Analysis Overview
SHA256
58f05a6737521572818cd1f75e222c3a2e2074804015cfd20478ce172f7430b5
Threat Level: Shows suspicious behavior
The file 58f05a6737521572818cd1f75e222c3a2e2074804015cfd20478ce172f7430b5 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious behavior: LoadsDriver
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 23:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 23:02
Reported
2024-11-08 23:05
Platform
win7-20240903-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\58f05a6737521572818cd1f75e222c3a2e2074804015cfd20478ce172f7430b5.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\58f05a6737521572818cd1f75e222c3a2e2074804015cfd20478ce172f7430b5.exe
"C:\Users\Admin\AppData\Local\Temp\58f05a6737521572818cd1f75e222c3a2e2074804015cfd20478ce172f7430b5.exe"
Network
Files
memory/2132-0-0x0000000000400000-0x0000000000587000-memory.dmp
memory/2132-1-0x0000000001DD0000-0x0000000001E36000-memory.dmp
memory/2132-8-0x0000000001DD0000-0x0000000001E36000-memory.dmp
memory/2132-12-0x0000000000400000-0x0000000000587000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-08 23:02
Reported
2024-11-08 23:05
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Mozilla Firefox\plugin-container.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ieinstal.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\klist.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\serialver.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iexplore.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jar.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstatd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jabswitch.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ktab.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\orbd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\servertool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javaws.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmid.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\ktab.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ktab.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javah.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\idlj.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\kinit.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ExtExport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmic.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdb.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jjs.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Install\{CA9E0780-5A2C-43F8-9E63-52BCB11A02D4}\chrome_installer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jcmd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File created | C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ielowutil.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsgen.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | C:\Windows\System32\alg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Windows\System32\msdtc.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\58f05a6737521572818cd1f75e222c3a2e2074804015cfd20478ce172f7430b5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWow64\perfhost.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\TieringEngineService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\TieringEngineService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000715f33893232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9933 = "MPEG-4 Audio" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{80009818-F38F-4AF1-87B5-EADAB9433E58} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a1ab41893232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c58d80883232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007f3cb0883232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000003939ee883232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c30639883232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E46787A1-4629-4423-A693-BE1F003B2742} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a1a574883232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000fd683b883232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\58f05a6737521572818cd1f75e222c3a2e2074804015cfd20478ce172f7430b5.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\fxssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\TieringEngineService.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\TieringEngineService.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\AgentService.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\SearchIndexer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2288 wrote to memory of 2132 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 2288 wrote to memory of 2132 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 2288 wrote to memory of 3056 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
| PID 2288 wrote to memory of 3056 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\58f05a6737521572818cd1f75e222c3a2e2074804015cfd20478ce172f7430b5.exe
"C:\Users\Admin\AppData\Local\Temp\58f05a6737521572818cd1f75e222c3a2e2074804015cfd20478ce172f7430b5.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | 107.10.141.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 172.234.222.143:80 | przvgke.biz | tcp |
| US | 172.234.222.143:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | 143.222.234.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| SG | 47.129.31.212:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | 212.31.129.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 8.8.8.8:53 | 150.16.251.13.in-addr.arpa | udp |
| US | 44.221.84.105:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 172.234.222.138:80 | fwiwk.biz | tcp |
| US | 172.234.222.138:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 18.208.156.248:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | 138.222.234.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | 200.78.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.10.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | 20.13.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | 45.97.211.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 18.208.156.248:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 44.221.84.105:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 18.246.231.120:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 18.208.156.248:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | 120.231.246.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| SG | 47.129.31.212:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 18.246.231.120:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| SG | 47.129.31.212:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | 185.94.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| SG | 47.129.31.212:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 18.246.231.120:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| SG | 47.129.31.212:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 3.94.10.34:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 35.164.78.200:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| SG | 18.141.10.107:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 44.221.84.105:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 34.211.97.45:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
| US | 18.208.156.248:80 | damcprvgv.biz | tcp |
| US | 8.8.8.8:53 | ocsvqjg.biz | udp |
| IE | 3.254.94.185:80 | ocsvqjg.biz | tcp |
| US | 8.8.8.8:53 | ywffr.biz | udp |
| US | 54.244.188.177:80 | ywffr.biz | tcp |
| US | 8.8.8.8:53 | ecxbwt.biz | udp |
| US | 54.244.188.177:80 | ecxbwt.biz | tcp |
| US | 8.8.8.8:53 | pectx.biz | udp |
| US | 18.246.231.120:80 | pectx.biz | tcp |
| US | 8.8.8.8:53 | zyiexezl.biz | udp |
| US | 18.208.156.248:80 | zyiexezl.biz | tcp |
| US | 8.8.8.8:53 | banwyw.biz | udp |
| US | 44.221.84.105:80 | banwyw.biz | tcp |
| US | 8.8.8.8:53 | muapr.biz | udp |
| US | 8.8.8.8:53 | wxgzshna.biz | udp |
| US | 72.52.178.23:80 | wxgzshna.biz | tcp |
| US | 72.52.178.23:80 | wxgzshna.biz | tcp |
| US | 8.8.8.8:53 | zrlssa.biz | udp |
| US | 44.221.84.105:80 | zrlssa.biz | tcp |
| US | 8.8.8.8:53 | jlqltsjvh.biz | udp |
| SG | 18.141.10.107:80 | jlqltsjvh.biz | tcp |
| US | 8.8.8.8:53 | 23.178.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xyrgy.biz | udp |
| US | 18.208.156.248:80 | xyrgy.biz | tcp |
| US | 8.8.8.8:53 | htwqzczce.biz | udp |
| US | 172.234.222.138:80 | htwqzczce.biz | tcp |
| US | 172.234.222.138:80 | htwqzczce.biz | tcp |
| US | 8.8.8.8:53 | kvbjaur.biz | udp |
| US | 54.244.188.177:80 | kvbjaur.biz | tcp |
| US | 8.8.8.8:53 | uphca.biz | udp |
| US | 44.221.84.105:80 | uphca.biz | tcp |
| US | 8.8.8.8:53 | fjumtfnz.biz | udp |
| US | 34.211.97.45:80 | fjumtfnz.biz | tcp |
| US | 8.8.8.8:53 | hlzfuyy.biz | udp |
| US | 34.211.97.45:80 | hlzfuyy.biz | tcp |
| US | 8.8.8.8:53 | rffxu.biz | udp |
| IE | 34.246.200.160:80 | rffxu.biz | tcp |
| US | 8.8.8.8:53 | cikivjto.biz | udp |
| US | 18.246.231.120:80 | cikivjto.biz | tcp |
| US | 8.8.8.8:53 | qncdaagct.biz | udp |
| SG | 47.129.31.212:80 | qncdaagct.biz | tcp |
| US | 8.8.8.8:53 | shpwbsrw.biz | udp |
| SG | 13.251.16.150:80 | shpwbsrw.biz | tcp |
| US | 8.8.8.8:53 | cjvgcl.biz | udp |
| US | 18.208.156.248:80 | cjvgcl.biz | tcp |
| US | 8.8.8.8:53 | neazudmrq.biz | udp |
| US | 44.221.84.105:80 | neazudmrq.biz | tcp |
| US | 8.8.8.8:53 | pgfsvwx.biz | udp |
| US | 18.208.156.248:80 | pgfsvwx.biz | tcp |
| US | 8.8.8.8:53 | aatcwo.biz | udp |
| SG | 47.129.31.212:80 | aatcwo.biz | tcp |
| US | 8.8.8.8:53 | kcyvxytog.biz | udp |
| US | 18.208.156.248:80 | kcyvxytog.biz | tcp |
| US | 8.8.8.8:53 | nwdnxrd.biz | udp |
| US | 54.244.188.177:80 | nwdnxrd.biz | tcp |
| US | 8.8.8.8:53 | ereplfx.biz | udp |
| US | 18.246.231.120:80 | ereplfx.biz | tcp |
| US | 8.8.8.8:53 | ptrim.biz | udp |
| SG | 18.141.10.107:80 | ptrim.biz | tcp |
| US | 8.8.8.8:53 | znwbniskf.biz | udp |
| SG | 47.129.31.212:80 | znwbniskf.biz | tcp |
| US | 8.8.8.8:53 | cpclnad.biz | udp |
| US | 44.221.84.105:80 | cpclnad.biz | tcp |
| US | 8.8.8.8:53 | mjheo.biz | udp |
| US | 44.221.84.105:80 | mjheo.biz | tcp |
| US | 8.8.8.8:53 | wluwplyh.biz | udp |
| SG | 18.141.10.107:80 | wluwplyh.biz | tcp |
| US | 8.8.8.8:53 | zgapiej.biz | udp |
| US | 18.208.156.248:80 | zgapiej.biz | tcp |
| US | 8.8.8.8:53 | jifai.biz | udp |
| US | 44.221.84.105:80 | jifai.biz | tcp |
| US | 8.8.8.8:53 | xnxvnn.biz | udp |
| SG | 13.251.16.150:80 | xnxvnn.biz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 35.164.78.200:80 | tcp |
Files
memory/3468-0-0x0000000000400000-0x0000000000587000-memory.dmp
memory/3468-1-0x0000000002440000-0x00000000024A6000-memory.dmp
memory/3468-6-0x0000000002440000-0x00000000024A6000-memory.dmp
memory/3468-7-0x0000000002440000-0x00000000024A6000-memory.dmp
memory/3468-13-0x0000000000400000-0x0000000000587000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | c4189259b76861f00b2dd59edb67b73f |
| SHA1 | 11dee49456391cbaf06f517c82640c008b0187a3 |
| SHA256 | a73dda04477facd2e478877c2f159128531764c2ffaf9c1531da39979b684bae |
| SHA512 | d615b1ebd0cf447d2cbc4ca11b6e9510cb7110008326310e627d630254c31e56187809ca8cc22be2f1318e006a20a5cede4244dd4eef557233d452dbda4d3f22 |
memory/4744-23-0x0000000140000000-0x0000000140196000-memory.dmp
memory/4744-15-0x0000000000700000-0x0000000000760000-memory.dmp
memory/4744-24-0x0000000000700000-0x0000000000760000-memory.dmp
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
| MD5 | 9c0af8864c21d06844e47335661998b2 |
| SHA1 | 5e87f96147051764fae401e0f0b1d29577cfe069 |
| SHA256 | 4d59b656d2eea21527ab3ba06d5acb07e4605158f5f5b74e6e60f3d5eaf6277f |
| SHA512 | 42480d20fa3183b6e0b05043b1aa91f8f6133f8d17a49be5fb28872ac88706056adc2db1167b89aea1f4b082bfd839f30f0507e8e2ffed8e3d021fd6463c1b2d |
memory/3220-28-0x0000000140000000-0x0000000140234000-memory.dmp
memory/3220-29-0x0000000000D70000-0x0000000000DD0000-memory.dmp
memory/3220-37-0x0000000000D70000-0x0000000000DD0000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | d1668178147e6f6323bfe078ea1ee7d2 |
| SHA1 | 487ceae30c303234f9e6b978caa99e2973b24a79 |
| SHA256 | e1da1dd18f06c16e612fc5270fa585fc3ee8684ad8cc99d464f5bdf5d6494598 |
| SHA512 | 415b4eb94423109b2bdb53deab2bc2b65bc121be94425d3e1e300469d223e4d4c8d27ff1160e2413ab8512f3f6e2ffd84285a68dda9bb50f7819e5fbbffd94f6 |
memory/1008-48-0x0000000140000000-0x000000014022B000-memory.dmp
memory/1008-49-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/1008-40-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | a2c05bbaa5175a6f2537c4af02f7dfac |
| SHA1 | 09f1e951ddb2c6f89f0a84081876e1fd26a13831 |
| SHA256 | 26d83d9c82ee263a8bde94b648a1210e803bb012f240aa7c31b7eed7f19c81f3 |
| SHA512 | 392cb68860b84157a9771779b2846d56d1ebba7bc371114d147bf607f1eaba011be95bde08a4b94b6c23a23c45bc704d45d8aa75367b376dafdaa3b5c6c02c9b |
memory/5036-52-0x0000000140000000-0x00000001401BB000-memory.dmp
memory/5036-53-0x0000000000C00000-0x0000000000C60000-memory.dmp
memory/5036-59-0x0000000000C00000-0x0000000000C60000-memory.dmp
memory/5036-62-0x0000000000C00000-0x0000000000C60000-memory.dmp
memory/5036-64-0x0000000140000000-0x00000001401BB000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 89dcde5558e69ece3077c955cf66458a |
| SHA1 | a1069e168c6af40b2171c1900b1e6938eeddf318 |
| SHA256 | 499508b55407bd1e2b2f7f62b83a16491ba841cf153f1cef898c78b6333d31bc |
| SHA512 | 31f8e13ffddab686566d0e00fde76845e75cf10bcbf63a9a73c1f79be38567b9df67bbc1898c5f9f127ace6fb940e3d6b8b10995c4d819001051f4217f1aa67b |
memory/2772-73-0x00000000007A0000-0x0000000000800000-memory.dmp
memory/2772-75-0x0000000140000000-0x00000001401BB000-memory.dmp
memory/2772-67-0x00000000007A0000-0x0000000000800000-memory.dmp
memory/4744-209-0x0000000140000000-0x0000000140196000-memory.dmp
memory/3220-232-0x0000000140000000-0x0000000140234000-memory.dmp
memory/1008-233-0x0000000140000000-0x000000014022B000-memory.dmp
memory/2772-234-0x0000000140000000-0x00000001401BB000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | f43fca1eca39701a0206590b62f8cce2 |
| SHA1 | c445a2d68772563e898778b2134aafdf17498083 |
| SHA256 | 936533bb201d462f4f1df5f64ac11b42e1ae4f9c207287f6feb0d4b685ed8f47 |
| SHA512 | f7dd0ba056ae156e3ff7f021fde6e2a8a6de0e45c422811eea7b2b12e8f248880e2f6f013cdabd1b440664cc77c379ac7a799e8806e003eec63e33bd0019e7fc |
memory/3696-247-0x00000000004C0000-0x0000000000520000-memory.dmp
memory/3696-249-0x0000000140000000-0x0000000140195000-memory.dmp
memory/3696-241-0x00000000004C0000-0x0000000000520000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | 587b38cde161574eeae821e0f7ae4ab1 |
| SHA1 | 0ff82e59489f18622ced7247615e5b296bf32e5e |
| SHA256 | 47d472569aba3248a9ce8da99c2afb58a4d060b1738a94e5f933de72860a792a |
| SHA512 | 29d15e472f9dd4f584126d7210bd354c750c2a75521b39259fcfda566f6232a3456bb3fab92e93cbd24f09dc195afadefb412480911e5d19844ed96d67ba6caa |
memory/948-252-0x0000000140000000-0x0000000140135000-memory.dmp
memory/948-253-0x0000000000EA0000-0x0000000000F00000-memory.dmp
memory/948-265-0x0000000140000000-0x0000000140135000-memory.dmp
C:\Windows\System32\msdtc.exe
| MD5 | d0aa89b19e613710d0cdbe45ae45841b |
| SHA1 | f2fb63bfb81ee4515e8eb2958ba67fb0805ac0c1 |
| SHA256 | b6bdaaa752300905450e9a772b5f31258a64562bed5240d2c53f3a4c3af8784f |
| SHA512 | ffaccda821cb7625c7c2d58da9641aefc82778e5682147ed9f648d5eb45991cb271066cdf67ef3d40e75a7dcb9738a6a8cce48e36caaa8dfa46b6e754eaa2f68 |
memory/1544-267-0x0000000140000000-0x00000001401A5000-memory.dmp
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | e5265fb4c0cb95df0253345fd06f4121 |
| SHA1 | 1dbcb349d9906eede71a6e1102cbc9c47172f6c4 |
| SHA256 | 52b0c715cbb33819bc4106af3554029cd6a689ae68b96b4da377438a4d427949 |
| SHA512 | b0d0b9c3e88880c20f20b60c26dc215c94000a7725d98c262239637f17f3fe643da8ac340d83bb21c4f354290c1ac5aa611ecb44d85b3b8c612a759c4952df8c |
memory/3872-279-0x0000000140000000-0x0000000140197000-memory.dmp
C:\Windows\SysWOW64\perfhost.exe
| MD5 | 3304c9c1b50e702d7d83c2f26a9f4b49 |
| SHA1 | d2745e148bec4ae2e5c155846c46b74175815b40 |
| SHA256 | 5ff26f754e6f6ae2835408f159d5f1fbd179160e2b9a2e094e2a01396c253b9e |
| SHA512 | 1469d444db174625e3be3c8ec8c778abe5e38168296141eb1764a56f088e204cda332a0d38efa07c90bee3ec6c2123c1a8553593b0e3646544abf13d06243ce0 |
memory/4460-293-0x0000000000400000-0x0000000000583000-memory.dmp
C:\Windows\System32\Locator.exe
| MD5 | 61ddf629e1cdd852584d0d404459c636 |
| SHA1 | e5508146546c60ec84ec907f5ec0bc4fd709531b |
| SHA256 | fa1cc65448c08ea07ba0e72d43b83bee49f0c2f40c25104c9fa48ac13761ed10 |
| SHA512 | 51f6802673045abc788cfabfa4b186adb34a887ca9d185304744131e5ff4f5c978496cf6e0217e173d11d2f2695e84a012493e4ab832dc07ec2f69287e92edb9 |
memory/4980-303-0x0000000140000000-0x0000000140181000-memory.dmp
C:\Windows\System32\SensorDataService.exe
| MD5 | d823007b9baee908f3a8bd49f737ad1a |
| SHA1 | 0c76816cae6df960a0b0152df119accc310aa357 |
| SHA256 | 86055a9289973d9a658826fcb604c6c33bcdb5ef43ebdf037bf7bed9544306d7 |
| SHA512 | aa166dc93db159efc68698bcdce92334e9a95224dd34be3889a0930da2a753dab721cd4833f515393889b45ee057763cbb70a426816099631c2e6b5191614c85 |
memory/1560-314-0x0000000140000000-0x00000001401D7000-memory.dmp
C:\Windows\System32\snmptrap.exe
| MD5 | 06fc7dcb5a1948974961a92357087ebb |
| SHA1 | ba1e7f54a78383d01734666bb0fd6235f2c34885 |
| SHA256 | 4e0244cab61af8ac6e290b4cf39430c57bfbcedc744163b221e48229e6b7de08 |
| SHA512 | 63ac8c724c81caa3d152e1a9ec466b9bd35bec6082cb5be1b7562d2279720c35b5be24165986c1895a3c8aed26573e806d61147082814d206c94cace4a9d74ce |
memory/676-326-0x0000000140000000-0x0000000140182000-memory.dmp
C:\Windows\System32\Spectrum.exe
| MD5 | 042a0d4f2a8aaad06d8cb60aa593fa53 |
| SHA1 | 11a0b8c645a0c8a1a3b0c6aeffae9be24b8007e4 |
| SHA256 | fb084e2f17bb5278b9c479084c60573ff2a9d1f080d0562e2173ee8bc7fc3e7a |
| SHA512 | 88d6302d13a605b9c5a4c40fd44f7a8de150acf806e62b722e2adcab5e6afa5dda51fd70ad88cac7397a0c2c9ae662759208a2ea4d881405b3b7e157ae18641f |
memory/4324-337-0x0000000140000000-0x0000000140169000-memory.dmp
C:\Windows\System32\OpenSSH\ssh-agent.exe
| MD5 | 3379e24b141d08f782dee925c5903a06 |
| SHA1 | a289d3536ae843692b0314b5888d440d1bacd3b0 |
| SHA256 | 90c9a702ba481beea6c145c74411fe8fd779b7240e6c348cdf2cfb799c953439 |
| SHA512 | 0eb56b64af7512cc9f82ad5d6ae6d85e8383718de38930cbfc85277530673619c9527429f49035ec6844243da7550f36395d5d83ca93e6ab33a7887ed74dba16 |
memory/3984-348-0x0000000140000000-0x00000001401EE000-memory.dmp
C:\Windows\System32\TieringEngineService.exe
| MD5 | aa00a354835f04545b94405d4823866a |
| SHA1 | 817218ae756d69a9b8dc0cac2b1aafbfbb46a48c |
| SHA256 | 81deed5078deb4a01dcea5a3d8c0dda27a5133f3138bd56caad8d3c99e9114ea |
| SHA512 | dd185a36e1f095e5735a1afbf7d2a7b7ed5f60acbd2e29f09de066765ceaf110dfdc5419cd4d0be5e84ee51a9bdf7db86cc4932d124af8d7eece3320b428bbdc |
memory/3696-360-0x0000000140000000-0x0000000140195000-memory.dmp
memory/2112-361-0x0000000140000000-0x00000001401CE000-memory.dmp
C:\Windows\System32\AgentService.exe
| MD5 | fb16e829412a5dc7183c5f31862b1575 |
| SHA1 | 4628f7847307c1fc2766136712040b5d445a9eeb |
| SHA256 | 2089d6f51e4fb8e8d339fb4a136621219204bec07a35d2215b0e2f2f98fe8de3 |
| SHA512 | 817e0335df94d01b339b6b18cc1d8a59f566c59478978e0ff5924e7b9845b4ccdc13c3d06c98b8a96621cf309c43747f18c66b27825445a60c57f7aad87d0eeb |
memory/2284-380-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/2284-384-0x0000000140000000-0x00000001401C0000-memory.dmp
C:\Windows\System32\vds.exe
| MD5 | 16870a6401718b8f79b992b031cc9cb2 |
| SHA1 | ed00b1ac77b996b4a6145431a4eb06b9201b3680 |
| SHA256 | ecd63bc343a25d84375337d17715158d29bc57cca07dbf63bf8762d9bcb2f0be |
| SHA512 | f923d718c3c8c543cc4e1bb21ac00fff686edf055ed59a15e2f9a0445cf2b7282d198d94481103ce3ce1e52a5e3b5fe3718e6b30d2a9f2eafb7618231f883249 |
memory/1544-386-0x0000000140000000-0x00000001401A5000-memory.dmp
memory/4884-395-0x0000000140000000-0x0000000140147000-memory.dmp
C:\Windows\System32\VSSVC.exe
| MD5 | 6bc1f68a6792fd125f26fb897825f736 |
| SHA1 | 30eeeb29568143fa984322a045b1d0b4bdc64dab |
| SHA256 | 272d2187aee9bd659533b47ce0634195a86725b482127854b0b6b0ac6100c949 |
| SHA512 | 9418a1e4f812cbc4ce6ee78814c97f2fd0e8eb3d798b26600654988d4bbe40ed7dac0f874dca3bc982e4778c3e2d3d2d01436d746e5aa806299925752d169d87 |
memory/3872-398-0x0000000140000000-0x0000000140197000-memory.dmp
memory/3900-399-0x0000000140000000-0x00000001401FC000-memory.dmp
C:\Windows\System32\wbengine.exe
| MD5 | 22491e8b4b1bce3cd8c8ac9ee5bf7f5b |
| SHA1 | 690107fd10bd803edddea3ac758babd9777e1af8 |
| SHA256 | 8be71cafa33162bfdf948d2e174d49a22bf164c03d0b7e7f1b24c8d83993a97b |
| SHA512 | a3610dac5a20b77802582bdf22869df00b8a595b5f702ac1586838201081e83e58b228fc16f8d8c8b382b36cb1705652da789d8b8640f02eda5b3ac2576cf93e |
memory/1480-411-0x0000000140000000-0x0000000140216000-memory.dmp
memory/4460-410-0x0000000000400000-0x0000000000583000-memory.dmp
C:\Windows\System32\wbem\WmiApSrv.exe
| MD5 | fc952961f499a37b34c198c0f38c3883 |
| SHA1 | 41c15ec9bae8bb1d0de4bb841ca9a916c68d4b91 |
| SHA256 | dfa2a20c5f14ea5c8760a4b9c77270c4bb302d7bf1133ccb139dc034998935d5 |
| SHA512 | 51dff9689143e99ecb9af43538768a8b7120fa8580184f58d3d021e9831345725de7b71fa734502418b750c782afb2f314b2f29fe422220e39918666ebdf3216 |
memory/3884-423-0x0000000140000000-0x00000001401B2000-memory.dmp
memory/4980-422-0x0000000140000000-0x0000000140181000-memory.dmp
C:\Windows\System32\SearchIndexer.exe
| MD5 | 7a8ad1642c2a660bc784d0672a979254 |
| SHA1 | d922c9f17073e9123f24524c909137a9e0284403 |
| SHA256 | 98b11666d1582510f215c39f104f0891bb43981094f5bb62e31e6fd54271615e |
| SHA512 | ae78f2b2d748e19a1f6d4a82e437277cbc65d65b98203888b79049850edaefa8eed0feda62c9b631e28745134f2a5cbee76bc1b0f9f7039b23e2d3c5bb35f090 |
memory/2288-436-0x0000000140000000-0x0000000140179000-memory.dmp
memory/1560-435-0x0000000140000000-0x00000001401D7000-memory.dmp
C:\Program Files\7-Zip\7zG.exe
| MD5 | c74c81adc3a8f0fb8e02aa981be663b4 |
| SHA1 | c569516654c8f6fa71817d1f6b844b5a86aac57f |
| SHA256 | 6ffef07886593f67616e981ef89ef58e0856823e4f50277a346cf598609e4a7e |
| SHA512 | 28da6921380950d00dcf8cf95a634a73e4e057f7f725786305e3e8bc161ef9b6dbdfc3e7d1c157a2215f88ae2c7c554256cef2fdda661c8996a8895230774484 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 00534697516f38a483439e3572194cf8 |
| SHA1 | 78062543ef516724ee29dd5970182a3b1d2a7e58 |
| SHA256 | 0b38d6b2b85c890272b85313a89818ae4b897cb12b7100f361a50663507f79d8 |
| SHA512 | aa35ae625abc83d440c0cc1292507608b33d913df75859a2df2d7923a0cd6f55bfd76882bd9ea0564157d3ae96dbfd676b223e4eb75961c7c73f616eed141516 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 6f1ebbbc7760fd2c6d3becb970164455 |
| SHA1 | 41a1c226d2a06a891309a5c63d80c520fd156abe |
| SHA256 | ebd8b3e96dc1f471c306303bb4e6de854eb7aeb44694fa9a2b7fa143839181bb |
| SHA512 | 96e248cc47745a4d931f7617ad80bc90fccd6548fe1fb998dad3f7b8ccf81925ebd8101e7021bc420c5c60c382aa8100ac3658be28b319e589dfd3131a43d2bf |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | bde2f48dbb14b4cb5d014d1926bffdb4 |
| SHA1 | c2bb6b6a94b5bf28318c0258e5aeb44019a47ad2 |
| SHA256 | 1c05b04ae6f4b44e2dc4be51743e3e88007c8d2738e4887daccf55be9c41198d |
| SHA512 | 17f2519a46ffc9860dd0d7e4b357217a315d6ab00939df907d2256541fdb72dbf6f079be6578edcdfb63c83c63bca0dd4abeae44cd9f27acd73f86b9c9cb1c2d |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 2dd49d91579b951768e7b481c52f2d6b |
| SHA1 | 5daaa340a80ce31b333722f67cc845efc04fad37 |
| SHA256 | e31c087a6f6d04317a4d6d6606ea3856f1d320d62821ac2d92d068c8976b12be |
| SHA512 | b4e306733e032bfa800fb6aab04e5ae9982e9386a960bb66d6d63eea78c273ebe577ae54aad5bedef7c35130c7c83a8b116a86e649cc73e311bdbadbf3adbbc0 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 76389488c152c72a932786a3655d0d48 |
| SHA1 | 99eb30286de2f6cc6f2c5039c9d40c544e74b22b |
| SHA256 | f9ff883b79ae7ace0d17174b1f18f1cc60cd8b448c583067b0f63618198a9280 |
| SHA512 | 8e05b49602a52253080e7f15a70dd308b42412cb54b2a2690f4f9c2485655bf3253f198bc909754732ef577579832a9cad84a87ac9cf269ac91bf8ddcc280251 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 6813dbaa5a9a68928ad63aaebf7060f7 |
| SHA1 | 423e1f37f31dbebc552223e27e6a986211ef1e5b |
| SHA256 | cb42a7d97b31141a41230272177731d99b8c5f28c7509fc7112bf94e61c67eba |
| SHA512 | d8edf5c25b8d29d8562170ec99d5669c5937453aa2c9177fa331dd1f9283ca8435bb3f419f5226add8e430d74d6e2107f81070546ecfd60d63caa6b8e91eb8c6 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 710c609c799c7ec96c16a3647c173787 |
| SHA1 | 932b0165103d9a3b81b06d4c97b45010491dbed8 |
| SHA256 | 38e65ffc8c07bc98e0028558b9eb094ac01b745304a4a9aa619235d294e93c8d |
| SHA512 | e5a2c31a690cde730ca11bd6acd34e8352c3b4fb16bf5972f83644b2b92095d9aba63a2eb8b4718188ea35f849ce278c93ae63fa02bd7b592046a26bb6eba6b4 |
C:\Program Files\7-Zip\7z.exe
| MD5 | a0ac1d4eb0923cd7863c1104d39bfd0e |
| SHA1 | 1af039dd2b3f82dfe97a790038b397bb674f37c2 |
| SHA256 | 6615ec9b40e2408245616848cf3ab53f54fca725236adfae6b0c34378e0cda34 |
| SHA512 | 34b5c7777e6065f2928e8d6b2fa7a3f7c4674e41e8e350bbdbaeaefdeb06d15599288ae79240beead6f4c728e1cc988682c4d48be3dbc80ef8e0a243e234e441 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | ef9f9ad909c290e86488542c8a9d610b |
| SHA1 | 94aca32ffd0f363cf7aa4847ffd3789a8c50ce70 |
| SHA256 | c543eefd7b15eff3fca99e38146ec7f90b26a6443606dba5c118aedb7b6eeb85 |
| SHA512 | a068af07f6a440df5c417682ec938572a4886d5c54a58b6271e97071a89f705614d8b5f65d9eb0ef3f1e9b6fcfcaa49d777e5c84b074b5540fb6a08721d31609 |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 77300fabf3b4daa811f43dde2e66b960 |
| SHA1 | f9ef4a96510d045cf9390c40b364b77c94ef8810 |
| SHA256 | f2e8860005ea5d35d306717274d8fc2f433dd3cf755d2354c61b653414be237b |
| SHA512 | eed983526d78913419b393d6ce23dbd9157b40e4e270266b935b28e3afab8f9db88e1d5ccafffddbfc1ce002f0adf68a89d04602136f18cb429cd146b07b644a |
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
| MD5 | e453f42d9168404c796ad013f5aabae2 |
| SHA1 | 28f911e435558c7db66d095b7ebd5dc14bc3fcbc |
| SHA256 | 8de8bf5e2a650a3118402e54c8b128f248509abfd759cee9f83107c3ad28b754 |
| SHA512 | cc340d07bf780a976ca29e1fc94781dba4d493a73c8b6d4cbf7fc0ed144ac6f90bb2d5647e10ac289da01ee03293a8b3be10a9957eec8112cdcb35aa91aab4dc |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | 10ddac35f4ef187c72482ce201fb1a4d |
| SHA1 | 25fbf09e65410ea21ad05985f332e9615cb3168b |
| SHA256 | 25f2086367f138100b4c0fb102614d51501346fa7363147996bf852b791a84b5 |
| SHA512 | 118cc9eb414a979dabddbc068a7619918cd18b55571dab5bba0e3579299f71f9963e6218321e36a4fcd2f38f68b0085b945439fb0b107e94d334517e35f4eb8b |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | abeffe923f3b5025b7bc6a3f6329a4ba |
| SHA1 | 1834056c2ad55cd375580dcdecb7dc8f9a0ae977 |
| SHA256 | 5960c3a8218a0e93c88240d2e2a9b55947e222257ccfce59da22765338306ea8 |
| SHA512 | 5dd2fe950c2fd554367c4c74a0650bab2714ec4b59ca74a4680d298be3af345203845095719a9214e0d6f73b13d9d1a5720b9ccb2b773c1395aa1184c4902164 |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | fcbb157fd9926ad30755c659d0188445 |
| SHA1 | 720b9380e3f2626cc75823c557441a8276ae9c95 |
| SHA256 | d091327a6ae455adb48cb47fc92eb970685c0864f740c2dc3cc78b37a6a97ca1 |
| SHA512 | 03766a4f95295f2918f55c24998c8bb478be9adda0ec5bc1677e8b24ba7d0d870d1c2b481c684f51e8784d64ac44a5926ff0cf1ec4dde399de277fc380e2773d |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | af0fc12eb62fe258e6d5c46e52a339ca |
| SHA1 | dcd9a91fc4c48fa7712e0b61ac32f9d856061652 |
| SHA256 | 6056d6730baa8236fdc3ee1a6228054ce45a283a555c4dfa295b338edc719c1e |
| SHA512 | 0e390cd625aaadb20f684523d645312d9f9863b02ec5f185df95c15827fa74819c2e7a243d8e396d4ec3aacd5e776a84d20f88fde7c1acaaec0da19c143bdba9 |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | a77814a4dc848c8e29c6da1134b9a1e4 |
| SHA1 | 9a218ad06554760a390a610c39896b8b42b5473a |
| SHA256 | 1763f963ffea1e7d77aa4b3a384e8fa57f49fa0af0e386c4f291a6a3fa29e1ea |
| SHA512 | fa62ed3c3b7479cc8c4479c292548bfb86fdb60d3b4fde0ab0cb48d3ac32d7f6bd4b5599b24ccc09a5715d55099163b76aee84e2dcc800b179831c98970fab8c |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | e5f5b1d199f21cc3056f33066482ec1a |
| SHA1 | 329e29d633cf6074892af103630302a22106e6bd |
| SHA256 | 2c2f3bc68c895212f64ee8ef1f0168f4ba772d013c0a2d500a4b1d41bc4301b0 |
| SHA512 | c36275c30d41db5bf0b543c664e9d1790ff6f37cd2ffaa1089bca3c09e0fc6211092d3cbaa29ce7927b614b86ae8d8713abf185e571395c1e56cf72420d1bdfb |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | 0ab279370911bc658279d265a2ae39f7 |
| SHA1 | d2b9a855ce27a26ca843e4ba43964d42d3c6c801 |
| SHA256 | c77cb1ff8b79515ec3ca304bc79041f61caecdb1a73e07dcd79a5dfe7c201a9a |
| SHA512 | 507382074ab60cebffb552f674d382fe20fa2fb0e281567b20539dc3bb7ffc47721f312c86e5fed6bb26a6b7f56a4166f88060268866aa234f7f0daf5b5c82ac |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | bd42705121660706273b68afef1c2519 |
| SHA1 | 01af966dcfb493bb191b7bfec52f7a1815e6a80f |
| SHA256 | e92e308bc36d8278eed47ed31226c3a1b90bce50db9d473c29f373dceb2d3dc2 |
| SHA512 | be0b89a6a94ee210d5e99c082d8468a83c6dccde6f7ae9e127a125b99d2fadf447e2941f58e85915c3063d20518874167749903f1f9cf08e06ef06ab064209d2 |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | b0388e71d78bdf44cf0a68261041c63b |
| SHA1 | b67ebce6b8c94a3c256c0186160a8c9fb99ddeeb |
| SHA256 | a1addcafed659b0e8762197739c5d882757d3c738bda1b232fc367c5c48c53a2 |
| SHA512 | e0da8c457f803400b6468a61af6a9c6625ae4f9ac5c43a841f9d162b8bc7c77c0427122ab8e157d3cdd81092b69bff3665caa4cc5f99a9e2675883829d41a778 |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | cd70765215654f7d78601299b203e09a |
| SHA1 | b4c71aa1928256a1e72ee50d5e9adb3cf084fbf3 |
| SHA256 | 19bf090a0b3732fef23ef8a4bd664666e4c43e248800b79558a01dc6dfc3756b |
| SHA512 | 056fd0be1f636e7ecc22462fb71f007d747b52390b02066928a84a69a4275f06f3c899d4d0a5a1665abb237f845d7d2a7cd9e029415f40ac3d8503f44ab30bda |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | eaa3f5123d6f141fbf9bc5e02e29aae8 |
| SHA1 | dc18a2fd2bd6a56dd47d8d1ee36bd97f0adfe2de |
| SHA256 | 730188f4426e856cf954d23b337354b72240899f7be5955aecacf9b211157a4b |
| SHA512 | 7b0c927d71568d94cf5ddf9b7d6defecfe82b4a00d9de3be72227f64ded872250be877500cb3f5f13561e4da1c1ffdbdb7f754d465db64f37b3f594191fed9ec |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | 9071b80cb31f72730c1203bb9f0a5ab7 |
| SHA1 | c4c4cec54290e98d13bb12aa30004ef4f60bdef6 |
| SHA256 | 69a8e22a52e1a719c7227fc43a18368e67cf5f5cce388180a8ee5f6b9f74efaa |
| SHA512 | 5894a3ea37de9c7c4929fcd2ce2da5fcb1690776cec4e635e1d5470c5d40083671646ac3d06ab7677f762f346293841693b55d295ea50cd154bf7351ead6e80a |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | fcf5fb890888d84d1e19a401e55360e2 |
| SHA1 | f8ef04d18b00cc2c954fde6e112563b2c318a389 |
| SHA256 | fe7498db89acf07437abc3c26c931b4a2bd699b2515e1dcd0453a0f30dbfc572 |
| SHA512 | 2b3f5c2ecf0620e71d803bfb7b4749cc690f8f40662ab7a28c55f2ba823fbaea81c6f0e2b972ad74285be5d0c7c180006705701bad9a4da7aa60ee83ded111ea |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | 61d8593d664dd64cf839ad81a3a66718 |
| SHA1 | 2c25dec811bead1804dec1f9da867d0db46d61c5 |
| SHA256 | fa9687f350f10194544c167fbfeac6da4bfc9ed2f647578da63ace473662fe55 |
| SHA512 | 93aa9943bb481c0c0d4e307a01013f47ef1bfcecb9f98809711a4dec78a20bcb0550850d14792640cc78c307ea0f7672375cc8dc5df4a969a131bca0014f3903 |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | 506c8d925d27b26f344f9366830ac9dd |
| SHA1 | 34c97a0cde6b8a658c29d5dbc409d1f237d14cfa |
| SHA256 | 95ce5aaef99563da583792b324f890ef1aa932b696aeb6cb240d0968a0eaa860 |
| SHA512 | 87dac553443b88599fe260062bd54382030721e67757cab8d69025e66a8f76e0b7678370cbc11b8c39e52cea60102793abba87fe3f62845a642851754d61be7a |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | a3fda418d221ddfa16a30c42ac48fbaf |
| SHA1 | a9933108f090a00e681930bc6c28f660f0f7cd1a |
| SHA256 | 58440e4416117d06f866dfd70c1ee54973ce3eb693dc7fea6554c9af79cc322b |
| SHA512 | 9d3b5f6412a43e2fd833d26272e9c4ab4a2ac39e6adfef1c000d762b7bd86a80ebedb0270066a4a4b9a70b1a3fc6f5130d9198a5c12570a2f903b39afbb8de2e |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | faa2219f11ffc2cbf67cacfe4fb68d93 |
| SHA1 | 4487ec8f120f387a2b9682a3e10215692ef8436e |
| SHA256 | fc7cf656accabf146f15943355fcf9d1f935fd13bfb6eb7700de4e030156fe9b |
| SHA512 | 7d6923a951ce08e0ea07fa83dd84589fb33e968a989addac01e6bc133f8df772f872a51eeff3b9d432b09f7fb989fa662d0bc7e70099c6321ee4f60aa5f2c199 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | 014829afac5991005d9799b0c5370f3b |
| SHA1 | eed713a3a51b5c4a993f1b5ea723db4908db528c |
| SHA256 | 62bad4bde57574757d5fb3a4a1ee510783b2dce20bd5356a6e0b9f88c760eece |
| SHA512 | 5c62430f81d2641106968990fb42c1209be1098e687f0415aec9489776cae0c9146f328bef4d649bc3a5dbc861fd816f6e542a037d00562c17700244bb750b2e |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | c4b54db849dd0322d7af18a0434a73bc |
| SHA1 | fb8fd46e91b9f7c1a6ce73112bd929fa449514fe |
| SHA256 | 2efd06162888a443203a0ff78105b86c38415dcacd1f19fd7ec3f9d8fa30e6e6 |
| SHA512 | 7f88e241f4c2206826c1793380de3ad38a56fb5ce6ac3a75ce36774e7e6f807b82a90c654cf40bb2d3e17cd56d9072f78431e18d71fbfed741e7019561441253 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 1656cea55d2dc86e3e6cac7502ac3f80 |
| SHA1 | 1f32edaa52df23e390f198bab88cf7e43013c595 |
| SHA256 | 9b7aa3f0c7a9f4839cea52dfed8ecd79412418f2af0595c4269e9df14082d37f |
| SHA512 | 1559cf437f2d971fcc0c46a96ee48c472dc7a9e175d2c42ac7ed95014497de29bcfdd3f3de37cf5dce15597f12daa617b26f07d55c32a1d23e1974f31b62eecd |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 1613da2b883c6e76014231c6a626d1ad |
| SHA1 | 3b6853c52a3283ea08942ef977ebb8f43293d015 |
| SHA256 | 8d1cfa4f6b84cb9cbefdc10c9027a2928a549b65e32de5f85fbf79d4e0e1bcfb |
| SHA512 | 6f51cfaefce7136d0ba5a83b014396ebf7fe45d18a9085626a2ee53cb385d591791887ec7cf646c18cc60726e38316d0d8429e3464e1fa14f194e9f4eabf0b8f |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 6387b89ec9f7f91c046d69a51f03a065 |
| SHA1 | 502ede3cd9608018f4fb368fe51209397aca8ea4 |
| SHA256 | f33558eb231bdaf7698908c9b30a7df335eb920c34eeabe07a60c17e1e42b303 |
| SHA512 | 83b627b204646c7c4f60aee47f65d3eae175fdcbe06cc3c3d4444945923e57836cbcb73dbeca041cc0f123f27b2ede1618ad8f2c8ecff107c0d8bcd9ab724bcc |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe
| MD5 | 2e0e7f566102cb6cfc3ab059c0cbcdef |
| SHA1 | bebe90640b460607434be04d54430393b1049ff4 |
| SHA256 | 25e6a121b1916aec404503396a3d2f3f5baa88106a024ccbc449fcf02938431d |
| SHA512 | 5f3c1f47f538cd4dd69bdbd9bdd7edc8a2d145a5859850f988544dd10ae24b205e7a4797b8d3f1b7fb2b81988bac5dfc3bcd706092e77006de06a350356a88af |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
| MD5 | 62641dba56445661d560957fd75d43c9 |
| SHA1 | 457a344beb759dd93aac225ba7fbf887536c620a |
| SHA256 | e8b3ca30b33496a77ddae6c095cb265b8f5c1d2829e3de580cedac1c64d7409b |
| SHA512 | eb96dccdac81c5a694ffb48c145fb3758afc07251ef5958b845f5fa5c030476865af762b6eda2dec0ed027f82ec91b1737c40e2595b4695e71a1fd4b0433961e |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
| MD5 | d403b0c9df08bbc0621eebb6ddad96c3 |
| SHA1 | 0b6e03cdec585a0e5b56c2ebeb0515b340a2ffab |
| SHA256 | 107b223201196ab308e93ffb253e3b0136a2928261f9afdff221ccdd4d221c83 |
| SHA512 | 322421e9733917eaa742fa16d467ada1efeedfbb06b115eb698298bf56b1f648db00303b833aab97d2085c8a42eece2ae5c9fb4b5ff610d52a01683f019feebc |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe
| MD5 | 7a9ffe5e13510a5fb735d6ed864231d9 |
| SHA1 | 0c19215b1313415f8470e9739c5cdad7deb06fc7 |
| SHA256 | 612b140dc9e0bb9be3b33942d79c61c9c3f8de21fe1afdc63d800051b096dada |
| SHA512 | 9232e5699b9b9daba10376a3fe89f82606d67a2d9680e76fea86d9367a5a9a4988d168c433f0e41cb98f3be1f725951cd5c706bd3f8644a877d08fa95a36ed91 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | cb872abf7d04331aa5f4031175b7fbaa |
| SHA1 | 7053f6f3a2828542fd6dfae013e5c5c527d4d255 |
| SHA256 | d704cbc42f69dd11bd55b380740c0a869a52981190df886060a4dbdc7d151f1f |
| SHA512 | cd2dcd7abfd25e10e36ec93faa5a10804b58537ec2a4eccb5afdaac125fe656ab33699513d9f7c2583b8623b3fcbe0102d1ed40021065cf7a2a91a57aa52a05f |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | ff94ac050b57bb95752b67b6b896789c |
| SHA1 | 2c124a065657dc70aca33f2bea710c0bb5dd4522 |
| SHA256 | cdf6219a3cfde9c2c615f0b48beaa9638a96f12e8f6d30086fbc1f963ebcbe53 |
| SHA512 | 10d6b8c44f3da061c9beaaa9bdd962c901a204dc603a716fc8c1d758ca39591c91459c44da966a0e4dc194d2865a2f60838a4d2979694443a6ea6e6fb62588de |
memory/676-519-0x0000000140000000-0x0000000140182000-memory.dmp
memory/4324-522-0x0000000140000000-0x0000000140169000-memory.dmp
memory/3984-523-0x0000000140000000-0x00000001401EE000-memory.dmp
memory/2112-558-0x0000000140000000-0x00000001401CE000-memory.dmp
memory/1560-583-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/4884-626-0x0000000140000000-0x0000000140147000-memory.dmp
memory/3900-627-0x0000000140000000-0x00000001401FC000-memory.dmp
memory/1480-628-0x0000000140000000-0x0000000140216000-memory.dmp
memory/3884-629-0x0000000140000000-0x00000001401B2000-memory.dmp
memory/2288-630-0x0000000140000000-0x0000000140179000-memory.dmp