e788e86 |
| SHA256 | 93fc02b1b4c5677b4e0e0228299c11a655281dacbe06926bbc480fa0e8bd8655 |
| SHA512 | 8418b6293ee99e8fdc44873fd3e5627f991853ada6b6026127c60cfb017886e9484ce0da29432074cf7884fcb384f1cde842485c50eeab790624cc1cc15b1482 |
memory/4040-429-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/2284-438-0x0000000140000000-0x0000000140179000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 11576828bcfd4ebb51951d8758b65560 |
| SHA1 | a5f0e67b0041f08a7fea7cc4519a9fefc2614308 |
| SHA256 | 6199d8ce1f6fea4eadbb40d6a7aa92fa1fd8dfa1feb5d1e9a80593919ec9c0ef |
| SHA512 | 5473357f425c7295498e31b1fcc645350b4d031c0bb12f6dff83ce4989240460fc966e79c9c6b481e0022ca9ea7efd23c0c7c19d2676a80a48ec760d66b15c65 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 9a6fe54f8ba41a541489eb700c1eade5 |
| SHA1 | f68565a03eba30e817616c36618cda022bc86826 |
| SHA256 | de0368bb54a68298e7435d6344f827e2ec657da4075ceb951045b1ac07c75b52 |
| SHA512 | 43fb4a1ee1cd16445c2ae387564025b12e9b337b33b72776d1f4c9e8d6c7b571ffebbb759dcf7e0cf9512fceb4465fc88a9d5e52fa750afc1670d13cac7f7897 |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | 97c5236187ba135cd6a7d83808fd0223 |
| SHA1 | 0ab4755c57f77208d6aa0014187be2d0bd0d1896 |
| SHA256 | 5875c056397b602e7ea5812b21049ff6661ea6531cc512b099ca25b3367e70af |
| SHA512 | 72f1da7d0893021c523f988cc67452672a68c207bde1159dadf1312aca695e62f1947521cad606cd86f93ffab45a2d2ea8c5864c70a507583f97783a18cb92a7 |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | 4ddf68a2c7ea6fc4fcd437727401f2b8 |
| SHA1 | ab01087088da717b99b31b3e029a2e487268ea38 |
| SHA256 | 4f21dff2921a806e8f8f2ce7cef29f8d722868221c891b7216077f1c093c6313 |
| SHA512 | f5fed97b30b1a83ac86b6e40620c694a6fe2bc305eda8a595dbc1d7fa448e0b587393656e683e204ed77187775bb13df354d6db7548fc3af895c14e02557f5af |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | 4c87f4d6a6c9fbcb414f981b6aa8107c |
| SHA1 | 4762e9ec1f9028dba8ce389dd2cabdf9740cc339 |
| SHA256 | 125046fa962a8ee59037cbd0b75d6d071b227e241ca2aedca2f02b549949e81a |
| SHA512 | 5218eebb7ab3891e6553b17c474233531bf468f674e12a6faf1cb469459ba2bb0e71947c15c03058a3397592d13d699f0aaeaa0e83d8267424b00a2a54dc2d71 |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | aa0bae15a6bf894936471697646bc739 |
| SHA1 | 9d89e231df2beebd277671369fd0f4e06d91ffec |
| SHA256 | ab1a304144fe457f8fc69c191ffff64f8f22543ca170e563bb89fb3d356d2531 |
| SHA512 | 3ff82e030fabc5c98f3435144a07ce9429208add772f46e690ca2033085fb63119cbff97fb6c84d61b72638609f87bbca67a971de6c236a0851f0cb404646d22 |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | fe2ffb4d4fdd3bd315f8b25d45ee4b18 |
| SHA1 | 7680cd97d0e7fc4fee1e50203fcaee51b0a56a0a |
| SHA256 | 203b38243f952bbd4e3c452e0163c93cceda93230ea55fcfa38105afdbbffbf0 |
| SHA512 | 4d298bc20c88a9c0c5cd92141b472d0bf493d67cb215dad64dde79f5b4d3978dd36a0dba2ae64b5a2ad20511631f54bae1da25136336d363809be58282ea496e |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | cbcaa47abee4ab410011d0fa4b31355f |
| SHA1 | e914325c6beca85ac2e43212a3beb3904403c560 |
| SHA256 | fc770a934b1ba0d2e7b0f993c07e99b5c2d384668591377cffd189639bb6d85e |
| SHA512 | 2bd4e43d805095fb6339498c198859be0d4fd942bc3e7b21ca88d1f8b06e2ceea1b740da57b02199cf526bcad7571781bcc4b53342f4468d221bcebebda620b3 |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | 56790ca455baf6c224d11287d67d0fc0 |
| SHA1 | 59d91d65e9fca6495db58135ec311ee02faa88ed |
| SHA256 | b13648f41e6050f382ecc00aa885b4f66755420d3af7fccf242fdae290faf461 |
| SHA512 | 55fbe6ac3983c3fa9a6e5a976cf68bedc45660f0deade35aa8f37fa60d3442cc2bdaeedbf8c77531bfb99cf6e94fd451e6b5aa0bcb731b71d2383fb1a029d5d2 |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | de2584049cd5885b43ec7edb4346a759 |
| SHA1 | 9760ed5f5fd174beeb69e809791cbb17b8c6ab9f |
| SHA256 | 17b5cf40a82a7a4e92a0456218dc8bd6cf781222ad3c2002cc92769008a36fb9 |
| SHA512 | 53ef0fefb72e995e39b77e75ebfb470044fc286ecb37caed7054e0d7d1ab902b227a3fdd30c3283099db1a49c2c4eb3d4bb3f46e32860148bfbdf498a48fdd97 |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 50343dea13a1212804eacbb4e6493d4b |
| SHA1 | ceee6b6908ae6ae437d9afb84a18801fc6c2e58c |
| SHA256 | c5a95876df40db5d679d5a262ebd1d92b1568b771a2483eb2e6eddfaa52226db |
| SHA512 | ea241651e717b71e7e36b4b37350bec3ea24d29882362bef9f5dd904cb3b4c84ed5af8f60bab9b4c6f2f383691e295bc348744076a422efb41b2ee95adf8e985 |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 6781df65b231272ef0de0b86680c66e9 |
| SHA1 | a3fbfc5b06c06b76eb288a48e1e299b74c1ea029 |
| SHA256 | 8ef09eb06a5b37ce7c6d4f2318cfab6f51363c3fc70e029487e00f6e31bfd84a |
| SHA512 | d180917bee884297e8bc005861a90e416457df4bc185f07b1ca38b4065896c678fad8059534bbaf871516edb0530bd1c2aa6daa002384687afcb845ca5760f72 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | 9b5d4ce8ae5f62b95097535deb8cb387 |
| SHA1 | e340aefc3d2190084a541521e90a0f7ae8167d2a |
| SHA256 | 6bb3dcd6c66fc93f5438ab6d4672f6a3125e3731fd50551a5276041a9eb4121e |
| SHA512 | 5f8c00d20eac7eef69618de10ec0b994d04639fd00a77b83d0ed284f2a34c2316b9b4e1ddb2f215cec33056ed83653ab7da53319d9f54477ef5653a8e9fea44f |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | ba180234790101426cc1bec5c355054c |
| SHA1 | f88a202e4660610176a0afb7539ab04ecf1a9c9a |
| SHA256 | 94cb7e4557f260428e89138129a8d7f3621e0879315d791ac184787c16dafeca |
| SHA512 | e956eac0cbd78d8c51b0f391c682825b686a390569d0ffcf965c41f509ee526d064b8c49c52ed6dde1db622b6b6a0b726a785dedb15333e611e0215cbf60c000 |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | 33ea9d5c13ac0f59a7e3b9d0464b4f07 |
| SHA1 | a7f806d135e47dda0cfe3fad5bdb1b0cd74cee67 |
| SHA256 | 4b0f1dbe7ce2e7e19d0e953ba1c0c524c782ac4ac5ebee7aa47f8ebf39a39237 |
| SHA512 | e785527246c89f2fb0646a1015a97743d6aef54743592c97f708651fc0c9a142fafe62d44e841bd2c9c95f07a104f3538b7993b12a1e625d69d127dc7eb4228e |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | 7d3c95652586fb8d3eab4f91a84f53eb |
| SHA1 | 31c888593e028e67e599ac6c52dd898871b7b3c3 |
| SHA256 | b626145a5fd578f009a2979b2c479889fc91cf2eff209425a9fa711262de3000 |
| SHA512 | 3f7e778975f188eee39ee044bcf5bfbbe6786504a7f0e7cac1a6f18bb0f6c447cdadf7b565752244c868c55c4f236d912c292f05b28b59310c895bf520e27aad |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | a20d64c87590760f87da71606c8486db |
| SHA1 | 9afa008d6819099e71edbee844deb50f191652b2 |
| SHA256 | 0dca41e81a0bbd50e7cd7221ea54c293f0e8bf0064103c0c57f9e7c7fd474ef0 |
| SHA512 | fe532bb1733af7582bf68812980a9ad98b95936d935c99c46cff2f4d636d674019a721a2846c8fc9e1a58e84842b48ab23e9aec353d052512a5cc3ed7cf7c9e1 |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | aa92e5a84da9026fe8810c307f3d3054 |
| SHA1 | ebaa6cb227c4c5bee81727483b8b543e51869944 |
| SHA256 | 07fe0063190ceac91b67e4f9c9f135f7d5f2c1817334ecf78e3241b1b9569dc6 |
| SHA512 | 41ee703e564adae67a14aeb759941c7054d791aabf0f64ebfbc33e602469b89095b590b460a821ed7ba6108524d50037d3b6fec05804ba1acb0a1bcd14cdb864 |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 5cb2b3aabbd44f6547eae91603c3fed3 |
| SHA1 | ac791d768f8d1ec66809e6943bdeb89386c08a21 |
| SHA256 | 4b8c2f4c9445612f5994ccfe3822af05793e54ee1d0bb6b0453e8667851c36cf |
| SHA512 | 820e691ec0efbf92a8d2a3605cefd4513badb47bc9b3e9757edd4917d2d08d903fa6e0426740953e9d79d155f259bf30b5a20eaffe7737145584a0ca70c78aa9 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | 76c43668a329a5fd6d946773a446cb17 |
| SHA1 | 8c085d0b064de5327bbe5d7d8dc216d47f60f218 |
| SHA256 | 7652dc8f6ee63f1f9f3322f64a5f01822bdd41b5385da2c379ff28670f0a2b29 |
| SHA512 | 9e5687e221f72993b95b683c7d80abb0b122ee178acef4f9d3b7afa4ceb5e582deb8ebc5a0bb40fb859d8bd2397df8a8383c6c83470387917a14d26192c64ab7 |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | 89a4dee9b072f4149a2e372f72d2179e |
| SHA1 | f8148e23f896acdbbe312f17282540d93b000fad |
| SHA256 | c0fbcb869a813f0ddf01768974eaa592585972b298d500a28b9cbb4a0937b33f |
| SHA512 | 36da2ebff4b38d69f6be8fc95d873f860c934c888fdaea6edb99e08a076c3f2c900efb97fa5a52c58c71a1b465aada7e4e873814074cc76201dbdf17a10213e5 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | e4f1fd12706e58fbfdf0bfb32db0c48f |
| SHA1 | 17411f31018e863b942a10e324fd6e20055a482e |
| SHA256 | 1301ea36bbdf77d97488b01a6b6e307f7c6b16053b7b5168f4fe39deaed35f9f |
| SHA512 | 8850b98ee6fb45070c74f386e1d48622c128328c38cab504be3d62d9d759f5217c679bc3fa155b6ed45c7df7aa71302b8804cd5fce986a733f3119709ae9462b |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | e01e0500122be9a5cb2813819774cb75 |
| SHA1 | b9ab8d39bc665ea10f2b9374633e7302aa1b83fd |
| SHA256 | 694d5e6bd21227f6b4e3e7235521444e3d76a5d86b5930c81eb2e42a64911acd |
| SHA512 | e753458286861bb1048ae85e043b676978e35b0228bba42741700c7d6a78c23625ac79eee1a64c02ab72ec3295e6748380c501b11ae86c7a4d7e15bf9bafc477 |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 9ebbe46659810a8d916f0fba5ffb170c |
| SHA1 | 6cd5d23b7acb5fec8d9d6f95afdda90781bf41f6 |
| SHA256 | 6713e4daa6ceb78a6119a2b150afc0f2ea668eaa522d8dcc66c697e3bda46d4b |
| SHA512 | 7b9c1ebf30ea70dad896c7801fd827a295f2610964acb99b48356b0053342053e77db980f2796d1b06c66ce9d83d204924fb03a0a8476adc461971afa8a60283 |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 278a50abf1c62ecf08caf359216edd41 |
| SHA1 | 5ef1c6f5d116cf029e500c9faca027858b306b9b |
| SHA256 | b9d3dec9f5baefbe8bcb8b2e374df9d92321d3a306cc5a6b2060960dd1618aa2 |
| SHA512 | 51dee9c18573fb490880664872f9359d2c1d6946fc7731142b8f47ff2ae9f2e810bfb5cff5a088ecac2aa60ad73a6e27bb574a13fbc06b2422a5eec28f481653 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe
| MD5 | 914b968d30abeb1d51170b2a746f374e |
| SHA1 | af1631160c61bbe5a62406135c2eb07f91dd9eaf |
| SHA256 | 68758c8e021700715374804fd4c5790592db819dcca6e9e70b01e902846a7295 |
| SHA512 | 1145c38b9bd312c28a92e1b3b5c765ef9fe769da4d9bf3612e7bc0901c9482e31d5cdd423eb88b7dacc2335e491616f3575723246c3b1f9ea365706d77d7a64b |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
| MD5 | cb511db9dd84e6c5698714afc3e62f79 |
| SHA1 | 4f40514fda6bf21d272ef7989313f8555d675907 |
| SHA256 | 3f9696f3b056ee6dbb557c8bcdb1b2495ba4d1522c92b5688db5ae8e5c46d880 |
| SHA512 | a3514845d9ed3da09c1d72dccae635dcb4d2ab80d35e84bd41355d46c9d3010e96b62a143f7c6d62109d6528b3edc08f39011b367941c435144775984fccf18f |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
| MD5 | 4c6cfe76676548a199928fba2360f052 |
| SHA1 | 7d4dbd9f7d5006c926b93417e0547367069c97a4 |
| SHA256 | 0d5a80a7dd48ebf7d99601d2c4ab2ff20670b8a2012a44fa8e58aec26e9d0428 |
| SHA512 | a95e31b9218e6d74965941cdc811e98a8defe904ca166c5cca46c23ed0aa0b8ab97423f340af97b81e9f7c1cab245125380da5193db2cad873087dac433c9d68 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe
| MD5 | 8b38c52ee4658bcbc9f9b7807e037fb9 |
| SHA1 | 34d18e68519fe98c470b9c3c17468dac84a20b56 |
| SHA256 | 9844ee8a14e67339a6dafa31d5d5e25e8f9016694c44e48d57de43a3822bdfdd |
| SHA512 | aaff779b0f825a1230a88237923c57e4d85badcf7877c3ed572986148088b12a5edf488c3f479bfb817acd83b63a15ab426790e9b91e6545833e60465c46f2d0 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | f4d4e94c64a3cf14eb3566edfa1ff241 |
| SHA1 | 0258e6f07df73bb70ad94e3bb0e02e226fbfc470 |
| SHA256 | 2f9a2843a6ca90c42429264e242b74d041a7e348a72a71e84005ff1e959dbef3 |
| SHA512 | 63ab0140541481f2cb3a1b2dc3eeb799f6d85be8f91a21a4c6bf323ef75feef3342627dacc1562675f8f2e831719fbced38713bdddf3a1439b3693415d6c43b4 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | e07b47da3eadf5e568eb9a9709376754 |
| SHA1 | d05d90664a7c5c1b18f19dc80f68bae5c584c2f9 |
| SHA256 | ffe06350a654f16e8bc0f4bd5d2d1ffa45f42f9230b69494483fe232ba0e3b45 |
| SHA512 | 05875229b761baae2976ba319fbc30985b3b5cd6edddceb9ce9eb2eb18595bfc6e5d3e91ae3dc12763c80d5adc1983bc7a3db84b7eebf7bf548060b401d23968 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | f0ddab44de76d0611dad873e28655cf2 |
| SHA1 | f89fa03f403327f976812db06e18c4405987a676 |
| SHA256 | 6fb2a2b45287a72e8ea816f16c2321be464a2effc0d8771fd8af807fbbb3ba00 |
| SHA512 | 42f7c5ccf70abc25876077965783a6ee3ad750988126dad004717576c1de27254eef8eb835ab901bfffbaac644955a0cadaadb071abb4d01285c5d147c76561f |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 5825869f11c04c2c283d7aeea09b7fa9 |
| SHA1 | 3ec55059c34c1993fe645b5c6b9ef5f0be202089 |
| SHA256 | 560e2f780c9870e99cc88e2667c6229f252fb74e4e3c3965d8b06fd32a1d9fdb |
| SHA512 | 1308d436eb5eca2ce14fa274340dae23879fa5ec38153137d3ba721d08ad6ff83a11bb3809c71af550f39526d3778d2848742b40b5779f4b2aa2449b5c6546d8 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 048fbc87a231453f7f3d6e2ebec38a11 |
| SHA1 | a6e72743410b2170f5f909056df2f8b33a765ed2 |
| SHA256 | a6c95f6fa6130b1ac69f36a9bffee644827422052bab6755ebd4dcdae14f9db2 |
| SHA512 | c73c1a653872e3e3774293695437ec6d19b38e83ff9ae58dfeea43bd20b85e113f02a766ed279bbbe3ec23f42a927da6cec1bed55643fc372f4b3b25460596ca |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 40a6e48ffa6ec42c0c05217570d6ee04 |
| SHA1 | 8d3d8e83303d8270d1c3561c1ea962e2a61a2453 |
| SHA256 | a75b58e8d8e5a26dadc8fa6177ad40a73cbc9d4abdd05ce1a922dc497204626e |
| SHA512 | 5029adf0646326acb30f48e2e4bae81d099aff76b8582ecbe212f38300ca69b7e34807e85138252a099f0f1a06b75b763109dfa0d0185894620f1796a3714e23 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | c6f51ab213189f004ace37fa691f626f |
| SHA1 | c61e7ba04ec2be4b9e1daedf7331b66d90c00e40 |
| SHA256 | e1a6b1adaa2b94a3748665f496fe501899319d030ac0d41f28304e12fb699c19 |
| SHA512 | 210ad3be75b1ae8c99732e11b25a8a4d98d95610cde328c94b271fc9a5f025335ddbf75111c91173cb23e2a7806059b99decaf1480bffbc57c56cfe2536bb4c1 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 4e3a97b3cb25b832edd388f24fda0761 |
| SHA1 | 963ca007d7a48f48af8cfbfdff4f4b9fd5461cec |
| SHA256 | 6e932257379932024309a54476bbf619d2211514e427fe1c12a9eb818f237546 |
| SHA512 | e6ec92499b6469a40fa3e350b829fe3b0be23f07a34980f9fa7d8279dc75fb3e9a95d25e1ac036ee90ae64a1eba9c9d6f2b399ca183f6e8514faf113de96d06a |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | ccf8e202ca3a9e85e8f9b5af51fbebc2 |
| SHA1 | 54ffa3b43badcca2a3037678e222befa4fd56573 |
| SHA256 | b7d64a71a0c1469b022cd0070ce5409b90df76f737926522bf3fe7e9d32d77b6 |
| SHA512 | 45e859ccf4fdacc96d3129624ee07ff37650ee676703f68452b237462f0165764d4fff1aa3ffbb423b762dd748a5ced1b205c7958975346f1244bf9983c735d5 |
C:\Program Files\7-Zip\7z.exe
| MD5 | f0f7d1b04605b419c216e4a0cc39c58c |
| SHA1 | 33e6190174e348662b6f7582cff7cf7c4aaf8d21 |
| SHA256 | 57cfd21d7835e64804126c466c0036a642dbe6bb0a626130ab6efd6e5f3921e6 |
| SHA512 | ac099c12d2f3ee4b9676dd1b612cae654021c745d3c10c9e2a5c72e25ab8bd386cebd2a1cec8715df3008418518ac40fb7195b65f144887219c04bc903ef2ca9 |
memory/4776-512-0x0000000140000000-0x000000014017D000-memory.dmp
memory/780-515-0x0000000140000000-0x0000000140169000-memory.dmp
memory/4772-518-0x0000000140000000-0x00000001401E9000-memory.dmp
memory/4876-567-0x0000000140000000-0x00000001401C9000-memory.dmp
memory/4040-682-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/4088-683-0x0000000140000000-0x0000000140147000-memory.dmp
memory/3276-684-0x0000000140000000-0x00000001401FC000-memory.dmp
memory/3308-685-0x0000000140000000-0x0000000140216000-memory.dmp
memory/3060-686-0x0000000140000000-0x00000001401AD000-memory.dmp
memory/2284-687-0x0000000140000000-0x0000000140179000-memory.dmp