Analysis Overview
SHA256
8f5a3774c6bc83952ef19083557a12d9fadc818d14a821217301d08ee367c794
Threat Level: Shows suspicious behavior
The file 8f5a3774c6bc83952ef19083557a12d9fadc818d14a821217301d08ee367c794N was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Modifies data under HKEY_USERS
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 23:04
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 23:04
Reported
2024-11-08 23:06
Platform
win7-20240903-en
Max time kernel
92s
Max time network
16s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\8f5a3774c6bc83952ef19083557a12d9fadc818d14a821217301d08ee367c794N.exe
"C:\Users\Admin\AppData\Local\Temp\8f5a3774c6bc83952ef19083557a12d9fadc818d14a821217301d08ee367c794N.exe"
Network
Files
memory/1916-0-0x0000000140000000-0x0000000140179000-memory.dmp
memory/1916-2-0x0000000001C30000-0x0000000001C90000-memory.dmp
memory/1916-12-0x0000000140000000-0x0000000140179000-memory.dmp
memory/1916-10-0x0000000001C30000-0x0000000001C90000-memory.dmp
memory/1916-7-0x0000000001C30000-0x0000000001C90000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-08 23:04
Reported
2024-11-08 23:06
Platform
win10v2004-20241007-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdb.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\servertool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javacpl.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\orbd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\unpack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jabswitch.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\pack200.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\policytool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jar.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\keytool.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ktab.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\unpack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javapackager.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\keytool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javaws.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmid.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstack.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\private_browsing.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iediagcmd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\policytool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\wsgen.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Install\{86586A1C-7EEC-4BB2-AD86-7C1FB3D0D811}\chrome_installer.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\ktab.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\serialver.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\pack200.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\servertool.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ExtExport.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iediagcmd.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javapackager.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\klist.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ExtExport.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jjs.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Users\Admin\AppData\Local\Temp\8f5a3774c6bc83952ef19083557a12d9fadc818d14a821217301d08ee367c794N.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Windows\System32\msdtc.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWow64\perfhost.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\TieringEngineService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\TieringEngineService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000005ac379bf3232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000003ef2e5be3232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-194 = "Microsoft Excel Add-In" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\wmphoto.dll,-500 = "Windows Media Photo" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ee312ac03232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000022764cbf3232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000008a6339bf3232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\msinfo32.exe,-10001 = "System Information File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a98ee3be3232db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4340 wrote to memory of 4380 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 4340 wrote to memory of 4380 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 4340 wrote to memory of 1208 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
| PID 4340 wrote to memory of 1208 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\8f5a3774c6bc83952ef19083557a12d9fadc818d14a821217301d08ee367c794N.exe
"C:\Users\Admin\AppData\Local\Temp\8f5a3774c6bc83952ef19083557a12d9fadc818d14a821217301d08ee367c794N.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | 107.10.141.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 172.234.222.143:80 | przvgke.biz | tcp |
| US | 172.234.222.143:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.222.234.172.in-addr.arpa | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| SG | 47.129.31.212:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| US | 8.8.8.8:53 | 212.31.129.47.in-addr.arpa | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 44.221.84.105:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 172.234.222.143:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | 150.16.251.13.in-addr.arpa | udp |
| US | 172.234.222.143:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 18.208.156.248:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | 200.78.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | 34.10.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.13.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 8.8.8.8:53 | 45.97.211.34.in-addr.arpa | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 18.208.156.248:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 44.221.84.105:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 18.246.231.120:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 18.208.156.248:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| US | 8.8.8.8:53 | 120.231.246.18.in-addr.arpa | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| SG | 47.129.31.212:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 18.246.231.120:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| SG | 47.129.31.212:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.94.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| SG | 47.129.31.212:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 18.246.231.120:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| SG | 47.129.31.212:80 | rrqafepng.biz | tcp |
Files
memory/1116-0-0x0000000140000000-0x0000000140179000-memory.dmp
memory/1116-7-0x0000000002020000-0x0000000002080000-memory.dmp
memory/1116-1-0x0000000002020000-0x0000000002080000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | 7d77b071e1479fc9d02b243a72193e5d |
| SHA1 | a67fa83da2b9660673df737e226cce52065475fe |
| SHA256 | c1f67cfe95f73ad152f5778b588912f7d8bf0ab2be5e1d5af99de330f079e455 |
| SHA512 | fccb35f2618773816861bfd2b610f7f19daa589fabe5cd2d6d91793c4f4208a24674eb9292ae10ebbad8f3c818fa496fe122f331b78acb728d93181cd4eb0a8e |
memory/4476-14-0x0000000140000000-0x000000014014B000-memory.dmp
memory/1116-15-0x0000000002AD0000-0x0000000002D40000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | ac34b46df1e6a896621dbe0371689a04 |
| SHA1 | 1e02639d420b6d265ae865cf6defdca5caeca0b2 |
| SHA256 | 0e47fb6ce52c848163d95b3e7d9a32292465e9b84b216bbcd9596be231c7a930 |
| SHA512 | c93f4669c8e42728b0564c6126000627fb34e8b328e7059defb374b875ab2a49335d6004e3436e6be9ba43442a8d420e8ea2f17c6e6dab6ab943ac7cd92fe202 |
memory/740-21-0x00000000004C0000-0x0000000000520000-memory.dmp
memory/740-31-0x00000000004C0000-0x0000000000520000-memory.dmp
memory/740-30-0x0000000140000000-0x000000014014A000-memory.dmp
C:\Windows\System32\FXSSVC.exe
| MD5 | 881680c0d1bf028da873170b3c98f6a7 |
| SHA1 | 98d326458321753d44f3b0ceb191f633f21b2faf |
| SHA256 | 0006dae6a11988043d464917ddee9ab6cb0d64b1da08a9e68b5d655e53965805 |
| SHA512 | f7f43953f308867be85b96df36a6b5a15f6893dae60dc9cae12cf14a951ff3bfba3aadbee1ee7708de8253cb2cf96ed8c4cc82e8cae00568359148f661bc3c7b |
memory/4436-40-0x0000000140000000-0x0000000140135000-memory.dmp
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
| MD5 | 3758c3d3db45de426cdbf888072f4562 |
| SHA1 | 9f82d2d8ee54603e9ea9bbf38c3c02f09563871e |
| SHA256 | 5ba75d230014fabe01170f00f139f895ed39fd27edc3babcc11d51dfb5dee9b3 |
| SHA512 | 108dd36331087ff090b601603c266efda4c3d837de6ac8fc40442622040dd1df35fbb7ab98df1692c653e216b5ac96f4e747499df9786bfb1740532f65cd42c2 |
memory/1124-44-0x0000000000CB0000-0x0000000000D10000-memory.dmp
memory/1124-50-0x0000000000CB0000-0x0000000000D10000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | 9dfa6781eb9df19c320c52220eb3822c |
| SHA1 | 8969d3c229a51bcfa724c21db6339d03cf3f297c |
| SHA256 | cdd49b8e330d029c04de721c0aaa437b222c20d048dbddfa79b92d470e1a7e68 |
| SHA512 | 1876a7fec9be86682e2a1dbac44b22c8e947ff458ea592becfbf6cbb17185186bc4ec667aa0606c550bd486016af9e4979b5a1967d69bb350d59bfcda2b31e2b |
memory/1116-57-0x0000000140000000-0x0000000140179000-memory.dmp
memory/4436-59-0x0000000140000000-0x0000000140135000-memory.dmp
memory/4296-70-0x0000000140000000-0x000000014022B000-memory.dmp
memory/4972-84-0x0000000001A90000-0x0000000001AF0000-memory.dmp
memory/3476-96-0x0000000140000000-0x0000000140170000-memory.dmp
memory/3476-88-0x00000000007E0000-0x0000000000840000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 9aa0eb17373d349a26d5c9a3bd9d9bed |
| SHA1 | 2c01835b808ee41bdb506b6de9a41dcb13e03d17 |
| SHA256 | 3aac8a4a4735ba910e75b5c3c5937080d5ce356a57cc539ea140230d4a3ef3b9 |
| SHA512 | 071635e1f9558dfaa3019cf3ecaab6a3216e45df6aa6aa63b9cf584d178a314c22ea9c63df5630a470ac725c98ff3b47b572177414c16157b2fe8fe3e9432ca2 |
memory/4972-86-0x0000000140000000-0x0000000140170000-memory.dmp
memory/3476-94-0x00000000007E0000-0x0000000000840000-memory.dmp
memory/4972-82-0x0000000140000000-0x0000000140170000-memory.dmp
memory/4972-79-0x0000000001A90000-0x0000000001AF0000-memory.dmp
memory/4972-73-0x0000000001A90000-0x0000000001AF0000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | a45009f9bfae9f9d0676d4f779488067 |
| SHA1 | 62ed0f318435bb8c3dc6dda798b58dd0f10fc690 |
| SHA256 | daf41e35dc080a8abeaf50232e2984c9d55e8adfe532aa0058a252e0d0b5755d |
| SHA512 | 44a0cafe7dcc4394224b0bd890e41762e402af7ba0bf3815939abacfbd3b0227ccdf65942d186a1417a3178577360d4234d09de3b96e4f8c604ef8d7bfb2990f |
memory/1116-69-0x0000000002AD0000-0x0000000002D40000-memory.dmp
memory/4296-67-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/4296-61-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | bc33978ce773ac27dcad4562f979819e |
| SHA1 | b0f2492a6196b7aa1d3ab03b4e24567157bf573e |
| SHA256 | dfb53609e8bca5ce794ca88223df36671ab51f29e41fcc33697b0f6ad59b79b9 |
| SHA512 | 3bc00220ad832eb0a1d7a691841399793c2b6c271d621adb291d7ea24c6d1fef72f77298080341be6c81b5fc76251f159187402e57a681f7bc9d308e715e8950 |
memory/1116-54-0x0000000002020000-0x0000000002080000-memory.dmp
memory/1116-53-0x0000000002960000-0x0000000002961000-memory.dmp
memory/1124-43-0x0000000140000000-0x0000000140234000-memory.dmp
memory/4476-108-0x0000000140000000-0x000000014014B000-memory.dmp
memory/1124-253-0x0000000140000000-0x0000000140234000-memory.dmp
memory/4296-254-0x0000000140000000-0x000000014022B000-memory.dmp
memory/3476-255-0x0000000140000000-0x0000000140170000-memory.dmp
C:\Windows\System32\msdtc.exe
| MD5 | a5b7fdfc7d8470282d79dae2a455ab5f |
| SHA1 | a72189a91775ed6187ce5ab1cdf5023d71b5d7f4 |
| SHA256 | df92d00ab4672520000280b97d11f962bf97582ab9411e01c17c2102a868839c |
| SHA512 | 6a19c56fdfb12ac8692316c0bd4f84c47eeb7a08f346fd207167ad5aa99a56bc81f516108c3204893e8081f1e964199e863e8dc03a35a8111c81c151bd4afd99 |
memory/1020-264-0x0000000140000000-0x000000014015A000-memory.dmp
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | 62020ccd762b2d5a9f5835609bf6e28f |
| SHA1 | a4b332d358058631efa1f164198cd55b47078645 |
| SHA256 | c0db6d37528b3f1927b43761f7cb3329e6adbd3f23e459b9e7014617a2973cbf |
| SHA512 | 34d33a56a3cfa0c1c19a225b2b8e2e4aa1176aa7b2bca72efbab526490e6d2aeb6c332c1658f31c3b371dd7e60d335a4fee4f24fd43d6db3fa9c70aad6d5fefa |
memory/2456-277-0x00000000007A0000-0x0000000000800000-memory.dmp
memory/2456-279-0x0000000140000000-0x000000014014C000-memory.dmp
memory/2456-271-0x00000000007A0000-0x0000000000800000-memory.dmp
C:\Windows\SysWOW64\perfhost.exe
| MD5 | d3a5ab35686d44103c1821785d6e7d0c |
| SHA1 | 1365ed8ef2a42e756cd8af22ed42859e890a461c |
| SHA256 | 4cfc24e7fce7fc23e0508911624b4faac70b2982a6642d50cd9ba79950065d76 |
| SHA512 | 3a54280c96146e55324ef4ef1027e786827fa0be52658f7dff8d9ebd89f47adf5f20a4bf705ca409991280a7cc2ff710687a96d9790a9db98cd61bcde8ed89de |
memory/1800-282-0x0000000000400000-0x0000000000538000-memory.dmp
memory/1800-283-0x0000000000610000-0x0000000000677000-memory.dmp
C:\Windows\System32\Locator.exe
| MD5 | 84b712f70463ec6869ee4564572ed6e9 |
| SHA1 | 0ef9c878e70a71213f6c78d1041bb78f574371b6 |
| SHA256 | d509717800aefaaebed5c9475d6e6bc09aec988abaa7166456576906ea5c6e4d |
| SHA512 | b4aea7301577facbce4547b821a719def9c2eac8992ab5d4ad0ee654b6aa7a321a71c20fbd37aca67e29846f106b8bd398d38a9231738e97064597000a1c546a |
memory/1820-292-0x0000000140000000-0x0000000140136000-memory.dmp
C:\Windows\System32\SensorDataService.exe
| MD5 | 2904e237bda3800f1de21cec30bd267c |
| SHA1 | 4964f06686c2e5ed33fc4de3836723f52aef04ac |
| SHA256 | bbb031ae640ebdef8c925889981978ec7c0c9c3768d8ab79fa604c5ddefc277a |
| SHA512 | 2b6113645a8be6907a83af2b64e49018de909915507969cb73dcde8cf207d82d2c519a5d0884147416de8ca311533565cdda9ae8ae00b82f8b1ada26935defd8 |
memory/2944-295-0x0000000140000000-0x00000001401D7000-memory.dmp
C:\Windows\System32\snmptrap.exe
| MD5 | d26375e6ae1c1f2fcb845979ccb0b4a1 |
| SHA1 | ae5e9961ad5b3d64367f803cfdbeb8322bc08ee5 |
| SHA256 | 22e89a0e1fb930535d2cfc9e40ca6dd19f3644a3b04d266aa9289634def7b114 |
| SHA512 | 92ee776eb602783e4cadc3fc13e17dbbe56940618e40a556416bcef505e7a54ac638d429970c02ecf057d79a53ecaf439a7e7b824d1de456f11509370e95b439 |
memory/2360-299-0x0000000140000000-0x0000000140137000-memory.dmp
C:\Windows\System32\Spectrum.exe
| MD5 | 0227d1abfaa8364e4184973114afdf16 |
| SHA1 | 272ea4e73208ff2d9b4831b0c4e2d07e33061040 |
| SHA256 | ff157b48370935ae29d9e467ecc29a0da9e4b3b1ceb92710ebaa0903a055af4b |
| SHA512 | 9c1eeb99f2b3ff83d553ebf1dacf3cf4142b05396cc46822418205a551eb4d50dcd49b97135531c857d724fb66dc842c123fb51bc5b4f850e6894927823200c0 |
memory/2136-302-0x0000000140000000-0x0000000140169000-memory.dmp
C:\Windows\System32\OpenSSH\ssh-agent.exe
| MD5 | c5093b2fd9e07db4f185d7df1c89f642 |
| SHA1 | a4baed30ef2e04fc78c83251df3b043f5d5f9a2d |
| SHA256 | 7d752ce4a97131523c7426e8c42b425202d1e6f2c8d4352af60af534d954c7af |
| SHA512 | b025b038efd0d0b74441fb284488f3bb0331ef59165ee6a619ba3105f105d8e770a466882148d16da48cd163f3b21e150f59a9d89e1a8d2aac27593ea8767891 |
memory/3596-314-0x0000000140000000-0x00000001401A3000-memory.dmp
C:\Windows\System32\TieringEngineService.exe
| MD5 | fc2f020b5e6bcf15f8dd4802648c05af |
| SHA1 | 8ece8bcd7a630cf84c4ea537150d82b34cc5da9c |
| SHA256 | 50f132d161b82e7d5fff69244020a1722d39fdced3ecf89b4cacd8174b0c6309 |
| SHA512 | d017712130d3ae1225de71d1f6b3a6f112a10c268efbf0a2503f2ae7ca743873f9233dbd61930d8f19b8160baf3c3a29682d7cda4e3ef9f93a8424560c2b8550 |
memory/2700-325-0x0000000140000000-0x0000000140183000-memory.dmp
C:\Windows\System32\AgentService.exe
| MD5 | 26f1aaf0d56213c5f533f08d68bda0e9 |
| SHA1 | beecd5748eb05ef9e5f2cc94bda7f720dbee86e5 |
| SHA256 | 5d520ce24f4728af56257bd38124c602e3950524e9b4b3f6fa300b6317e8d050 |
| SHA512 | 7b460a279f47dc846ab577708961b4980bac02f34f59e98c22cd5515f0517f9ace156db6da270f8417131b750d37fa04a3ece74c58d6c50db65b0dde6e714bd4 |
memory/3064-328-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/3064-330-0x0000000140000000-0x00000001401C0000-memory.dmp
C:\Windows\System32\vds.exe
| MD5 | 65aa10444286261fb53396c4d52ec4b3 |
| SHA1 | 8f1562ed1322952aae095191658239fadf5f15f4 |
| SHA256 | 560712b8ba126ce35ce18f0132c12a89fd4e5b5c73e90333e92dd8450b2cd813 |
| SHA512 | 5461f7521bcb8c12dd3351c7ab80d8d6220e77436c80c68c13d9b1bc80572747cb508911f3cb2f675bcafef5c4aa0f0954600842c38d6a35c7caa38e8f39c681 |
memory/1020-332-0x0000000140000000-0x000000014015A000-memory.dmp
memory/4592-334-0x0000000140000000-0x0000000140147000-memory.dmp
C:\Windows\System32\VSSVC.exe
| MD5 | 73d69e8d68103a32a3d8022a8c8a9b5a |
| SHA1 | 2f781d754f8f0da1e3ad052b870c3f51846fd6c4 |
| SHA256 | dba37ff2a3c4e8972a3adb8285a0a364d7fc5653a46174a45d48dff7ede0468f |
| SHA512 | 03a5660b042b4285e99343e6caddf96b5fa3e04de6357fe5b386df644e7a0d45f9a4b4b41f67876dc30f4b0dbd9c2d9d1375cdcb1ad45b720ed473e9479b67aa |
memory/2456-336-0x0000000140000000-0x000000014014C000-memory.dmp
memory/3452-337-0x0000000140000000-0x00000001401FC000-memory.dmp
memory/1800-340-0x0000000000400000-0x0000000000538000-memory.dmp
C:\Windows\System32\wbengine.exe
| MD5 | d90eefdf9ea971bd3261dbc1a2cbe919 |
| SHA1 | 99063c107a0f773d852e225a9c79d87a037a8c2f |
| SHA256 | 809279e01e9f95145c94ae1913ed8b69b27e7cb2382ce9b1fc8b29be4a794655 |
| SHA512 | 6f98916327cdbaebd14b4e7ade13750c579dfddc2f68164531feb80b48a4efa731975f8528f9df0d51c60faf869727233f84c8c558fa14d7f3aa7584f999b028 |
memory/4728-341-0x0000000140000000-0x0000000140216000-memory.dmp
C:\Windows\System32\wbem\WmiApSrv.exe
| MD5 | 51db8a04ea08d2d112d4e3450924179b |
| SHA1 | 4b3e7ba28ce17ba98fa207e4e6160d05cbd34cf5 |
| SHA256 | 7d29bcff7c69c24ae3c96471ae7610365b07827a8d6d22c7c7a60b1b46eb9847 |
| SHA512 | 2c371bc2c01d5f50d2610ddf51a392b1850e32b425478b9652191bdab028c2e59ce0a3f49fd5f1f60e0602d94314fcc80a2ee3210d7e17545407d4a0264fb047 |
memory/1820-344-0x0000000140000000-0x0000000140136000-memory.dmp
memory/3196-345-0x0000000140000000-0x0000000140167000-memory.dmp
C:\Windows\System32\SearchIndexer.exe
| MD5 | db9f4bb1270226dffbdb2dcfdeaf3a29 |
| SHA1 | 3c2c4a30a08cce8144eaa6f50f03d6b64d88e0fa |
| SHA256 | 35f57d20a691b8f9d05f3e4a77c5d943a9038215962606a31e32af5f931579f0 |
| SHA512 | dfc02ba07e81f59075f47d5793bb115ee829811c9d6cdd22b94e5a46e72be9c326b2d6ca29a9397886eb27585399b59489eff7e83d282dbcdeebdffdf1c7ce99 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 8d904f644b3848d402a0e369dd276729 |
| SHA1 | db11015190a3faa1131811aaade0bcf4c5afc7f8 |
| SHA256 | 401b5c25cd52ffcb05b8025843f5c1ecd3f705a641deede826620ed151bab0d8 |
| SHA512 | 0070376c13ce64c4ce1b5369991027b8136a045a781faa51cfa25b2b709a2578e767c6fbc700e23b0c49c15f7875f4d2e42670406fca03d6c769d4e3861e4a77 |
memory/4340-354-0x0000000140000000-0x0000000140179000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 5ae08e2771e47e8c7884f7b18829b699 |
| SHA1 | 172b71717d53c055cc0015a0b08d45083f68d1ac |
| SHA256 | 2f230868e4e5297541d579f795acb8f3c9a7758cbb999bb9f5ea44630eff3239 |
| SHA512 | a69e18113c49fe5b92e54ad69b26941ae1fecc6ce480d99313ca6847fc518ec74730b3152006bbb88c13830ab748a3c383ad2470063c325481aaa5ff5f33f80f |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe
| MD5 | 7909d424c401252b67f3efcace07cc0c |
| SHA1 | a415325e47a9496e7cac8aa0f997800dc0c406bb |
| SHA256 | aee0242173fca553f2c05d5d90d1efe27a5f57a3d7f506c28780e578d54536ee |
| SHA512 | c5a942982a8d6e7b87adf687371a6953604ee802dfd0d5fdd80d9a350435c3fe73945cf26b3b70c14ff7a2a01ac9058bb6ce58a5a0e4c4dd7cfbe0e515004dcf |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | 3c430274688eebc4433f439b1f5ed823 |
| SHA1 | 79e3187230c9a179430d4b40aa151d7a2582f69e |
| SHA256 | 9c19353ab5437688eb6b68937a4943d0e69ae1a6f35d1c2fb2a9ff97b5642ab3 |
| SHA512 | 66257cb8f6647efacf3c486e14b0f150717f3b0613ac0e2283ea1607cfd7249ae687b9be584d9cec5b37b0dd19400a77b6b9df0742d3c45db30fa438dd9e2d22 |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | f02f986545a31a907ed4982416b9a8dd |
| SHA1 | 92fd6289aca2c9cf70be0b33379134d0d352b6e2 |
| SHA256 | 535529202c108d128cac41fa80aa20b8564e076bed7a36a5e0800b4acb1664bc |
| SHA512 | 7b59befdde178f78c3ed6bb76652a6bdec7fd70697f0491125048f7163052d0fa5a9dac57ae55e2fc894563e39573d14b37e1c78cf1b9a86c00d7c82851b68d3 |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | c0358cec4aa9e4ab63027d847581ff85 |
| SHA1 | 7169223c4d1da80e67f5163aa27b5f18eaad30f5 |
| SHA256 | 3011118f7b48752887b03b999e7a635fb14e29d64cdd0a533987c7aa78d4563a |
| SHA512 | c925b1513d0660a287e0cc0db259e2582396ebaa4ec36a4f85441b6e02e4786b2ae00daf717f5728095fc0ad983a48bffc29eb98dba24b5dcf9fc53fcddb79fa |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | b43d0dde479ce3d84a6098d52f6c0f97 |
| SHA1 | f912452d7bbf617a2a096003ec2b0aa9e10c2d8b |
| SHA256 | f27bdbcf4dffeb7f985cd0f1fb77cfb68dfe4444a4c12c9bc2a8b235816b3a0a |
| SHA512 | 5a561fb0a940285300dca7e4d0043679ec2a6bfb8ae4207aeacb588267cc80809237ba88dd7b56c7457c3a9256a6805518a2fef0e914aaf7f71062caa1c55fdf |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 7c5827fb1e0cf0fa6a49040635c6b0ea |
| SHA1 | f784ef720f07993ff6f947013364fd2101440d6d |
| SHA256 | f7ee8941c994416b6d48bfa52e5f23eaf140d0dccb52b1c6f6c77acb13f51bc9 |
| SHA512 | 5cc535fb6ad59f77a473f7a839bafe8eec3a5e5c1ce66ce42b435832521a76f0401ca6253f88b100f873aafae5933b71ea3f66fdca71aafd9baf72b8cfa49ec9 |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | d264c0bcbf3f93f3147b5f5441fd796a |
| SHA1 | a6e064f3a0b062b0d9418962cd7d51b3ffb32efc |
| SHA256 | 80d19735e077c3e04129043e23fb07018e0e580c29df5c12080cbf322b974cb2 |
| SHA512 | a98dca43932e070f7d3a8c039f176a0f2f01f3cb2631b7dd38b39288de846e1ab9bbceee91d2bd9e519b07962f400c26daf5660ab37273add7efc31f3d024026 |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | 9d445756d8dd12d9417a4c9d55012861 |
| SHA1 | 32233c121cc00dc1d77cc93cd312bdab8eace343 |
| SHA256 | 51acc5dab9e7a050ded070fa80d9c3a6c9209d750f661a48c4c51b41579710c8 |
| SHA512 | fc31d4ececa2b78fa8cac54f0aeb41200b2a67dc8f7702787ad51ecec678e5228ff935815454de5e72e2bf6c582348b25cbd818e444534149b02ff9f8781f3bc |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 79e6fdbfa8f09706e61f836c4e539cee |
| SHA1 | e8d8d931b035ceb847d94393f136aa00176132ad |
| SHA256 | 78d061a4b4df1c67b44b867df523c82da8730a6fe5f4af41791ccba816ef282c |
| SHA512 | f0b5f8fc8d6b63030277f692443ae86f70e0956d979bc6e920464a124152e1b623a9be9c82e7350cfb2a50fff5d1012253d6d435abaa4526c16d1e7521cee013 |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 663a8a9709d50a7f1c492bf704a8ca47 |
| SHA1 | b0ff9f12204ae379d99d586721f833e887f1460d |
| SHA256 | 13090627dc7670543c80e49de184c2403e5aa00f256f03f3d5fe26b6017cd787 |
| SHA512 | 3c3d26da4a29826e256846c1d06fbea9df7dfb1329f68b5a7bd7bd019ec022d5c6d766e3447bd64778f31a0847b375e60dc23091ea222ae3808a48e137408c10 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | 950afb3d6911cd84d3f61e42ed27963c |
| SHA1 | 2b357e91cdba65d82351528c4aae42cbdb85201d |
| SHA256 | 7ccbd01f3b8444c2c10db4e1d86cd3ccc39dc4a9abcbe673bffa03d306949476 |
| SHA512 | 3e159ac631e7b551a7a5f4d6114a529e1478d0a05551bd3dfe3cb7d0f5c3e3ec3812efb553f7ffa92863bedc537c02ed0ce3e87ee57fb9e91ac95ce2711c93fe |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | e580a91caa589399cbb5414a9bbdb461 |
| SHA1 | 860e1ba04a1fc8ee8909d18bd082c1e6d497463d |
| SHA256 | 107de6770cdf76cc9eed89e87f5cdf1818f109e59e3e77693962fe135fd750ef |
| SHA512 | 4f552615d7c4885613e25e910e2840e628d64e5cfcfd69b742be591737bf6bd71664c7c1fe8daddf6fb9a07a222b778eedc768c2367efa73e3d0da65bb4da33f |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | be219599fb81ef1a146a5ac18144e714 |
| SHA1 | d583e8e0f461fed79bcd39279ffecc9295dbf297 |
| SHA256 | 403e747eef055b2e4b15bef562689540daac0a93448afd6d19c297e6d31b5759 |
| SHA512 | a21739e22a7703d8b5e5e8cf0aa352c7a3250c2df861e0496199bd552e0f0483eb98e0672aca962a00edcd4e9dd148d8a29fcf1f0c5bd6451bb77a043330c202 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | 57eb889d2c48d95e064d93735ca0e439 |
| SHA1 | 7c53016bf1e352b09cd641040923aef5ebf13b1b |
| SHA256 | 230bb801e880c9e6d0bfe7b7f57ea90ef8b174f6e0ff46b6744a6fd03400fe0a |
| SHA512 | ffea5467728282329e243cb7565bd14ada404efa94ed5592c2bc158c5be90c0318f718de8558bf485824111db4ba2851c5c3b82f34d2424ddbcfc30b2cf2dd60 |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | cfc0eda19bd17a65cec4300075114587 |
| SHA1 | fba22b704c07da8e3902398e29870094f04c389c |
| SHA256 | ac8851782f6ba6a539bc45f02725216f686f63e7796ddeb7fa55794c49f270e4 |
| SHA512 | de79821d5e28670bd7b996caa5d8bf14c7367d3ca1e786a5fd6d85c66d81f303e0e7a19ce0cf57d5606a5428ac58ebc3b77fdf7bf1212afa76403ce96773e0c5 |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | 979d9bcc042656dfa59f07dba5134551 |
| SHA1 | fa6e4d3b0d58f997115ce47b1b09ce49c438293a |
| SHA256 | e3289348deb4d75a4182c08254c1fe87698e719a8c2a230eeeebff80ff2eeaff |
| SHA512 | b0cacbe4d109f187635588c0db06b647b042d7d6d4db40a94ec2eeb23f6ef89c93bd1256c0235ca25c6576a86ae34f7b7e0929b041284b735916ae1f0af8f987 |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 41f0ea05fd336e499d419dc3d53c8869 |
| SHA1 | bed57b2c83eeb3fe8365f4a8fbbec946e155ffb1 |
| SHA256 | 45c2a37ecfa2dd32bc7d1691dc656a4de926897aec0684ccf80e5f294276eb6c |
| SHA512 | ea23f3107b191ce02bffc3bda9e746a2e6dbc93350670e7c66a5a3bd92366871c2008c2222c500eb61ae88f41a2ba4461b9563d32d2d624de49404642521457a |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | a5cf444a09ba52e61e80b75d040933e7 |
| SHA1 | d578803bac9fa7947a1e06f45e6031b6a7b3a4dd |
| SHA256 | 3ff1e34777ea8383fe76256a36952a6e968e6984d484748da9967cb516ae8559 |
| SHA512 | 0db10fef113d24cd7b1f409e7ba422a2b3c384d6ffd5ca086038a0f34a1415ce6147f1c55bd58013ed3476549ab6524c5bd5b01fd9ae0ec3e0ec26d6ea87af12 |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | c55a2134bd316e57700c9dea57ac3805 |
| SHA1 | a6882ac38c4d60d5c90af9ec6030fb3b3e9f85ec |
| SHA256 | efda684fc8bdeb2aa1df5685a98c08ca19feb396f4258332f4c05d87c9d4b929 |
| SHA512 | 9817c2abb29eb2f9dbf7f818e2af4997955e161afbd08a927ff1d1fad083c97d31a170f0b9a68eafccae5643b855299b78eb05daca474c0193bc4da974a73db5 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 7beb793891d188286fee3534041d469b |
| SHA1 | 03257916150aae618573da7a7f611eb484a6aaec |
| SHA256 | e625992c59ed37106705763127df3eac0228220c5141ac4a1b72d16b068887d2 |
| SHA512 | e70ddd94fef77b378cde6b160e9277850ef90fee97657e2cb0855ca1bad94f8e9b35180b03dcb717ccf7f3708522e2721e49d45e24c749e2799e56fc9708a74d |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 0cc8a04a481b082d9fd8e8eb3ed7e1e0 |
| SHA1 | b8e43162f978aa0651da929c3f4f143eb2cf1495 |
| SHA256 | 31eede7660b455b73c6383cce8692c05fa7c5851c3ee20ddf4efa9642b3aa8b3 |
| SHA512 | 8906d6a6d9e2013fa6944c0ddbf720807c226ed95fcf6debad6e213901bc1df636adbecb7f553c0947b90096853ccbae901dc6675221278f5c90c4ccf410b2fc |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 71eee51a4c55b18893f34a22550d6dbc |
| SHA1 | 9850ebdc4b8adba6103292e25e7d25ad6dca2a8f |
| SHA256 | 8b998e657b76dadcbb39535b12f0441a0063f0766b37afb41b12122a09264aa0 |
| SHA512 | 9e91ef5378093de9ce832dd970616ea50c0c59463e0d02355faa24139588bc3713555f1d2a3d4ecea3637b565cc4d1c6c751bdca8d5bd002140e6aac2943cd15 |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 428354286d7e36674bbb0e47a6e43903 |
| SHA1 | 8a7a3bc1544368dffb4d9072e82149964afc659d |
| SHA256 | a938a08957920a36b99c6ea8145fc6319e85156435b00cf57de7dba3f5544ad6 |
| SHA512 | b540ca2608bbacb69fd616bde1869659c55b8eafc29ed0856b698a755a11c06773607a007d72c3738f00a85f9529fba39291f5fa67bed12337dd3d4ba9052271 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe
| MD5 | b932757b5705405759980b96d7b5c41c |
| SHA1 | 96f2edae06825cb3b8a02354cec3b7c9ce224184 |
| SHA256 | 6a4083524db14eed9c08e19efde18fae98efea1f24bb7243740a646e782e8bc4 |
| SHA512 | ea9c241e229f9f3c7374f986557c6146ecdc15cbc49938f09d81b832172840515814d8b774d85d60b93ea1c43ae7d6f9f28bd4bbfd256d6e7db6e44aa3c026ae |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
| MD5 | cb7c1b8adc8742d73a1e90b59040e77b |
| SHA1 | c144a125ff98f2762e867d1d892ae54d6e06e4ed |
| SHA256 | 963fb63d3111799e3ab1db9b9b9147d9a303a93bb9f05f3be6fd95e44f147b82 |
| SHA512 | 5f4e743e3812c9cdfe4046a4fc34d7f037df568dd1ddb56e7884bbc1c6e33b7787cdf36f96f5a797ec28ae6bacf543681e29b3c4176568487a2920716499ab7e |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
| MD5 | d7f6a2939ab05a62ecba1b991af7ef34 |
| SHA1 | 19d2fb19ccc4be0cbaf90fbb31b5a6261879600c |
| SHA256 | 4cbc33ccb0b2a42f9f3d90097c95744734248e9bb8c220f68ae3ba5c6ee92749 |
| SHA512 | b70ea4cfd8b6760865e432c02adfd9400c6e58dfc0306b1d4491d816cdb17380355198031e39a9ede3f5ab5e4ed650e65d73cdb5ad543e5d44cdeefde195bd67 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | d7026a01874f1d79a67a1af482522cef |
| SHA1 | d206747e8a18dc4ea5e7282250294e113c580709 |
| SHA256 | 189a34a0a515e2f06971e730b9362bfd4fa019b67ff4ffcaf4dc1566ea0d4533 |
| SHA512 | baea64c85eaa1775aae7ba3a296014518782878df9a8f1120672fff6d8955fd99558b0120b69dabc651a5c6905afbd2a5b726ad50b993ef879ba5b075a20bbcb |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 16970920bafc92448246ab64866d72a1 |
| SHA1 | b71d637e48b7cddd9f8377afbc75a349a3c54579 |
| SHA256 | ca09ffc93ae8124fd0d8e3b3ba56ee52ebfbea5ced62b3b16da44586129ba049 |
| SHA512 | b01e2180580ccb5a37933bf6c2fca60ae07ca41c931149b9a485f4c9d96a74d75da59edf3fdf89736440faaf2d63d77c32b79d90eebb5e9122578f1cb605b832 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | 8a7fe0440643e3df8c6f20f8d7356de9 |
| SHA1 | eba160d30d91045455fcb9d7f433a87ba6083e4e |
| SHA256 | d9eb53028a662d23daacf09ee5368a86296a8fef081f84ac050b4924bd2e7178 |
| SHA512 | 7e4d7bdd9ddf47eedfc6cc4c617248a27222b553ea5a577ac96e261e0056ee3efb16d87ad671cf5fcbf6aedbd49b66beb0c6d4acc519af5f392c269bcb6649b8 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | c58a9513cc50cc9a375b362a7c24d2fd |
| SHA1 | 77b3af72033653f2cc81d44518351f3f4474c2a1 |
| SHA256 | 5983bf2d068d9e6c7fb24617be922f6a786443f23d6614c75429b3b65fdcd230 |
| SHA512 | 9c935176b4946913d79c90200e598b37a2d1a94507e59f170a2fb4df7e4c0c0478b42b85a510a72d8a01de34c586e441238d16ba93df866de16beeb99b34ef4a |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 0ca2beca5b5132510c196675c9dbfcdd |
| SHA1 | 15589e7d792ebcb2ccb93418261ed06ee70b581e |
| SHA256 | a1c061c97b7fdc7e758514076fc3c1f087ce80ad16c9ac629e5d0c6f494d6557 |
| SHA512 | 01547dd9bd101e4d07caaf7164a4d755d8dfca43ceee4e5f6ecc4e9e46f056d3fe043e4b3759747f810ca14ec4bb40c90d07120d8228d6529e6e018d06515b62 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | ff7dcd3eb7a5db71a158f458b0440a50 |
| SHA1 | cd5b4f59ed92ca40417cc94314e8cbc963f452a7 |
| SHA256 | 81fefceaa5ce5c832bb3885183c254db52f903825257fc1357d93109df12f9d5 |
| SHA512 | 403566a10879db9c545dcf06240d30b2f405e55f0ce9834ec88884f90c61bd9b7a06802008872d1e98603feb1bbf49536dd74f97a3a481d6d66ed225dbd88a31 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | be4d05b218a4b85a7dc3096dd009452c |
| SHA1 | c5adcc16986f8997e61bb2c1e6df50c3c1c199a9 |
| SHA256 | 20f411a8ce999dda0e559d1d9f809c84f39d2e6de5cc009e60b6976e3519ceb8 |
| SHA512 | d2b2006d0f6fb29b27f658879cd572c26adc44b90d6f29aaa6261fe6be9c63ff313b3fda4b301d6531c79217a92ec856594d31cff761519d472faa8f069a8b50 |
memory/2944-352-0x0000000140000000-0x00000001401D7000-memory.dmp
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 206c020e154aebe5775a483cae93e291 |
| SHA1 | 922ff7f32940aee8cc115691d1e0309a20c364da |
| SHA256 | 7e5a4a3339f9b7054a6163744ddb005c38ca10c2c9726a62ff03af8b6d4065ca |
| SHA512 | 60818bf752e99149b18f6398710d25056d833151601ab3ed312c517eec43c2d64a909cc960ddc4526a1bc85df1a1f21eed5c137576a3f7ff52a3e6a3512f72f1 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 4bc61e5f7069b8be895eabcb6098daf2 |
| SHA1 | b65b9fd4258e6fd56e176b8ad66e21cb2957c2b0 |
| SHA256 | dab56b783096454112ea50c85897bafe0e804a9c984044f1bbeec361deb9abc2 |
| SHA512 | 040109d4ef3fb39990ddd0932f2c7eb83ddb871da1629ef30606ced6bac0e724ebfc39a77ef9ea7860fdfe38abd83e775c8e5d1a7fd8903493b8c3d940e3eaa5 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 0a8af5366eba1fc1f941977949bc187f |
| SHA1 | bc028924d60041a012869dbb7d05acc5c6e022cc |
| SHA256 | 152286303116d68597a3ab907b84b8464f2e515f1cde38856df63a5cfaf5ff01 |
| SHA512 | 0e99add4e245167928da7f7e4e834aa0f8e6df52025b2cbfc95c90719af093514004fc828b34f0e6bbf20a1d50e51687f5d2a8d1b88e7acd69ced022c7276b38 |
memory/2360-423-0x0000000140000000-0x0000000140137000-memory.dmp
memory/2136-426-0x0000000140000000-0x0000000140169000-memory.dmp
memory/3596-444-0x0000000140000000-0x00000001401A3000-memory.dmp
memory/2700-510-0x0000000140000000-0x0000000140183000-memory.dmp
memory/4592-591-0x0000000140000000-0x0000000140147000-memory.dmp
memory/2944-592-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/3452-593-0x0000000140000000-0x00000001401FC000-memory.dmp
memory/4728-594-0x0000000140000000-0x0000000140216000-memory.dmp
memory/3196-595-0x0000000140000000-0x0000000140167000-memory.dmp
memory/4340-596-0x0000000140000000-0x0000000140179000-memory.dmp