Analysis Overview
SHA256
6f74652d09ccfabbc005441c2df301da52bd971ddbbccdf92ed044fbc2d2293c
Threat Level: Shows suspicious behavior
The file 6f74652d09ccfabbc005441c2df301da52bd971ddbbccdf92ed044fbc2d2293cN was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Executes dropped EXE
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: LoadsDriver
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-27 16:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-27 16:09
Reported
2024-10-27 16:11
Platform
win10v2004-20241007-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\xjc.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\wmpnetwk.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\orbd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\policytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdb.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdeps.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\kinit.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iediagcmd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\minidump-analyzer.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javacpl.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ieinstal.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateComRegisterShell64.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstat.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\serialver.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\orbd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jcmd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstatd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\pack200.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_87484\javaw.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\unpack200.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_87484\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\kinit.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\mip.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\keytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\idlj.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\kinit.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ieinstal.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jhat.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Windows\System32\msdtc.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWow64\perfhost.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\TieringEngineService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\TieringEngineService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000038c378d58a28db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{487BA7B8-4DB0-465F-B122-C74A445A095D} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000fff60ed68a28db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ac5f95d58a28db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000cfd92ed58a28db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000cc877dd58a28db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-2 = "Microsoft Script Detection" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000908d5ed58a28db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\6f74652d09ccfabbc005441c2df301da52bd971ddbbccdf92ed044fbc2d2293cN.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\TieringEngineService.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\TieringEngineService.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\AgentService.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2216 wrote to memory of 4528 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 2216 wrote to memory of 4528 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 2216 wrote to memory of 2384 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
| PID 2216 wrote to memory of 2384 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6f74652d09ccfabbc005441c2df301da52bd971ddbbccdf92ed044fbc2d2293cN.exe
"C:\Users\Admin\AppData\Local\Temp\6f74652d09ccfabbc005441c2df301da52bd971ddbbccdf92ed044fbc2d2293cN.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 916 920 928 8192 924 900
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.10.141.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 172.234.222.143:80 | przvgke.biz | tcp |
| US | 172.234.222.143:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | 143.222.234.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| SG | 47.129.31.212:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 44.221.84.105:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | 212.31.129.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 172.234.222.138:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | 150.16.251.13.in-addr.arpa | udp |
| US | 172.234.222.138:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 18.208.156.248:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | 138.222.234.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | 200.78.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.10.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.13.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 18.208.156.248:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | 45.97.211.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 44.221.84.105:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 18.208.156.248:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| SG | 47.129.31.212:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 44.213.104.86:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| SG | 47.129.31.212:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | 86.104.213.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.94.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| SG | 47.129.31.212:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 44.213.104.86:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
Files
memory/2020-0-0x0000000140000000-0x00000001401F8000-memory.dmp
memory/2020-1-0x0000000002210000-0x0000000002270000-memory.dmp
memory/2020-9-0x0000000002210000-0x0000000002270000-memory.dmp
memory/2020-12-0x0000000002210000-0x0000000002270000-memory.dmp
memory/2020-14-0x0000000140000000-0x00000001401F8000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 15b7eed57f52ff63e34db0ee21458c2e |
| SHA1 | 2319297fa075a57816364f4338af28f9f022096e |
| SHA256 | 542c817e45bb4280e6f10e2ce77d681359ccb26a9eb75a9bce44146bd354cc16 |
| SHA512 | 1a46f3b50d685dcc7de6a3ac740cd0952a5ff5f827b2854e53a0a03c0f0104a2784584e6eb71d6d8805d3a3eb4e1ad23e3107afb88cf9aed89764df10a4eeff7 |
memory/216-16-0x0000000000500000-0x0000000000560000-memory.dmp
memory/216-25-0x0000000000500000-0x0000000000560000-memory.dmp
memory/216-24-0x0000000140000000-0x00000001401E9000-memory.dmp
memory/3096-29-0x0000000000C70000-0x0000000000CD0000-memory.dmp
memory/3096-37-0x0000000140000000-0x0000000140234000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | a56ee52ddd9249f731f4f459b277bd9e |
| SHA1 | a587eaeb2bf8f8d7ed61c9d6616d48343195f317 |
| SHA256 | ee92b8d7d2df0fe21f4a98ffe94b7a329dfe01be53519794d98bb395e4ac88f5 |
| SHA512 | c718632810e9aa9e4011ab8b5d05343a41bf2fb3dba091590d76747ca2a8a517dc60ce7da07fe7414b6e1c82e57f8813547b3b3479f4490da4ba19bc33a2e110 |
memory/3456-47-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/3456-41-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/3960-58-0x0000000001A60000-0x0000000001AC0000-memory.dmp
memory/3960-61-0x0000000140000000-0x000000014020E000-memory.dmp
memory/1920-70-0x00000000007D0000-0x0000000000830000-memory.dmp
memory/3960-75-0x0000000140000000-0x000000014020E000-memory.dmp
memory/3960-73-0x0000000001A60000-0x0000000001AC0000-memory.dmp
memory/1920-72-0x0000000140000000-0x000000014020E000-memory.dmp
memory/1920-64-0x00000000007D0000-0x0000000000830000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | a873e4ae89f96733d8423a83ab1fa21b |
| SHA1 | b50b0e2a8101ca34513000fa2696e96a6a4dcb7a |
| SHA256 | 2503dba28713639a735eb7adacef5ba7fad0688fce25cad328c1a22d3864216b |
| SHA512 | 8b61f7a31a11402a676918517b867528878d0a37e01fa5bdf1683424f92aeda609534fbbd836bafebc8570ef2f291da6a83fb0f577b7a7477c71299c376e0a91 |
memory/3960-52-0x0000000001A60000-0x0000000001AC0000-memory.dmp
memory/3456-51-0x0000000140000000-0x000000014022B000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | a74bced2da1466f423d680c3cb6dc780 |
| SHA1 | d9da225d206c090694fcbea0b79c8869f119a051 |
| SHA256 | 77da49a90893ec14c0f999e41f3f72569dc8b7c7cf6a8ab5d831cb8e941af501 |
| SHA512 | 5190232956dc26d3735e10fc7497d59b1920e9a2d83fe33f07185e9598d557fab3dba2fc1d26015b9dc642fe8801c1817c8b2e5e8a25aa23766bbca1fa4803fa |
memory/3096-38-0x0000000000C70000-0x0000000000CD0000-memory.dmp
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
| MD5 | 244d67d2304aae91fb0addf5f4fc53da |
| SHA1 | 2c7e476fac85c80f3f9111202ba299f301ac9dae |
| SHA256 | 1b2a14bf19a4ca1a8350d3e956d9db3a7d3d011ff3accb280df1e108f1734c79 |
| SHA512 | 431d5e226e3f01a08d0955be39f77455875aed5034945da3844923f9a77c48ecf367a23aad7a7a483f157293fc0b1d1b4d78fadc9220a428de8a92c57ebafb4d |
memory/216-167-0x0000000140000000-0x00000001401E9000-memory.dmp
memory/3096-229-0x0000000140000000-0x0000000140234000-memory.dmp
memory/3456-233-0x0000000140000000-0x000000014022B000-memory.dmp
memory/1920-234-0x0000000140000000-0x000000014020E000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | cdd45369fc2e84ed138bfdb685ba9ec3 |
| SHA1 | 386220ce63c8df21723764bca4c2d2409c4b056f |
| SHA256 | 1ce32c59666eba3e759795217af37e73bda4a37fd12d76362c1c48132308b00e |
| SHA512 | 51265059866529112358efade26331725eb749192e16249eb1fd6964d965fa949ea9e850b9d5fcd22bd2540f83c3859239efd641ff7aaa7bf75e51decfc09b26 |
memory/3212-247-0x0000000000690000-0x00000000006F0000-memory.dmp
memory/3212-249-0x0000000140000000-0x00000001401E8000-memory.dmp
memory/3212-241-0x0000000000690000-0x00000000006F0000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | a6a4fce3b04576bebc74a180821bd603 |
| SHA1 | c7ce92842990dd7a351c12864fe456e24844d62f |
| SHA256 | 3dce4b7c79b8621e3b6e27c17059b29afe68ade1444450a06121c6442e7bcaa2 |
| SHA512 | c68663965525fd737a6b44779c97b6774ca26c4a235ddb73785fafddc63842b1bba45799ef9850c728286110aca2427e62e6e588a011f07f1b874c639c7e4f23 |
memory/2288-252-0x0000000140000000-0x0000000140135000-memory.dmp
memory/2288-253-0x0000000000540000-0x00000000005A0000-memory.dmp
memory/2288-265-0x0000000140000000-0x0000000140135000-memory.dmp
C:\Windows\System32\msdtc.exe
| MD5 | ecc35f9abcbd876e343373c17576249f |
| SHA1 | 9b188bc5d0ebf01a4ceaf48d4e70d732cdd660e1 |
| SHA256 | 0fd06dc7d882df57cb8a8b33adf90c8472718f7aa944209236b1fb8aa142f30e |
| SHA512 | 9c5325f86c8816ace8335107f70fa438c8e195250762a904f1ed34573e1f99af9e7686e6c0ce9655a035ac2a32495d948d5d7b409585f572fcff702d72ff3a66 |
memory/4696-267-0x0000000140000000-0x00000001401F8000-memory.dmp
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | f91ef9ee9d65ca08ab55f5194656fa8a |
| SHA1 | 88930f646ae41394f6c3128ec7607f69a6966917 |
| SHA256 | 06d1454e1cff18dc77083b6f8a94fff50b75903cdb552e732178287ebaf11fb9 |
| SHA512 | e95810478349334ca8170369f4daf2c8c3a21134f815671fe5478deb28bb7717ce57231c4117948e2755522071093335d1705ce8f649521e087f3de069937905 |
memory/4244-279-0x0000000140000000-0x00000001401EA000-memory.dmp
C:\Windows\SysWOW64\perfhost.exe
| MD5 | 899beb1ab7a5e6b80e6c9e069efd5565 |
| SHA1 | e3543e340758e06947b2e6d03cf174c8dec9677c |
| SHA256 | e37616e54e3c3d158d232d731686ce5d6f7dd7140330992fb8a940251c44ec35 |
| SHA512 | f29d1b6ed524766a15e26589ad17e69758d1b1c1dff974858ee4c9c658deb54855d80a318a770e9149ca0060972dec53ee69b2dceb901247256f5bd40c1ce777 |
memory/4828-293-0x0000000000400000-0x00000000005D6000-memory.dmp
C:\Windows\System32\Locator.exe
| MD5 | 95ff205b614404f3c6477c74366be918 |
| SHA1 | cf00283fcae0f6a284731358ac239e365f0d3eb0 |
| SHA256 | 338843907f86abda3c9cb0e8eda8028d96dcac13d6d794f16ee428ff6861f054 |
| SHA512 | 98f46d0b43760870c57d83557036413bb0b7a423d5a4b66ad268bc74653143e0404e5045bc80a9a1f2a480c8079e2114c56aced804cc44cae30d89baecc6f72f |
memory/2584-309-0x0000000140000000-0x00000001401D4000-memory.dmp
C:\Windows\System32\SensorDataService.exe
| MD5 | 74b32453a1692918a700fe46f3fbbb36 |
| SHA1 | 084c3d545d790e558a2b77b97bb4dd22b0089183 |
| SHA256 | f86dcc9ff23e027fdffbe639db0020afd49d86b7ee01702caa14bb7df3e93481 |
| SHA512 | acd8db45bd433633c3dd13ff0c2ea349f7bf0c63f90eacf184ef6a43687d23f96929365a98edad75ae724e912a6c39761ee9729924ed497e19fe8f07fe5be68c |
memory/4660-314-0x0000000140000000-0x00000001401D7000-memory.dmp
C:\Windows\System32\snmptrap.exe
| MD5 | 12ade6a6c0e3aeb00445919e89a4bb04 |
| SHA1 | 8361604e94f46afe10a5d2a6134acc5539f9e404 |
| SHA256 | a40c01889e82e74858b5a80f31b23e99818d5c41bb6098452b5c4707a03b2fb7 |
| SHA512 | aa9ebe0020930823d2b2218843acdee20a54740c2b6d025f7610fc562263172fa4fb492499fd30489327ab2056205c553cad6bbdaa8d0a53a1fad2d369c12728 |
memory/1344-326-0x0000000140000000-0x00000001401D5000-memory.dmp
C:\Windows\System32\Spectrum.exe
| MD5 | f5be4908fa4b0f8f7ce04910e2e5fb14 |
| SHA1 | 497b904e96714f1735dbc22f1cf764ca65533bc5 |
| SHA256 | a09378c17036b9eb9c1c904d8cebcb90427129dc9fc53d71489178fc5a5f7e11 |
| SHA512 | 266c3b6f115e07c1a61f04a227b61cc034e82654d34c193fe04a26606127b1a726e515a8e9ff158b868a8632b545549d4659751b14888c06656a5ecef26b6eff |
memory/3336-337-0x0000000140000000-0x0000000140169000-memory.dmp
C:\Windows\System32\OpenSSH\ssh-agent.exe
| MD5 | 54b21ef968f33a9ae22ed06a66af69ea |
| SHA1 | 46f43e9e86961e5a36a99820e7685040798644ee |
| SHA256 | 453ab470dfc87a2b9fa1aa1e8c74923c1e6878a0d58f9fb2644aa3224ece2db1 |
| SHA512 | 7bc4c59740d16659cb005e3da1aa0c35091224ac9cdf517301aeb50bb22c870052990badb66476ccf42c05dfd86a73cf9d9fcf353926e61bc339f08740f8af70 |
memory/2444-348-0x0000000140000000-0x0000000140241000-memory.dmp
C:\Windows\System32\TieringEngineService.exe
| MD5 | 82fdd5aadbb05ef72817090116ad3834 |
| SHA1 | 0d9b133eb83230b1d277cbea52198b672dd37ca5 |
| SHA256 | 0ec58a02cede8c0f4cecde1737c2e35bbf3639b7e55938b6db4c9c927a18f48c |
| SHA512 | 95eb636f547bfa9af7071d69e42fd6f0dc520aad64a4c996c6d8dccf9cead6cbe8fc42a2a10d84336e1ae2b5f72fd0fea2ff8b825010f4834eeaafe1260e7bda |
memory/3212-366-0x0000000140000000-0x00000001401E8000-memory.dmp
memory/1400-369-0x0000000140000000-0x0000000140221000-memory.dmp
C:\Windows\System32\AgentService.exe
| MD5 | 487817a2e6a8845e7b36aeef73b1ab66 |
| SHA1 | ef62c0b85465fd29271612005b550c3a4c1b363a |
| SHA256 | 7cbe6c064320782ec21df708923959ef9bc973d8f2fa831e188eef99580f757a |
| SHA512 | 318b8f1968dee8b361ea1176e7f8a7e35a023d4461b46c61dbecc69f6f2007fbf07ade7461478c6f8faa7b2fc4a1a35365676ce57ff3531d35c069bbaba734fa |
memory/4760-372-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/4760-384-0x0000000140000000-0x00000001401C0000-memory.dmp
C:\Windows\System32\vds.exe
| MD5 | 444d0c4f6c77fd6b1c6010990d2abf8d |
| SHA1 | 379e845f93c1fac1fc731b9423f4cdd2603d9e9b |
| SHA256 | 15b754b5a098fb7dcb4079e223984576542e831a5ec1dea4b47da16f3652853c |
| SHA512 | f6de440518086952c63032119ad51a869163582f35db5dfa96ba18636f522e215daff3dd09d607c8dc11f86b25e6896f2e61da684dfa22baeafeb38ba1ac23c0 |
memory/4696-386-0x0000000140000000-0x00000001401F8000-memory.dmp
memory/392-387-0x0000000140000000-0x0000000140147000-memory.dmp
memory/4244-398-0x0000000140000000-0x00000001401EA000-memory.dmp
C:\Windows\System32\VSSVC.exe
| MD5 | 43b2a8536e912865330d85449af3a8a2 |
| SHA1 | 563d73aff095e199a8fc43eb63384de68cd9b70d |
| SHA256 | f725c9dffb533c183a3dfb47144b81cc47f481e8ff1c566189d705d11e61bb07 |
| SHA512 | bc229e06aac86a45b3fced4bff090126ea4d76af97a779d9c28ab5227e91d96962beebef18c8b65619db6cb5f4a38ffefda89ac3f4c826f9e1abb622626528cb |
memory/3732-399-0x0000000140000000-0x00000001401FC000-memory.dmp
C:\Windows\System32\wbengine.exe
| MD5 | 142f904c1f852a18f1a855b429b0d576 |
| SHA1 | 7372fc70d72bb5537809c644cf949043e3df5aba |
| SHA256 | ebfdf37972eb671a97937bc5c53e6935388163173bafb17c1be8f9d8c75b251f |
| SHA512 | 1db545e2e549e953fe4ffc19615191c8558b02f4f512a9d610c6cbf9f33a32526bad7761a4c270c14f0a0d575f76a5a007a14fd0bd34bcf271707c0c3bcd76df |
memory/4828-410-0x0000000000400000-0x00000000005D6000-memory.dmp
memory/4388-411-0x0000000140000000-0x0000000140216000-memory.dmp
C:\Windows\System32\wbem\WmiApSrv.exe
| MD5 | 622fb8a3edf8126afa2b1522c4aa3342 |
| SHA1 | 42c25e8c2536c92545cc24c36c61683dbec10123 |
| SHA256 | 08e59cd637e0fa1a3ee1b354032ba5cd2360115101c03847cee4957d0993bc55 |
| SHA512 | dd74a804fb64e5382931dd89dc452ccbbddbf239576ffc47847b762e26cf00b229ea69abe1c2708150f52a002d55d1823c088557c124382cf7bcd3bceeab2716 |
memory/2584-422-0x0000000140000000-0x00000001401D4000-memory.dmp
memory/3080-431-0x0000000140000000-0x0000000140205000-memory.dmp
C:\Windows\System32\SearchIndexer.exe
| MD5 | e3b0dbf8913465a3c8d81abbc256d104 |
| SHA1 | 23d1ba9ede3cd4089a439b7676375d261e635f53 |
| SHA256 | 439b2c98e5b025cab791dca08e34765307c6220a6684af6e6819f32d6fd112dd |
| SHA512 | cb3e79b14fb78189be23393d3ef694e85341e6d7b208289f2628618aeaf10d0d304955ab9bd959fa6c7da3d95d0f379b1ad89122c29496271278e63221772823 |
memory/2216-436-0x0000000140000000-0x0000000140179000-memory.dmp
memory/4660-435-0x0000000140000000-0x00000001401D7000-memory.dmp
C:\Program Files\7-Zip\7z.exe
| MD5 | 231d9277efce0f9691816200683e1257 |
| SHA1 | a5be154deb3a82cf61f0d539d912fc5b60e852cf |
| SHA256 | d361f0f3957f65f2d796686a811ad4b0fa8c33adbf4a74cd2203b1a8a15cf50e |
| SHA512 | 11789978112c059d3a1470255dc4bd42d4806e3b6bfe91b7fda60ff3156f8053baa0e8936ceaab3200fcdd9438f54c2f005883597776cfbea1889eae902cdf07 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | f7a78d1270ba0334f05f01a61e618669 |
| SHA1 | 0e06a22990a6b4110e0f31ccdf33e9647dc80af7 |
| SHA256 | 19758e0e734dcef33d259f50c1bf89452e613efa4f9ffc0484341cf1477a7535 |
| SHA512 | 2e4a071f81c43c5c8700e43fd1cd87eb65e620835849e944558c993b72620f47361e40506c2ea57694f37a695256fd70b9dc87967c4803962338138db7218e5a |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 84470326d80b9bfb3fa3034c89150172 |
| SHA1 | e733067fcdb5b03742d7f2e5ec30908f3708c428 |
| SHA256 | 14c5c80c01fa56a80b4cdd670ae9843035502bd3119adb5b98b7a295ed714ffd |
| SHA512 | 01682f611ede398f86e7bfbb75026e09e4ebda99bfc55310c5ce7253acf5d54b6a988678deaea8dc8e76daff19e8b5ec8bc0469b6990d5a234ba60da2ae6d04b |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | f3a1f1776dabe89e9e636e6bd2853897 |
| SHA1 | 2d5804476eacff12ccd0fb5d76171c592555a4d7 |
| SHA256 | 422920af46b810e37a3de1050db17883083cf9e6585a354acfffd563d361e9a7 |
| SHA512 | 7c8bb62ace086dbb1f3f21ba32892adb2dcd21850db4691bdbd80b06ffd9d71ed27574142357e6f5ce494a1086f94f872d48b775b20b9eaadad1d2edabe06509 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 41b688b0fc47cb8d1fcf322ee18891cd |
| SHA1 | 43798cbb27c953681aa6b800857182afc670357d |
| SHA256 | 49d129965e38bf81bcd7d0ee24a12bdf0ea5c8ce571319168bfbe93cf1aaaf46 |
| SHA512 | fef0571091ed93726931deb24e82d7f8f6a6ce8c823a7f505c22dc8f32a13c586d6353667a70ff8566d87c7fd6983c38fb7cec2b13390a9e36bfc8a2e203eaf7 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 228d8cac8a46bc93baad1e06bf749cd4 |
| SHA1 | a6a42aa331eddcb62d856a390ad31348a4b48106 |
| SHA256 | 5ac876e9247d763f08ba267ff46fad2a9c2c9f4060051d3012bd254617faea1d |
| SHA512 | f5058171cb7faba876be1dbbea5eb8d2a50f0b5dbcc68c20255b261f71c608883ce025bccd13d19e9e9f84450aa795edab79b2a3137ccd25b3bebc9ccb4906a8 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 049e67fd1c41b19d8502076d8f4e9ecc |
| SHA1 | ca3782ccf46e6ecf912978be014c477ca30dcbfc |
| SHA256 | 3a647f0f0314109ac1403e02b25050ca9c0c1af17333e0cd7746ce9d44ceba42 |
| SHA512 | 18d2989bdd4d74022fd3823d14f77062271819da4ca2d3c7f58238491b8912e184a7ad456ca28caccb1d777b02c874d2df25f18cd4c90e4874da18b450ba39e7 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 2f5bc5ad8a21551308c04a0ceffb2c86 |
| SHA1 | ffbd27086b6b5ee2c6af695751cf3930f16f4e98 |
| SHA256 | babe7bd02605677293ab757b3d92654a04338be8e146f019ddf693034cbca4c9 |
| SHA512 | b143c1448085131a40019fbfae90b23fe639a48b5b83300e363580161433826858b6a171769b9665aa7bc728c689646bef7ce623f4f299ba96b510a6cb584b15 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | fd201789a423112410710a70d41da428 |
| SHA1 | 6689b9cb95b85e6eabc9601b612bef3d171d30b9 |
| SHA256 | 3ab75bf6ceb478a7646b9b576a940948e966cd6a6f4f8a0eafa7c6afce88a193 |
| SHA512 | 9a95b01695efdcdb8f0308c17aa0510f6f0ffc03cc56072a96db46becef76a2f75c8074116f0a702f0e5bd3e1d4c2403f6c799c3e816cdbf6add29fe87058a55 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | d4a22aa77d0ada2d153ac8519f24c24c |
| SHA1 | ee394b41443b6ba7b3ecd7b4c012c96210e939b3 |
| SHA256 | fd4244a498f0efe32a8ada83e62bfad2f9a94470ec2e98c832ab07e26ca6ca0c |
| SHA512 | 7d913ee7ca4b148d96343c1fadad14a3db2a332dfec31d277602d1bdbd818836d0961a21d1096b66b07f8d399d493f991fb1e9c273cd03d079d801197e7c94c3 |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | 18cfb3e4a82144c3c6d5bcd4d31f557a |
| SHA1 | 7b4ef7be49712b767c218d32c4dd5f44694ae618 |
| SHA256 | f2787a35bef9512cc2e0e313ec908ff5f166c2acc0dc047d26c7a5c2abb6f98b |
| SHA512 | 8c88d4bb61267f762438ac6b3a1e398adba320a37a2650e29b1b4e38bcc182246fe5e73252989b4290f81bcdf92e00c64305f98d5d86f408c053887e29532e9a |
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
| MD5 | e1b9231c123f656f2132d9869f9ba4c6 |
| SHA1 | 6ace1160e37cb83fbb3bb50ccb2ea4d2edc22356 |
| SHA256 | 6231a4ee9b772874ccc6cdbc880d35fba232d62d0df12cc88f37c6deebd8e946 |
| SHA512 | 0ef7bf4ffaffb1ae4447864ace9bdd7d06a3176402df105a042febfb128ec1caee9649b5301cf33cb32a104c95b33e5d92da0fbefc6428f41a6aff958e2dc9f8 |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | bce4aef19a0ac87bf992cc4002b32566 |
| SHA1 | 9b8588a3c5b90f0ecb7c92bf0b77f63d3e9a7fb2 |
| SHA256 | 7b32c9cb22d657122b4d3b64fcf21117bfb8ef8780e16c6e70f8e7e054d2aff5 |
| SHA512 | 8132e531f18dbc26254d7ff9c3a65d7975d827fd127790ea1154490317ba3047b8ebc5091406faf1512cd33bdca632ab6601f51f51cfb3fb2cbdc7dcc4ef729c |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | b31b0e94e19b37b313de4ac8c0e58ba0 |
| SHA1 | 100bd0a865a1319e1f64397532cb9d3a052b7ba5 |
| SHA256 | 35d5f86b1928d97df588eda86b36129253cfdea06bb45d14988075d539d935da |
| SHA512 | 17e151ca6b3deef30b620d8023f2787aedf84fc2fabf54ea8578ae2d018ddf55b7e61eec3cbd1a13eec76cf9e8d71074c328ae3147e83c61a7ee4bc8f28ca05e |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | 0450ec9006e570881b0af5ed2ed708fc |
| SHA1 | f90431dfd3696e6160725a7ef7ae9aedd2343519 |
| SHA256 | 08c15ad42e6596e7c5ad6435be0b7d15dc4f7c629d2157136a27aa9f6476c75d |
| SHA512 | e0c3d1532ecc8221fdd3e44f6cd30453a87537e88a499063481334078ee5e5cea4affbf4e3465b798fb7a70f625df748291e0490209e885566c9d9fee3821fc1 |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | 5c0b450cf04d151081915cb12ce80eaf |
| SHA1 | ee41c77b9262af931b1355c0140ebcf81ab4f617 |
| SHA256 | 6604ec441733df2a2caf7e52dfd321d0c53eea49ee0731d5d7209fbdd719d83e |
| SHA512 | 4920f757f6fe5bfa51cf67a6a28a9b5abccea20c073ed7defdcca00a208c94aa046aa9fc3f9c386b1fe51cdc20f254ffe1ba3e90b0bbd752d2a73edeca84673b |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 5427078522b8db0141b54bd2c34bff8b |
| SHA1 | 2dd74893e21c063f1c7cabe2ebbe4b69fbab1359 |
| SHA256 | ba66fa0aa811cd86568e7eb7a7e366172e78a682148e316b94386e75880db719 |
| SHA512 | fe82dc482ab80977be2728e3c9b7d1e06aa4c425adc572e3566ad71ea903f8a27781d591d57875c80e4791219937dc12517cb1eb96a698bf24276100325d3e88 |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | e2213aea6aa206d6e4d17446dcb6ff2d |
| SHA1 | 4ed84dd32033ceb022318b6ad84a92ab3a1ca564 |
| SHA256 | 4c299eb689d76400cbbf8879ce62feb2cd63c4416ed01b65815ec4c562d2e3cc |
| SHA512 | 44c8ae1e8ce887c98695fbea4df04e782b75d5e74c6fdea10cfd674cd95be199e440d8401e4e16337b44aa1ca6e2f67e6f87fb738ee7ca92be4663a18ebc014f |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | 44beaacf6abe0d651179cf435bfe083a |
| SHA1 | 552639fc5858cad1fb3c53ae29acb87796ca5422 |
| SHA256 | 9f25a7afae3d85d88cb5e44b5410b0e70ff8723b409db5765d0163535706e44d |
| SHA512 | 27477b0d0ff5576d9fc84933a17a0faff1dfeac9a655719dd776a544b49c0bf0d5096dfd3758634ffe83b0d87e5cc38ddb87b141906809226c3c892cd7aeb469 |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | aa83df0c5c7c4bcb8838133cd8ecae43 |
| SHA1 | 3fe0520c0e6190030df14f3767e1420e4b21de18 |
| SHA256 | bd083b061065a407d25afd5d7c1f8bfdd764e041ebb556266f7d8d533f31b345 |
| SHA512 | 65cdc2693cc990856a7f907ef17defb84a6c1c86e6b8c72b7da58bc35747eb1dce0ae81a84c4b232ab24d3a65325edb92d543c2a77c37964b195d07b8b70ad7a |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 5a2fb70bfa94829d95569aa68762f1dd |
| SHA1 | 66a8511868be52276c9caf3523d4ffcc486f647f |
| SHA256 | 9219437e92c69dc95a19d159a78127c46fb701b55a0f109b0a53e5f0655ad41c |
| SHA512 | 4fdad8f09c2af2cc339d0de686717c019239678120b2930b90e6ccbc1756bc5dbdad15aed829217a490079ab3f26411ed4a51c0cbfa6581fc8af4f6b0df8ed8b |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | 811f2eeb54946397773890895d65eccd |
| SHA1 | 2646d744199f89e6a9ccbd2cd2ec23e6c6066ded |
| SHA256 | a068008d8cba2148577616e03b3ce3ffe505809f3e1fe313fcdae2a982c69f4b |
| SHA512 | c736995f380cdb6141a57a1a1b29411b3ea6d1e00742637c94bac885fbfc31124afd91fe4df9949b4445de3353391c2f4750c3944a1bd31775a3aaddb9c54215 |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | 06fa288c33de47e617b0f8e8632bf2d3 |
| SHA1 | 35f22f613198781568a4262042fb2257d82e7d47 |
| SHA256 | c469032bfecb95d7f033ca01c93b38574d0d5a896a812f7d171a3557a81261d1 |
| SHA512 | e92c70600d6384d8243ce40cc84a1859b8194cac72a34c6c487ee04dad4f1ec6b91afaf94cc179779b644bbe660c8d7660d9f9705b98181946ba6718bc597c77 |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | cfbe854626578a155df45e55c2c5f93d |
| SHA1 | 67a527ec5ff24d33dd2368b574773c0c093f7e00 |
| SHA256 | 316ccde69e7adde9c417f08b8236664b94464b6ece8811ffa20e09dc35e911cc |
| SHA512 | 8bff8ae9bf9bfc9925d58d7c8d446e40729cce084822647a6f67b66f1a047eac0f503e70a6491ab2e6f9e7d9156b22619e5dec4aadb31ed7197f4d4c78973a3b |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | 2510ce948b0ffbe710cc63cedc5710d4 |
| SHA1 | 50259d282e48092d4788178be68d756945b33f10 |
| SHA256 | 971e8e9e23ffe5a5b397dad6b49a64afc4241f044dad3af207c135ab57db92b8 |
| SHA512 | 700af5f1dd0815485219f0a9f62386b945828eda9b68a4866cdf888eb7e6b9f37013128371ad0c6956062b43f51bc667e1c1cbbda23f564ec9e48dd506dd7507 |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | 200ed7533c382eacbf50e8326a76602b |
| SHA1 | a3b5c8db62b1baa0b0711884ca1a7a11f5a2ab87 |
| SHA256 | 7ad5493d8ae34c31ad5555409ab9e39a1657ab1d95083400177d312548c7be11 |
| SHA512 | 392e3888ac2d3966f20f8dc11d0f62674419440b2a25cde0ee0deb15fb1ca998d4790e80e9c8638d4ecc627b1bd86f2ec1799c712b5d94387612a437fda78487 |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | 03ac59a24ab1910cf85adc804f0ffb2a |
| SHA1 | 13961d3a10ec39a51b524306e8a405dc04343f41 |
| SHA256 | cfc9f4f01189b9a1c45459091b8927e3790ac735a8152e23a643699c44b5044d |
| SHA512 | 5cce1335302c4d0062fd48a831e76104f72ef0cc4ecb8db914ac5fa1334cb580eea29c6b882c6ed75f3c348724e1d7ccd15c9d782acf8408bcdbe04adeb6af62 |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | b0cdb87751c9b7ba1899c9682ec31af1 |
| SHA1 | 5db4a0d313ee35d678fa5bcec03b761989b22ee0 |
| SHA256 | 8cb1321c5116c3dc5f817b522596c5ec41c8edd71a52e619e26d2f38640d4d91 |
| SHA512 | b8dbeee1855bdbc10a039c1fd27c9e2aa598765a05e909b4d8f1f9acebeacf6daa2c7c7de08bb4d2098a6a5fd6c668d4c18deb6d19bc14717f25e56b4c3de5ec |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | 9ab955eba43db4128875a11f05e33323 |
| SHA1 | bdb1945161239cd522d0c0eaebf10f880fcafed3 |
| SHA256 | 3df1bfdfdc1d46190a94b751ad0a9e6d2e4b0c8084df827fd9e3df9c01c117af |
| SHA512 | 2f95ca77979d3483c107d22e0ef9049528edf56a24e6454897ee4fa6b22432c578b6baa67dc771b9f06d6b7c51b745e34ad4ce6454f400ffeb077a15612b992b |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | a28b736a0c276a37beb428898ecbd412 |
| SHA1 | 97a43ae30becedd8e411008eed5913d475b2721b |
| SHA256 | d6a6c2df5b40cb5226cb7baa8bc36141ae00e45ac55626abdfe0f32ad160e3b6 |
| SHA512 | 784370ae98a581920a06466d3a2daa2ba07f2932c989eaeb63282b978d5bb6e1b90f492e722136e03927006f700c385ad1ad0de53aef57aa87917fcd321809b5 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 4e7e3f98264d80f4de4e59b6a74e4a25 |
| SHA1 | 55aa88a21c440af1837cd73a8660526bebcdde93 |
| SHA256 | a8e63b3a53172537018a5a5e65b745ded6aa2b3eafb63a7b5d826f7f03112342 |
| SHA512 | ad9056d4e562416fd815959ae9ac994b24d01227c6398238613ee16187a7c6a742beade8d422b8942f28e53f3bba81dc33b6bc04a04cb0ad5f51e843c3b335d2 |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 39ede187c85c0b25e346847d32b37ec2 |
| SHA1 | 2dce7a9a5d648d16dd3ddffab8f2572babd89d21 |
| SHA256 | d9b1c31a12b1b428f8866b44d60b6e05d346678e87a104104369caedd2045f18 |
| SHA512 | dde6e52d6c9306d16aa06748ffb79ba7cfd2d087694f298c4afe141c591faf88829a6d3175bc828e9e4a7c84ed32382f1b5b53c53cedac1d33d4e8829ea5a611 |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | c6a7e0a3524cfd9187d78cfb46f45308 |
| SHA1 | 15c36d48d243b5c2b2674dbaee77bdaf0a442b2b |
| SHA256 | 204a8402cd564bcf7b5c491560ae033253ba228a1c6d3b3360166c06aeb7255a |
| SHA512 | 0b4855e38d898028c4a60b3d95c6bb85dc557a0b0cc29735a17a66baed3f17edff7fa44f456b284cef1a5a56e40bd45053a246178943bbdbe3c7a556f0fc9e4b |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | efeaf4f0f532739a9abc61c8c0184188 |
| SHA1 | 533705c682154f45ffcb8735f9a6abb0e6a5b0d6 |
| SHA256 | 39318b16cd0cff8d704ff9b0c790a119d4ce813ff75c818915af25fe0e19823c |
| SHA512 | 919b8ed19c3c7f15f845425e5dfacc5a2a59a603cf6147f97f520d9074f9e8cb10cc46eb4060007020339df4f0394a89c85872db78e4957b1dad93764302ee8d |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe
| MD5 | 8e3cf1f7ec29fbf5d25b5fa8902c031f |
| SHA1 | 6b3344cdb493772788beda07f27dedd4898b79f4 |
| SHA256 | da0f3394ef370a26be13b0f3348591b28f6059766c8cadf7a1e9e40e4a0af598 |
| SHA512 | 792353b20edf9a50c592754f345899071856ec4ebc45f224f9e335ee0412f663292e044447ef96c3811bb87819fcdf6515de0b0712fdd9ea5144dd829cb0e333 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
| MD5 | 74939be17f328094031e27fa9e0e0626 |
| SHA1 | e69166a4bc4c5a1822788c7d81dfdb480708bfbd |
| SHA256 | 4ae105550cff0db703d7b32fc05442870514381c9790f0987861834d8807cc66 |
| SHA512 | d5a9fc624321726045c4c39ec654999a4faae25394693e2500805b1be2b842e55ffd52220bc36203e07b6c21eef46ae98b0dc2bc3d8c2b831d2aaf273ad47eb6 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
| MD5 | fb8bc8b089bf3657b0027789d0b5da5a |
| SHA1 | 21e235858818d6c707af8d94e9821cb05ad655bf |
| SHA256 | 7e615624746df1dd0d876be7e1d82698fa24e4e7b5343de9042406bd222c36b8 |
| SHA512 | a89652e9dad038587ecf356ed4aeb5700c6a5139c5dfcdd85c32d29d943bfe3055ff3eafcf82b21108fef33c8e88f0dee22d29516dd43611071810aa6ddb3a55 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe
| MD5 | 77d77698271b066d1e8301482deb1559 |
| SHA1 | b13ba3b93e960ca03ace2b23a9280c9c67de1f86 |
| SHA256 | 4175bbf12f2f985e53bbed1b6eed0b7850a222f357a689f1f03119e9cf614b8f |
| SHA512 | ddc7473706004207f8da145eda16e98ac6a9272ba942a0a3096ad4faa168065b13d5b5b410de19b1394a0a617aed42fa2e6647fc799a767da48b27fb454acb20 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | b9f4b6c38fe856c1761ab7c64adf50dc |
| SHA1 | 38def28e3664938c5b40fc862cd30c22bf19797f |
| SHA256 | acb9da39414c00e312308449bf66e5fc24af867bd24fa255fff8604adc2451b4 |
| SHA512 | 667d13aad13d27b5e4670decf129b00d90e72a3e0df3147c1a51fc65f8712faf09c253566e3790dc7d227e8bb46eb08abb1a330d51fd74d4017b12331f32cfc4 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | 7be75b914c28681390ea404596627c0c |
| SHA1 | 9e48b7cec76fd03fcca2a0eb6afc846a1d936cbe |
| SHA256 | ba058916af50fbf39d8b7bf74b77a0e37278cea74c46df415efa5e3ae2f3afa4 |
| SHA512 | 1e0bf1e17b014028cb1d205ecf5353f87cca58270fc2e7305da9bc4099f502ef15f4adfc922b5736029078a05108be903df11644beb5aad231db544a2d4c7cfb |
memory/1344-519-0x0000000140000000-0x00000001401D5000-memory.dmp
memory/3336-524-0x0000000140000000-0x0000000140169000-memory.dmp
memory/2444-525-0x0000000140000000-0x0000000140241000-memory.dmp
memory/1400-590-0x0000000140000000-0x0000000140221000-memory.dmp
memory/4660-625-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/392-642-0x0000000140000000-0x0000000140147000-memory.dmp
memory/3732-643-0x0000000140000000-0x00000001401FC000-memory.dmp
memory/4388-644-0x0000000140000000-0x0000000140216000-memory.dmp
memory/3080-647-0x0000000140000000-0x0000000140205000-memory.dmp
memory/2216-648-0x0000000140000000-0x0000000140179000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 16:09
Reported
2024-10-27 16:11
Platform
win7-20241010-en
Max time kernel
15s
Max time network
20s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\6f74652d09ccfabbc005441c2df301da52bd971ddbbccdf92ed044fbc2d2293cN.exe
"C:\Users\Admin\AppData\Local\Temp\6f74652d09ccfabbc005441c2df301da52bd971ddbbccdf92ed044fbc2d2293cN.exe"
Network
Files
memory/1176-0-0x0000000140000000-0x00000001401F8000-memory.dmp
memory/1176-1-0x0000000000560000-0x00000000005C0000-memory.dmp
memory/1176-10-0x0000000000560000-0x00000000005C0000-memory.dmp
memory/1176-11-0x0000000000560000-0x00000000005C0000-memory.dmp
memory/1176-13-0x0000000140000000-0x00000001401F8000-memory.dmp