Analysis Overview
SHA256
e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283
Threat Level: Shows suspicious behavior
The file e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 23:21
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 23:21
Reported
2024-11-09 23:23
Platform
win7-20240903-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\99c7dc8a7c3b6b19.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\kinit.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\uninstall.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ielowutil.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\jabswitch.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\pack200.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ielowutil.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\java.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\chrome_proxy.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Install\{5EB8F02B-573C-439E-BE36-635B3B6563D9}\chrome_installer.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\orbd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\iexplore.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\pingsender.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\servertool.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ieinstal.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\javaw.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen_service.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index154.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index15c.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index145.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index147.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\index14d.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\index156.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index14f.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4CE8.tmp\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\index154.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5B1B.tmp\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index150.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index151.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\index15c.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5310.tmp\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index14d.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index14f.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8D42.tmp\Microsoft.Office.Tools.Word.v9.0.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index14f.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5C15.tmp\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index144.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index14e.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index15b.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\index159.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index145.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\index149.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index14b.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index153.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\index14e.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index160.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5792.tmp\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index156.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\ngenlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9962.tmp\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index15e.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPADAD.tmp\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index14e.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\index14f.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index160.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index162.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\assembly\NativeImages_v2.0.50727_64\index147.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe
"C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d0 -InterruptEvent 1bc -NGENProcess 1c0 -Pipe 1cc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1c8 -InterruptEvent 234 -NGENProcess 23c -Pipe 240 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1e4 -InterruptEvent 1d0 -NGENProcess 1d4 -Pipe 1e0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 254 -InterruptEvent 1d0 -NGENProcess 1d4 -Pipe 1e4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 244 -InterruptEvent 250 -NGENProcess 258 -Pipe 254 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 240 -InterruptEvent 248 -NGENProcess 25c -Pipe 244 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 248 -InterruptEvent 260 -NGENProcess 258 -Pipe 23c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 238 -NGENProcess 1d0 -Pipe 250 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 248 -NGENProcess 268 -Pipe 260 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 248 -InterruptEvent 1ec -NGENProcess 1d0 -Pipe 1d4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 1ec -NGENProcess 248 -Pipe 238 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1ec -InterruptEvent 25c -NGENProcess 1d0 -Pipe 240 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 278 -NGENProcess 264 -Pipe 274 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 278 -InterruptEvent 258 -NGENProcess 268 -Pipe 248 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 27c -NGENProcess 25c -Pipe 1ec -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 270 -NGENProcess 268 -Pipe 26c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 288 -NGENProcess 278 -Pipe 284 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 27c -NGENProcess 290 -Pipe 270 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 25c -NGENProcess 278 -Pipe 280 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 1d0 -NGENProcess 258 -Pipe 268 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1d0 -InterruptEvent 294 -NGENProcess 290 -Pipe 270 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 294 -InterruptEvent 290 -NGENProcess 27c -Pipe 29c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 290 -InterruptEvent 264 -NGENProcess 298 -Pipe 28c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 2a0 -NGENProcess 1d0 -Pipe 288 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 2a8 -NGENProcess 27c -Pipe 2a4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1c8 -InterruptEvent 1ac -NGENProcess 230 -Pipe 1d8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1ac -InterruptEvent 258 -NGENProcess 234 -Pipe 254 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 25c -NGENProcess 248 -Pipe 250 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 260 -NGENProcess 230 -Pipe 244 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 264 -NGENProcess 234 -Pipe 1b8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 230 -NGENProcess 234 -Pipe 258 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 230 -InterruptEvent 270 -NGENProcess 268 -Pipe 26c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 268 -NGENProcess 264 -Pipe 1c8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 230 -NGENProcess 234 -Pipe 27c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 230 -InterruptEvent 234 -NGENProcess 270 -Pipe 278 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 280 -InterruptEvent 24c -NGENProcess 284 -Pipe 230 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 24c -InterruptEvent 284 -NGENProcess 264 -Pipe 270 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 284 -InterruptEvent 288 -NGENProcess 268 -Pipe 274 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 288 -InterruptEvent 268 -NGENProcess 24c -Pipe 1ac -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 290 -NGENProcess 264 -Pipe 280 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 290 -InterruptEvent 264 -NGENProcess 288 -Pipe 28c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 268 -NGENProcess 24c -Pipe 29c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 24c -NGENProcess 290 -Pipe 298 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 24c -InterruptEvent 2a0 -NGENProcess 288 -Pipe 234 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 24c -NGENProcess 284 -Pipe 248 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 24c -InterruptEvent 25c -NGENProcess 2a4 -Pipe 264 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 2a4 -NGENProcess 2a0 -Pipe 288 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a4 -InterruptEvent 2b0 -NGENProcess 284 -Pipe 268 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 284 -NGENProcess 25c -Pipe 2ac -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 284 -InterruptEvent 2b8 -NGENProcess 2a0 -Pipe 24c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 2a0 -NGENProcess 2b0 -Pipe 2b4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 2c0 -NGENProcess 25c -Pipe 2a4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 25c -NGENProcess 2b8 -Pipe 2bc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 2c8 -NGENProcess 2b0 -Pipe 284 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 2b0 -NGENProcess 2c0 -Pipe 2c4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 2d0 -NGENProcess 2a0 -Pipe 2a8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 2a0 -NGENProcess 2c8 -Pipe 2cc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 2d8 -NGENProcess 2c0 -Pipe 25c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 2c0 -NGENProcess 2d0 -Pipe 2d4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 2e0 -NGENProcess 2c8 -Pipe 2b0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 2c8 -NGENProcess 2d8 -Pipe 2dc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 2e8 -NGENProcess 2d0 -Pipe 2a0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 2ec -NGENProcess 2e4 -Pipe 294 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 2f0 -NGENProcess 2d8 -Pipe 2c0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 2f4 -NGENProcess 2d0 -Pipe 290 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 2ec -NGENProcess 2fc -Pipe 2f0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 2fc -NGENProcess 2e4 -Pipe 2d0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 2ec -NGENProcess 304 -Pipe 300 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 2b8 -NGENProcess 2e4 -Pipe 2d8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 2fc -NGENProcess 30c -Pipe 2ec -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 2f4 -NGENProcess 2e4 -Pipe 2e0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 2e4 -NGENProcess 2c8 -Pipe 314 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 2c8 -NGENProcess 2b8 -Pipe 318 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 2f8 -NGENProcess 2e8 -Pipe 304 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 31c -NGENProcess 2f4 -Pipe 30c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 31c -InterruptEvent 320 -NGENProcess 2b8 -Pipe 310 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 2b8 -NGENProcess 2c8 -Pipe 328 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 2b8 -NGENProcess 320 -Pipe 324 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 2e4 -NGENProcess 2c8 -Pipe 2fc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 308 -NGENProcess 334 -Pipe 2b8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 2f4 -NGENProcess 2c8 -Pipe 32c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 338 -NGENProcess 2e4 -Pipe 31c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 33c -NGENProcess 334 -Pipe 2e8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 340 -NGENProcess 2c8 -Pipe 2f8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 344 -NGENProcess 2e4 -Pipe 330 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 348 -NGENProcess 334 -Pipe 308 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 34c -NGENProcess 2c8 -Pipe 2f4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 34c -InterruptEvent 350 -NGENProcess 2e4 -Pipe 338 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 350 -InterruptEvent 354 -NGENProcess 334 -Pipe 33c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 358 -NGENProcess 2c8 -Pipe 340 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 2c8 -NGENProcess 34c -Pipe 360 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 344 -NGENProcess 35c -Pipe 348 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 364 -NGENProcess 354 -Pipe 320 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 2c8 -NGENProcess 36c -Pipe 344 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 2e4 -NGENProcess 354 -Pipe 350 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 354 -NGENProcess 374 -Pipe 368 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 334 -NGENProcess 370 -Pipe 358 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 334 -InterruptEvent 378 -NGENProcess 2e4 -Pipe 364 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 35c -NGENProcess 370 -Pipe 34c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 380 -NGENProcess 354 -Pipe 36c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 384 -NGENProcess 2e4 -Pipe 37c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 384 -InterruptEvent 388 -NGENProcess 370 -Pipe 2c8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 38c -NGENProcess 354 -Pipe 334 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 390 -NGENProcess 2e4 -Pipe 378 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 2e4 -NGENProcess 384 -Pipe 398 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 384 -NGENProcess 370 -Pipe 39c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 384 -InterruptEvent 380 -NGENProcess 35c -Pipe 374 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a0 -InterruptEvent 2e4 -NGENProcess 3a4 -Pipe 384 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 354 -NGENProcess 35c -Pipe 394 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 3a8 -NGENProcess 380 -Pipe 38c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 3a0 -NGENProcess 3a4 -Pipe 3b0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a0 -InterruptEvent 388 -NGENProcess 3ac -Pipe 390 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 3b4 -NGENProcess 380 -Pipe 370 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 3b8 -NGENProcess 3a4 -Pipe 2e4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 3bc -NGENProcess 3ac -Pipe 354 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 3c0 -NGENProcess 380 -Pipe 3a8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 3c4 -NGENProcess 3a4 -Pipe 3a0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3c4 -InterruptEvent 3c8 -NGENProcess 3ac -Pipe 388 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 3b4 -NGENProcess 380 -Pipe 3cc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 3d0 -NGENProcess 3a4 -Pipe 3b8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 3d4 -NGENProcess 3ac -Pipe 3bc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d4 -InterruptEvent 3c8 -NGENProcess 380 -Pipe 3dc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 3c0 -NGENProcess 3d8 -Pipe 3c4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 3e0 -NGENProcess 3ac -Pipe 35c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e0 -InterruptEvent 3ac -NGENProcess 3c8 -Pipe 380 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 3e8 -NGENProcess 3d8 -Pipe 3d0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e8 -InterruptEvent 3d8 -NGENProcess 3e0 -Pipe 3e4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 3f0 -NGENProcess 3c8 -Pipe 3c0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3f0 -InterruptEvent 3c8 -NGENProcess 3e8 -Pipe 3ec -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 3d8 -NGENProcess 3e0 -Pipe 3fc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 3ac -NGENProcess 3f8 -Pipe 3d4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 3f8 -NGENProcess 3c8 -Pipe 3e8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3f8 -InterruptEvent 3a4 -NGENProcess 404 -Pipe 3b4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a4 -InterruptEvent 404 -NGENProcess 408 -Pipe 410 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 404 -InterruptEvent 3f4 -NGENProcess 40c -Pipe 3d8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 40c -NGENProcess 3ac -Pipe 418 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 40c -InterruptEvent 3e0 -NGENProcess 414 -Pipe 3f0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3e0 -InterruptEvent 41c -NGENProcess 404 -Pipe 3c8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 41c -InterruptEvent 420 -NGENProcess 3ac -Pipe 3f8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 420 -NGENProcess 41c -Pipe 414 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 420 -InterruptEvent 3a4 -NGENProcess 3ac -Pipe 3f4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a4 -InterruptEvent 42c -NGENProcess 3e0 -Pipe 408 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 42c -InterruptEvent 430 -NGENProcess 41c -Pipe 428 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 430 -InterruptEvent 434 -NGENProcess 3ac -Pipe 40c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 434 -InterruptEvent 438 -NGENProcess 3e0 -Pipe 424 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 42c -InterruptEvent 43c -NGENProcess 430 -Pipe 438 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 43c -InterruptEvent 430 -NGENProcess 440 -Pipe 444 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 430 -InterruptEvent 3a4 -NGENProcess 420 -Pipe 404 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a4 -InterruptEvent 448 -NGENProcess 42c -Pipe 3ac -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 448 -InterruptEvent 44c -NGENProcess 440 -Pipe 3e0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 44c -InterruptEvent 450 -NGENProcess 420 -Pipe 41c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 450 -InterruptEvent 420 -NGENProcess 448 -Pipe 42c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 420 -InterruptEvent 458 -NGENProcess 440 -Pipe 430 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 440 -NGENProcess 450 -Pipe 454 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 440 -InterruptEvent 460 -NGENProcess 448 -Pipe 44c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 460 -InterruptEvent 464 -NGENProcess 45c -Pipe 43c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 464 -InterruptEvent 468 -NGENProcess 450 -Pipe 420 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 468 -InterruptEvent 46c -NGENProcess 448 -Pipe 3a4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 46c -InterruptEvent 470 -NGENProcess 45c -Pipe 458 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 470 -InterruptEvent 45c -NGENProcess 468 -Pipe 450 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 478 -NGENProcess 448 -Pipe 460 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 478 -InterruptEvent 45c -NGENProcess 480 -Pipe 470 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 464 -NGENProcess 448 -Pipe 46c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 484 -InterruptEvent 464 -NGENProcess 45c -Pipe 47c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 464 -InterruptEvent 434 -NGENProcess 448 -Pipe 474 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 434 -InterruptEvent 448 -NGENProcess 484 -Pipe 478 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 448 -InterruptEvent 490 -NGENProcess 45c -Pipe 488 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 490 -InterruptEvent 45c -NGENProcess 434 -Pipe 48c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 498 -NGENProcess 484 -Pipe 464 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 498 -InterruptEvent 49c -NGENProcess 494 -Pipe 468 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 49c -InterruptEvent 494 -NGENProcess 45c -Pipe 434 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 49c -InterruptEvent 45c -NGENProcess 494 -Pipe 4a4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 494 -NGENProcess 484 -Pipe 4a0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 494 -InterruptEvent 4ac -NGENProcess 440 -Pipe 498 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4ac -InterruptEvent 4b0 -NGENProcess 4a8 -Pipe 448 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4b0 -InterruptEvent 4b4 -NGENProcess 484 -Pipe 49c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4b4 -InterruptEvent 4b8 -NGENProcess 480 -Pipe 490 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4bc -InterruptEvent 4b0 -NGENProcess 4c0 -Pipe 4b4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4b0 -InterruptEvent 45c -NGENProcess 480 -Pipe 494 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 4c4 -NGENProcess 4b8 -Pipe 440 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4c4 -InterruptEvent 4c8 -NGENProcess 4c0 -Pipe 4ac -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4c8 -InterruptEvent 4c0 -NGENProcess 4b0 -Pipe 4d0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4c0 -InterruptEvent 4b0 -NGENProcess 45c -Pipe 4cc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4b0 -InterruptEvent 4d4 -NGENProcess 4c4 -Pipe 484 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4d4 -InterruptEvent 4d8 -NGENProcess 4a8 -Pipe 480 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4d8 -InterruptEvent 4a8 -NGENProcess 4b0 -Pipe 45c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4e0 -InterruptEvent 4c8 -NGENProcess 4e4 -Pipe 4d8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4c8 -InterruptEvent 4bc -NGENProcess 4b0 -Pipe 4c0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4bc -InterruptEvent 4e8 -NGENProcess 4a8 -Pipe 4b8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4e8 -InterruptEvent 4ec -NGENProcess 4c8 -Pipe 4e0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4ec -InterruptEvent 4d4 -NGENProcess 4a8 -Pipe 4c4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4d4 -InterruptEvent 4f4 -NGENProcess 4bc -Pipe 4dc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4f4 -InterruptEvent 4f8 -NGENProcess 4c8 -Pipe 4f0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4f8 -InterruptEvent 4fc -NGENProcess 4a8 -Pipe 4e4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 4fc -InterruptEvent 500 -NGENProcess 4bc -Pipe 4e8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 500 -InterruptEvent 504 -NGENProcess 4c8 -Pipe 4ec -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 504 -InterruptEvent 508 -NGENProcess 4a8 -Pipe 4d4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 508 -InterruptEvent 50c -NGENProcess 4bc -Pipe 4f4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 50c -InterruptEvent 510 -NGENProcess 4c8 -Pipe 4f8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 510 -InterruptEvent 514 -NGENProcess 4a8 -Pipe 4fc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 514 -InterruptEvent 518 -NGENProcess 4bc -Pipe 500 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 518 -InterruptEvent 51c -NGENProcess 4c8 -Pipe 504 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 51c -InterruptEvent 520 -NGENProcess 4a8 -Pipe 508 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 520 -InterruptEvent 524 -NGENProcess 4bc -Pipe 50c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 524 -InterruptEvent 528 -NGENProcess 4c8 -Pipe 510 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 528 -InterruptEvent 52c -NGENProcess 4a8 -Pipe 514 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 52c -InterruptEvent 520 -NGENProcess 4bc -Pipe 534 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 520 -InterruptEvent 518 -NGENProcess 530 -Pipe 51c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 518 -InterruptEvent 538 -NGENProcess 4a8 -Pipe 4b0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 538 -InterruptEvent 53c -NGENProcess 4bc -Pipe 524 -Comment "NGen Worker Process"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 172.234.222.143:80 | przvgke.biz | tcp |
| US | 172.234.222.143:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| SG | 47.129.31.212:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 44.221.84.105:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 172.234.222.138:80 | fwiwk.biz | tcp |
| US | 172.234.222.138:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 18.208.156.248:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.22:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.13.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 18.208.156.248:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 44.221.84.105:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 18.246.231.120:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 18.208.156.248:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| SG | 47.129.31.212:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 18.246.231.120:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| SG | 47.129.31.212:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| SG | 47.129.31.212:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 18.246.231.120:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| SG | 47.129.31.212:80 | rrqafepng.biz | tcp |
| US | 8.8.8.8:53 | ctdtgwag.biz | udp |
| US | 3.94.10.34:80 | ctdtgwag.biz | tcp |
| US | 8.8.8.8:53 | tnevuluw.biz | udp |
| US | 35.164.78.200:80 | tnevuluw.biz | tcp |
| US | 8.8.8.8:53 | whjovd.biz | udp |
| SG | 18.141.10.107:80 | whjovd.biz | tcp |
| US | 8.8.8.8:53 | gjogvvpsf.biz | udp |
| US | 8.8.8.8:53 | reczwga.biz | udp |
| US | 44.221.84.105:80 | reczwga.biz | tcp |
| US | 8.8.8.8:53 | bghjpy.biz | udp |
| US | 34.211.97.45:80 | bghjpy.biz | tcp |
| US | 8.8.8.8:53 | damcprvgv.biz | udp |
| US | 18.208.156.248:80 | damcprvgv.biz | tcp |
| US | 8.8.8.8:53 | ocsvqjg.biz | udp |
| IE | 3.254.94.185:80 | ocsvqjg.biz | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 54.244.188.177:80 | tcp |
Files
memory/2196-1-0x0000000001E10000-0x0000000001E77000-memory.dmp
memory/2196-0-0x0000000000400000-0x00000000004F9000-memory.dmp
memory/2196-7-0x0000000001E10000-0x0000000001E77000-memory.dmp
memory/2196-6-0x0000000001E10000-0x0000000001E77000-memory.dmp
memory/2196-13-0x0000000000400000-0x00000000004F9000-memory.dmp
\Windows\System32\alg.exe
| MD5 | fc9592b846371479490c43d845faffbc |
| SHA1 | 868de2bbf1c55fe167504b798cc04cd8634164e2 |
| SHA256 | 1c9dc60ad30bfda6add2c83880530daa6d02e3cf0cd7d3fa637f09323e4ee646 |
| SHA512 | 7aa0d20cdd9966ddfac7d86295d1efd1a700cacbe91f15706832717cf157e9d125331b382049b1fec6e49dc54e7aa9a38bfc02e43cac704c8056fa115a0ceac5 |
memory/2688-16-0x0000000100000000-0x00000001000A4000-memory.dmp
memory/2688-17-0x0000000000930000-0x0000000000990000-memory.dmp
memory/2688-25-0x0000000000930000-0x0000000000990000-memory.dmp
\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
| MD5 | da1ee19646b552ca0e9f78f3f72660ca |
| SHA1 | ab60c068e4e72f3fa009e851553143ab50b983b3 |
| SHA256 | 92e6d705cd233bcb0640a6a7f1fa2e33bf5f1565b9f7032ecd5312069c22707b |
| SHA512 | 866f3f630545f80922268388e3e774c674a3ad0971881d9643e10578d5af1b352405c450f6abedb5d6bb105816825ded35ed7c6ded94678efa517460fb3e2cf1 |
memory/2860-30-0x0000000140000000-0x000000014009D000-memory.dmp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
| MD5 | db61b7ddced8421de33efeec2e9440f7 |
| SHA1 | 2a588386d524ad1bf57dfd0341b7c44a9af4e7a0 |
| SHA256 | 54b63ec9dbe0d1f5a6504b68d2d24e9ef14cef0498d4a30e2b327a3d79d96881 |
| SHA512 | 7585af38f7e4bad37285fdb89e6dd4797f979851586154b37094be855aa152b0d9ae9ce96d06cfc1c5f47918f4e574bdc037847458b188e87a06123992f2e8bd |
memory/2544-33-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2544-41-0x0000000000370000-0x00000000003D7000-memory.dmp
memory/2544-34-0x0000000000370000-0x00000000003D7000-memory.dmp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
| MD5 | 6ec9b47bed71e7b5f61734b60dc164f8 |
| SHA1 | 9d20fffe02d64fcf7b3d1ddd34cb5f5d472abf0f |
| SHA256 | 00a1d630b70b0d8ff236329a51cdcb1022da6bb4188b310aac715b0dbf0d213a |
| SHA512 | 2150c73cc6c421141d1541ab6716d3c164acde82744f03caf9ba6c9526379389cb92bc5e851b1caaada276a44009d290b153a13695bd67e5a8ae4513abf5f91c |
memory/2988-47-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/2988-48-0x0000000000420000-0x0000000000480000-memory.dmp
memory/2988-54-0x0000000000420000-0x0000000000480000-memory.dmp
memory/2988-55-0x0000000000420000-0x0000000000480000-memory.dmp
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
| MD5 | d3f2bbc2df136fa3929decca1f49c3c5 |
| SHA1 | ea6cbdc903cd82307721ff5dca0887494a72c207 |
| SHA256 | c2070e8f1d3fc8ae8a0c7a00a1769a050b3e21a0ce475415f4cbfaeda48e3b21 |
| SHA512 | 058f1a2cfc762f575420a75b6fd84aa39f6df7d346cccec82e3a3d9522589683fea2215a3e8204a460eedeffa2054027e887bea67b40043b33c34b0d780545b2 |
memory/2372-64-0x00000000008A0000-0x0000000000900000-memory.dmp
memory/2372-72-0x0000000140000000-0x0000000140237000-memory.dmp
memory/2372-70-0x00000000008A0000-0x0000000000900000-memory.dmp
memory/772-80-0x0000000000740000-0x00000000007A7000-memory.dmp
memory/772-75-0x0000000000740000-0x00000000007A7000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
| MD5 | 8030b54d2453697ae758164b38164104 |
| SHA1 | 0394532688b2ccda18fea0926e48c1fa89ecac0d |
| SHA256 | ba681a26685600c93baa545344fa2c064c80ec2627e4cd4bcaee74d3ea0b4c86 |
| SHA512 | a95503622d32b2115feba874e5983b9f9bd8a984daebc90aee5d68a71862316264991c65447391b33a85373d065d16fa67aad021fb890c60be376ff8214d8377 |
memory/772-83-0x000000002E000000-0x000000002FE1E000-memory.dmp
memory/1164-85-0x0000000000FC0000-0x0000000001020000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | cfb5ea1f9caa18406eefd0699b4ccdeb |
| SHA1 | ee75939ea67d336dd274281b3221010679faa4d4 |
| SHA256 | 6177381a9a36e8eb18ddff0f798232efe5379b7f967c20caf70ccad49e9afe55 |
| SHA512 | 0397b4e071cb10b69be994bc096a8b5fca378df0359dbb5064fcca31e9dea5eb4ee44fb633fbf490e49e5c94f520f25ba7335e88bf5073dc3bb0f63063c543bf |
memory/1164-96-0x0000000000FC0000-0x0000000001020000-memory.dmp
memory/1164-97-0x0000000140000000-0x00000001400CA000-memory.dmp
memory/1164-93-0x0000000140000000-0x00000001400CA000-memory.dmp
memory/1164-91-0x0000000000FC0000-0x0000000001020000-memory.dmp
C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 115421dec53deee93326b16ff617bf59 |
| SHA1 | 9dd570a82161f7ff73dded895a7d4ded5480fcba |
| SHA256 | 6c2a68b3579b6591d070e5baa5ee8a9a3762cf0ef7ce7b00a691e2b81e991d2e |
| SHA512 | 509aa993a22af959189ac335659b45138021954c214885dfb5afb670e40e641bf3ecba853ed562ac3d8c26e6a6cb3c848bc27b0cf575cff7bcf9e59e1bf40320 |
memory/536-106-0x00000000005C0000-0x0000000000627000-memory.dmp
memory/536-101-0x00000000005C0000-0x0000000000627000-memory.dmp
memory/2688-100-0x0000000100000000-0x00000001000A4000-memory.dmp
memory/536-108-0x000000002E000000-0x000000002E0B5000-memory.dmp
memory/2860-210-0x0000000140000000-0x000000014009D000-memory.dmp
memory/2544-261-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2988-265-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/2676-275-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/2372-287-0x0000000140000000-0x0000000140237000-memory.dmp
memory/2676-290-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/2704-291-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/2704-294-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/772-305-0x000000002E000000-0x000000002FE1E000-memory.dmp
memory/2596-306-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2216-315-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2596-320-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1060-324-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/536-323-0x000000002E000000-0x000000002E0B5000-memory.dmp
memory/2216-333-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/788-338-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1060-337-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/788-349-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1944-365-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/552-368-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1944-372-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1988-389-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2516-391-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/644-394-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1988-397-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/644-414-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2884-426-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2272-417-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2272-438-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1728-436-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1728-442-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2252-453-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2252-473-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1916-470-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2684-461-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1916-474-0x0000000003C40000-0x0000000003CFA000-memory.dmp
memory/1916-485-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/484-494-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2040-508-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2144-506-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2144-517-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/916-528-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2400-531-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/916-535-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/2424-554-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1912-551-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/1912-558-0x0000000000400000-0x00000000004A8000-memory.dmp
memory/408-568-0x0000000000400000-0x00000000004A8000-memory.dmp
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 2fd74ebe71b2be7562964aa22d083d79 |
| SHA1 | eb620fafc4eb2694babe667fcd1e110e119b02b9 |
| SHA256 | c6fb8d57f59d9d5329263962a5113653b9fdf6dd37632851e94d2ce439bda1df |
| SHA512 | abbd98c921997902f9b4dbab5a870eec4c0ceeeeb6d4843587648667799a0b93ff30f0e3a5d11cdc19acc37983128e3b41444d4504e800118a4e5624039d38e5 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d8af74184cc798ea45499830192808e |
| SHA1 | f71229545f89809d3e624746b022cbfda5b26792 |
| SHA256 | f81248a2efbfebe40f05215cac171b07ab6c5a9736cf386f00ccb12918c80a7c |
| SHA512 | e70e6bf00896648ff6eb7543ee80e29dd857a5e835f35f7012609d7dd20d954b60dab518e17e6eec4d36612ac33ad33218a3e26f27801ccd6a4c9ff9982c9455 |
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
| MD5 | 7f8c46570c6b633b6e9dd28e7dd14279 |
| SHA1 | 5c144c13b482046ca58ad51e8194712424639d1b |
| SHA256 | 72e19d6e7a5d3d3b04d9f5c4c5f31aa64b3a11dfd2b2c87222baf855aa35d557 |
| SHA512 | 03abe9070daa326bbfb2ac909a5d54ffeda5c6b0d38e9e6db991eefee6d5d307c030f23532f2ab5f9b59be9fd7d7f77360f66efe0930d48663f1ffdb3381529e |
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE
| MD5 | 1a8115e37a53790b3b23f2a1a1406880 |
| SHA1 | 14a859f1120c805a0dba5985246cfe53575578a8 |
| SHA256 | a3a6bf77d5cdd087cbbdc4a100a520ae2ab5383b243ff9b2a1022c1aafeaabac |
| SHA512 | 336ba726aba3e8d6c45207ec00c8d042b2122c7dba202521db076db0632d33acf84c726ed15fcba6b14ce92d86e9e3773780bab0317ac59ee08314e62dab8c6b |
C:\Program Files\7-Zip\7zG.exe
| MD5 | f4619be7859d4f1904356aaaf22cae12 |
| SHA1 | 384d3673853bf906fb3676428c7c55a29fcdcbb8 |
| SHA256 | 7fe522f54eefa28546aab29a2a5d80bd5b2afb7b2a76682691fe61909212b125 |
| SHA512 | 5d62404204a9d9591f34f45cd6bcde5acefa5d4c400940b31c32f14bd64e7affda945a87263d7f7ead7b029e21d79d0678c63b2af9c31ca0946f4f9201f1989d |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
| MD5 | 7581d7ee14254fe3f2175260823a8b35 |
| SHA1 | 58b45f0bb29c49392dafc445e3fcdbc46d83289d |
| SHA256 | d58a80ae1e82fc445b6d01dab25f94c5f52428cfbc4b08b131cccfddbee0eb71 |
| SHA512 | 25101e60bed6dc255c58677993a7081a3ac7098412c8d340458ec8ff95a2c82190c0a402d01409217f07e040dd94e99a9854245636d1db4c47f97a6934105744 |
C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe
| MD5 | fe3d2d57dec47a742b7b73329e06123c |
| SHA1 | d1369a324374e61d7a876f4cf538f826e4491931 |
| SHA256 | d34481bef387f7ee93539e7ec0aaf4e2c58190995302a015f371ddc4cc1643fa |
| SHA512 | 6c577c1254ba5d936e50c7d05f2b565378f7169f81bfa67bdd990d8e9bc96ea387b540fda4d2813504c2f5bafa65c6b183bf322501824e4336f54e79ca8036c5 |
C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe
| MD5 | a1e0a7639571597a3d0d5a8dcb0a58d0 |
| SHA1 | d5600fb78abde9bdadbcd374f4091dd89d11c24a |
| SHA256 | bd35c50b504871735452114a6777c7bba310e2b884b113062f071321ebc91725 |
| SHA512 | c65b63811c36205b56c627193ca1ec556f5c2662943c5cf767a18ced8a5154d3553e226cd7ca1289db9e22c09136a79400913242b9561f1ddc07c042fddc0912 |
C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe
| MD5 | 2077cc05467b36ee39185a11b4f8dbb6 |
| SHA1 | 56ba6e8fae68426fca779a69ab4ca2a4c90299e3 |
| SHA256 | cad7a83aeb6cfaa5eac5e0eeef8dcfbbe7e8975c27564a96949bdec813258a86 |
| SHA512 | 6d29a8c450dea7ed11336c8693d9d333dc44a40cd862e1119b6770d22a65e9fd7f888b7c144a5ce149afacd3142752498126221fabe280d8ddf9a23d109f6b69 |
C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe
| MD5 | 638f0e4a996292762e9feda4cffe16f9 |
| SHA1 | 33e8f4b564932b01c39fbd0f1088433863f9187d |
| SHA256 | 69ec8b057ce3a5d2694f50840a5495bec072593d87895777893ec97234b4b358 |
| SHA512 | 367514cda9c075f57765d2a338ed16a4641e9c92f7d8dd78bb1b0a10e5de02d38ade211039481d0d749bb3c06580b6282d519dee560be75cb584247d8326d9b7 |
C:\Program Files\Java\jdk1.7.0_80\bin\java.exe
| MD5 | 84c202dc72e422e1ee47bac99774ee9e |
| SHA1 | a41bfda6085b6eb9d533d4a939d2e42f90e2e479 |
| SHA256 | fbf40c86daa37281c658e42b2813e1cc051e156e398ed12c9fb355afbb3e3fe5 |
| SHA512 | 82d8a5b3c73a8c032d4f9c5643e9a9af09a3244c429f385775d134b331c6d9bdb62d9113834f8365d88809cefee78681b3e22c251a26da1fb12f3e0d58af35f9 |
C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe
| MD5 | ff520e1a805bf02bee84e21ee926681b |
| SHA1 | 321b49f1c4c2e0288ec129862e6c23d79ced673e |
| SHA256 | cf2ee8d083664c02142d13d609fa5e6369b354b578d82b6747a42f327f882f0c |
| SHA512 | e08b98d2459ee75db8014214470c6a874c3db661bbcdeb307a8b6af3c395e5eeab3fa3e9e664ee61dc2492c2e1f779d01228479da0232148cda62aba2445ac6c |
C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe
| MD5 | ff29fa4fea4dfc0ac229109ce5cd7161 |
| SHA1 | 3c9e8622f8eb1c9b848a9330d00134eadc009a56 |
| SHA256 | 0abb7398fd5945d643f50819b032c96f6f2bde84ae065b6805c8e9b61dc8ec45 |
| SHA512 | eefcb87fd4693afe2446469269c725540beb3a7df24ba3022c88b5b13518c8436f38572e66e4762fa90d6aecfc66b16e668a9ded5417eced3d92f4af0e5b0470 |
C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe
| MD5 | 9aaea66d5cf9fa7bb3ad75abbaa96842 |
| SHA1 | 5d0251cbf45a24d8e524e36f3a3208566eb331d0 |
| SHA256 | b22e00a02f14bb5a26c3bf6a8040f65f48b1eaabee2c2898b2b331364bb2a41f |
| SHA512 | 9b76742909e7fc1ff6ba339f84610a3190672bcd50c6c12628a070f05a013d357bb3e097991a668cb996ef1845ec5ff17973d7c97d21953d7462244f89136008 |
C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe
| MD5 | e9d6bf8e76fb78f0fc88328306c56120 |
| SHA1 | 7412c701da2c0b45d7ee66f4d60e0c3888ada964 |
| SHA256 | c6533e1265608eb9bef22e4c111e1e813c82f54c22591a4f532fb00693bd3417 |
| SHA512 | 2f4c4bbdd232472cfce0250f12eb55de547df3e17d83e8b9a82ac8efdcbd94d2e6ae6f38d23a8c2b70be1a3bfd6a0e4237c66dfcad910803e51ae419436e3935 |
C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe
| MD5 | ebaadac22b7fe3f7f05f02dd946d05e3 |
| SHA1 | 5e70d25549e4996efb913b3939fc6bd02f1ee243 |
| SHA256 | e9f93c2234a1f8f959cc3c874963a6c7120b060c93589e0b5e5c57d3cbed5167 |
| SHA512 | ea4f68ce17a0588536323b597e09be04877cd10edbb9af282b7ced7c54792a86dbae18b868631e1c564c53afec206410fbb437557bfefc3e68814f877732d217 |
C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe
| MD5 | 5c5530343b48b1c62457edf887f83ccf |
| SHA1 | 22103b5ca4d8d061eff394d290377c74121c8e97 |
| SHA256 | b2d7f0e049fe3b08d1ec26c2e9d30e625e25a174b4a4ae5f3238f2c0819a2ee0 |
| SHA512 | bff0288d1613994c0c857d27d4b5dfb1f0b8eb22012c7a2d21690bd72286898019e5749231472434640328ce2a4ccbebfc5e413fd717ad95d3bf4e2e7d4ba7b4 |
C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe
| MD5 | 1ccaa8e5cc6ed6872112dae35f22726c |
| SHA1 | a1cf18262da8dfe744ddc0f655d4f3bc1e4a1ee6 |
| SHA256 | e0edd65d3e053a8959ab03538d8e79371a6f861eb9eaf70a84662e1c44429895 |
| SHA512 | 394cfe12e356325763d81964ee1f2f7703a731c4b2e947f2e3303fc81058c5e944627d45780af70c737a301de2702d64f78d7173a5f7aee96426b5e2942989e2 |
C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe
| MD5 | 89405df49259cf16ac26191159aa6404 |
| SHA1 | 2ba276e7b670970bbf84d518d0aaa54e8254eaea |
| SHA256 | b422d2a040ced87b3619c9102676b6f091e43353c426e51c779d83197dbb597a |
| SHA512 | 53779995dbf15985f13914cc8d6a8d4135215243f1cad8feaf51eccc6d607408d8d5adfdd6c72acbd378b5d5eb6858ce916e4054b91f2e7de9300ae448a03b38 |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | bfa4051d03c63299efda4889a5d2391e |
| SHA1 | 08b222fc4ef34c12b27ee1b6ab8f00e5e652bf16 |
| SHA256 | 0f69d5fade3ff5db7731315c3be5fd93e4a5ec2539a3b38ff68408fd0e7403f8 |
| SHA512 | 570e494e6527dd733637b58f349d21dd0aac23fd8ce43ad73edb877ef0ddb6d3e1f6e5a3dc585e4e9d25ce7a8511a39c374314aeaf31337b718c543828149e72 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
| MD5 | 2d62107789b1d69de2cd44116914d52a |
| SHA1 | f9863266a1c3b00a4d4ea871b9a3e5030051e7fb |
| SHA256 | ff6e5832dc87ebbaff93b0cf16f3d14484f2303d3297a8daeaff9ac3909844e2 |
| SHA512 | 688072e8448d2659d3edecfd75cbba825d4e8b2b4659cc0411ded29d52a8c225e07110e10a40701fe0b345a709e2f2adf5f38bca50ea5b2cecce6030a174693b |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
| MD5 | f6f775035e8bee466e6d40c5981a8984 |
| SHA1 | 754647c4a94b16eb0c9aad7a317d89f37057b7aa |
| SHA256 | 75b5c43f5367f809feedbea0e9b705eb8902559da045c7f2950daf33d51dcbd0 |
| SHA512 | dda85b195eaf68dd42673ce0e170ffb4be7a0b2017184877d7df598b09acb296bec336ab90861f50a4816faf5aa6b1383dd58debe823e499b0dd779554849511 |
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
| MD5 | 9a99a27d6328ea5485099ad0c71b6f76 |
| SHA1 | 084770f2373a958ece442d3f229003e40216f8d8 |
| SHA256 | ee8ee2c1e59d5c9f874b93d41350176e36edbd3380c81cf4f2e62f1fca592e27 |
| SHA512 | ad0364342f5afbd84410e14bbff142e7eb52ce2ac4debbcfcc930d74d1410f4eca654d13bd27d512498d4b2ec4915351f3e0caa54197f0dfd36e482d5d7c59eb |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 83f9072cea02ec2585258bf6b1466f7b |
| SHA1 | 64191c91eb3d8f00b8750b8dff8bf59750c6cbe5 |
| SHA256 | 12bcb94c4b91852aab9b8f7cc8ab6c7152fcec98c99149de131a7c20f0fbd4e5 |
| SHA512 | 53df161e0084c7c9ab01c953ade4e61cc235014f49c8178d0680539796c00e253c20f4417b2f8147727c0a7517d0429d500ff202b2c94e98aec4de71165a96bd |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 6e725c5b0b3798240df2c8b9f61a2519 |
| SHA1 | eb47f986c4bf4b3278e6c9567a10278b1be6e3ef |
| SHA256 | fda57f4dd53e2de70e60fdf769290bb79fa90c35b2bbfbb6f44564dc21fa1b2a |
| SHA512 | f077f7b59e8ea9289d8362531d421fc9be5fe2fa51105562c6751c91c6bb3e7b5e9fa788d21d926a99bdf0e9328e8478712932ddd3f0e9910570b1e4382eae53 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 2fc506624320c7fbaedbb74ea1ee6da9 |
| SHA1 | 25d8c3b9c895bfbc0b0fa04254102233eff6faaa |
| SHA256 | 9bcbcb88373cf7affbd2a172cfb5dc740c77e1b3fb50d1262fbf68bd3bf02b50 |
| SHA512 | fbaf9b6d219fb78e73850efd39f2ad07ca3af8453e3112159e766b03cca1938120022e7b8052059d99788179167e24a197d0c3fac0b97557f38fc43cda18df8c |
memory/732-613-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/2684-612-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/732-624-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/3064-631-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/2144-645-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/2144-646-0x0000000001B00000-0x0000000001B0E000-memory.dmp
memory/3064-644-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/2144-647-0x0000000001B40000-0x0000000001B4C000-memory.dmp
memory/2144-648-0x000000001ACF0000-0x000000001AD38000-memory.dmp
memory/2144-649-0x0000000001B60000-0x0000000001B76000-memory.dmp
memory/2144-652-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/1684-659-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/1684-663-0x0000000001980000-0x000000000198E000-memory.dmp
memory/1684-666-0x0000000001BB0000-0x0000000001BC6000-memory.dmp
memory/1684-665-0x0000000001B60000-0x0000000001BA8000-memory.dmp
memory/1684-664-0x0000000001B50000-0x0000000001B5C000-memory.dmp
memory/1684-668-0x000000001AED0000-0x000000001AEDE000-memory.dmp
memory/1684-669-0x000000001AED0000-0x000000001AEDE000-memory.dmp
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\bd1950e68286b869edc77261e0821c93\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
| MD5 | 5180107f98e16bdca63e67e7e3169d22 |
| SHA1 | dd2e82756dcda2f5a82125c4d743b4349955068d |
| SHA256 | d0658cbf473ef3666c758d28a1c4bcdcb25b2e515ad5251127d0906e65938f01 |
| SHA512 | 27d785971c28181cf9115ab14de066931c4d81f8d357ea8b9eabfe0f70bd5848023b69948ac6a586989e892bcde40999f8895a0bd2e7a28bac7f2fa64bb22363 |
memory/2892-688-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/1684-687-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/2892-689-0x0000000001880000-0x0000000001898000-memory.dmp
memory/2892-690-0x00000000018E0000-0x00000000018EE000-memory.dmp
memory/2892-691-0x0000000001A00000-0x0000000001A1A000-memory.dmp
memory/2892-692-0x0000000001A20000-0x0000000001A3E000-memory.dmp
memory/2892-695-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/644-704-0x0000000140000000-0x00000001400AE000-memory.dmp
memory/644-706-0x0000000001990000-0x00000000019A8000-memory.dmp
memory/644-707-0x000000001ACD0000-0x000000001ACDC000-memory.dmp
memory/644-708-0x000000001ACE0000-0x000000001ACEE000-memory.dmp
memory/644-709-0x000000001ACF0000-0x000000001AD06000-memory.dmp
memory/644-710-0x000000001AD10000-0x000000001AD58000-memory.dmp
memory/644-711-0x000000001AD60000-0x000000001AD7A000-memory.dmp
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\dbe51d156773fefd09c7a52feeb8ff79\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
| MD5 | 5fd34a21f44ccbeda1bf502aa162a96a |
| SHA1 | 1f3b1286c01dea47be5e65cb72956a2355e1ae5e |
| SHA256 | 5d88539a1b7be77e11fe33572606c1093c54a80eea8bd3662f2ef5078a35ce01 |
| SHA512 | 58c3904cd1a06fbd3a432b3b927e189a744282cc105eda6f0d7f406971ccbc942c7403c2dcbb2d042981cf53419ca5e2cf4d9f57175e45cc5c484b0c121bb125 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen_service.log
| MD5 | f45fe893f6112df096b5135db463b0c7 |
| SHA1 | 578364765b0eaa1c2093391a3226af809fd0f72d |
| SHA256 | 11993b769af8fdfd0be517db8a1f9481fc264956d35ad210ceaf20c9bcddd676 |
| SHA512 | f2ca7c48d50b33a3235a503f0ef5fa34aac32a450d68b296f05dbe204d602922f6db7e42b5fb07a4601182299a53480b620c3a61d03de2c91e4bd251b8cc53fb |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\06216e3a9e4ca262bc1e9a3818ced7fe\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
| MD5 | 3d6987fc36386537669f2450761cdd9d |
| SHA1 | 7a35de593dce75d1cb6a50c68c96f200a93eb0c9 |
| SHA256 | 34c0302fcf7d2237f914aaa484b24f5a222745f21f5b5806b9c519538665d9cb |
| SHA512 | 1d74371f0b6c68ead18b083c08b7e44fcaf930a16e0641ad6cd8d8defb4bde838377741e5b827f7f05d4f0ad4550b509ba6dff787f51fc6830d8f2c88dbf0e11 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\a58534126a42a5dbdef4573bac06c734\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
| MD5 | a8b651d9ae89d5e790ab8357edebbffe |
| SHA1 | 500cff2ba14e4c86c25c045a51aec8aa6e62d796 |
| SHA256 | 1c8239c49fb10c715b52e60afd0e6668592806ef447ad0c52599231f995a95d7 |
| SHA512 | b4d87ee520353113bb5cf242a855057627fde9f79b74031ba11d5feee1a371612154940037954cd1e411da0c102f616be72617a583512420fd1fc743541a10ce |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\82425dbc07ec64ab599534080b6fbc08\Microsoft.Office.Tools.v9.0.ni.dll
| MD5 | 4bbf44ea6ee52d7af8e58ea9c0caa120 |
| SHA1 | f7dcafcf850b4081b61ec7d313d7ec35d6ac66d2 |
| SHA256 | c89c478c2d7134cd28b3d28d4216ad6aa41de3edd9d87a227ec19cf1cbf3fb08 |
| SHA512 | c82356750a03bd6f92f03c67acdd5e1085fbd70533a8b314ae54676f37762d9ca5fa91574529b147d3e1c983bf042106b75f41206f5ddc37094a5e1c327c0fd3 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\77f00d3b4d847c1dd38a1c69e4ef5cb1\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
| MD5 | ed5c3f3402e320a8b4c6a33245a687d1 |
| SHA1 | 4da11c966616583a817e98f7ee6fce6cde381dae |
| SHA256 | b58d8890d884e60af0124555472e23dee55905e678ec9506a3fbe00fffab0a88 |
| SHA512 | d664b1f9f37c50d0e730a25ff7b79618f1ca99a0f1df0b32a4c82c95b2d15b6ef04ce5560db7407c6c3d2dff70514dac77cb0598f6d32b25362ae83fedb2bc2a |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\369a81b278211f8d96a305e918172713\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
| MD5 | 9d9305a1998234e5a8f7047e1d8c0efe |
| SHA1 | ba7e589d4943cd4fc9f26c55e83c77559e7337a8 |
| SHA256 | 469ff9727392795925c7fe5625afcf508ba07e145c7940e4a12dbd6f14afc268 |
| SHA512 | 58b8cc718ae1a72a9d596f7779aeb0d5492a19e5d668828fd6cff1aa37181cc62878799b4c97beec9c71c67a0c215162ff544b2417f6017cd892a1ce64f7878c |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\fe8d06712eb58d0150803744020b072a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
| MD5 | dd1dfa421035fdfb6fd96d301a8c3d96 |
| SHA1 | d535030ad8d53d57f45bc14c7c7b69efd929efb3 |
| SHA256 | f71293fe6cf29af54d61bd2070df0a5ff17a661baf1b0b6c1d3393fd23ccd30c |
| SHA512 | 8e0f2bee9801a4eba974132811d7274e52e6e17ccd60e8b3f74959994f007bdb0c60eb9facb6321c0fdfbcc44e9a77d8c5c776d998ccce256fa864338a6f63b1 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\6e100177db1ef25970ca4a9eba03c352\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
| MD5 | 57b601497b76f8cd4f0486d8c8bf918e |
| SHA1 | da797c446d4ca5a328f6322219f14efe90a5be54 |
| SHA256 | 1380d349abb6d461254118591637c8198859d8aadfdb098b8d532fdc4d776e2d |
| SHA512 | 1347793a9dbff305975f4717afa9ee56443bc48586d35a64e8a375535fa9e0f6333e13c2267d5dbb7fe868aa863b23034a2e655dcd68b59dca75f17a4cbc1850 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP55AF.tmp\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll
| MD5 | 68c51bcdc03e97a119431061273f045a |
| SHA1 | 6ecba97b7be73bf465adf3aa1d6798fedcc1e435 |
| SHA256 | 4a3aa6bd2a02778759886aaa884d1e8e4a089a1e0578c973fcb4fc885901ebaf |
| SHA512 | d71d6275c6f389f6b7becb54cb489da149f614454ae739e95c33a32ed805820bef14c98724882c4ebb51b4705f41b3cdb5a8ed134411011087774cac6e9d23e8 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\077a55be734d6ef6e2de59fa7325dac5\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
| MD5 | 0a41e63195a60814fe770be368b4992f |
| SHA1 | d826fd4e4d1c9256abd6c59ce8adb6074958a3e7 |
| SHA256 | 4a8ccb522a4076bcd5f217437c195b43914ea26da18096695ee689355e2740e1 |
| SHA512 | 1c916165eb5a2e30d4c6a67f2023ab5df4e393e22d9d8123aa5b9b8522fdb5dfe539bcb772a6e55219b23d865ee1438d066e78f0cb138a4a61cc2a1cecf54728 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9e076728e51ab285a8bc0f0b0a226e2c\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
| MD5 | 2eeeff61d87428ae7a2e651822adfdc4 |
| SHA1 | 66f3811045a785626e6e1ea7bab7e42262f4c4c1 |
| SHA256 | 37f2ee9f8794df6d51a678c62b4838463a724fdf1bd65277cd41feaf2e6c9047 |
| SHA512 | cadf3a04aa6dc2b6b781c292d73e195be5032b755616f4b49c6bdde8b3ae297519fc255b0a46280b60aaf45d4dedb9b828d33f1400792b87074f01bbab19e41a |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\3196f0cef9dc24f481ad979b12f9abb0\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
| MD5 | 327f82792e61754cdcb759a0c368736b |
| SHA1 | cd169fdf575c6d0bee7da9e4672e5d30bf88ffb7 |
| SHA256 | ed660be2ee7cd7785e4bce914a4dd6be23d5cfb78a14ea193b6e5bc0f6150294 |
| SHA512 | 291058355718ed7679ad98bd15c17dc14ae11a1c85a04ebf1cc6ed02a849f5ad39b15f795d0e7f0e1ab96f696f9c1d25f0dd0dc83e4bbb32401d0d59e2dc7b39 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\a19b457dde967e98f05ac535ce71f2d5\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
| MD5 | 4ac4744705593288f8081e9c339a1d55 |
| SHA1 | f5004d88e77fc91589410a24e42b2c37485bd79b |
| SHA256 | 659aa61ff66a9aeb658cf5cafe12aad0f686cb607e991dcf0f7fba94c9fdd87a |
| SHA512 | b15c9273158d922a1259a6e31d8fa7916cfaaa41468f296a6eca8208e0f41bee609ea3a90722af240eca97bbbeea1c8684d4ab44ac6c56eecb75973e253a74ed |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\f264423aeb91ae221406e38d028ca1f2\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
| MD5 | 7b577042eda83600b459b6dea81d522e |
| SHA1 | 456ebbc50e7b07078e97d43d3e7f29c7c05dbdc2 |
| SHA256 | 6c9cc9cec9a5b435c9cf051882597fb79c845ba3a8c77023a9b6f3e63051276b |
| SHA512 | dda70e794f09e6eb7a9f49809719995fe1d6f0742edd28ebb652cd6fee011f2f651fdbc04884a9c010bf0aa7edd7221ebb105d9be980b4bc8a79def1c7a83238 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d6fae6ddc489f36d0170d8891bcf0467\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
| MD5 | 7aec4f2be0ea84e8fc1aef1fba10c9e3 |
| SHA1 | 221fda9ea8453cfeab5607dd85e5778e16708f37 |
| SHA256 | bb278f7cfbf21ce6b50276d93c891fe244e4f4dca6b4e8521f4952a58c2280ec |
| SHA512 | e8feeab6640c5b61badb2517511b1377388cc3300a8795a2590ea8827c2e0cceee7c12b393a823587a8d5a7364a6b2ea42deea47fb88b1877ca16db2f7631c0e |
C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\11d57f5c033326954c0bc4f0b2680812\ehiVidCtl.ni.dll
| MD5 | 10b5a285eafccdd35390bb49861657e7 |
| SHA1 | 62c05a4380e68418463529298058f3d2de19660d |
| SHA256 | 5f3bb3296ab50050e6b4ea7e95caa937720689db735c70309e5603a778be3a9a |
| SHA512 | 19ff9ac75f80814ed5124adc25fc2a6d1d7b825c770e1edb8f5b6990e44f9d2d0c1c0ed75b984e729709d603350055e5a543993a80033367810c417864df1452 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\stdole\70f1aed4a280583cbd09e0f5d9bbc1f5\stdole.ni.dll
| MD5 | 1f394b5ca6924de6d9dbfb0e90ea50ef |
| SHA1 | 4e2caa5e98531c6fbf5728f4ae4d90a1ad150920 |
| SHA256 | 9db0e4933b95ad289129c91cd9e14a0c530f42b55e8c92dc8c881bc3dd40b998 |
| SHA512 | e27ea0f7b59d41a85547d607ae3c05f32ce19fa5d008c8eaf11d0c253a73af3cfa6df25e3ee7f3920cd775e1a3a2db934e5891b4aafd4270d65a727b439f7476 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\ee22f412f6314443add3ca412afd6569\ehiActivScp.ni.dll
| MD5 | 929653b5b019b4555b25d55e6bf9987b |
| SHA1 | 993844805819ee445ff8136ee38c1aee70de3180 |
| SHA256 | 2766353ca5c6a87169474692562282005905f1ca82eaa08e08223fc084dbb9a2 |
| SHA512 | effc809cca6170575efa7b4b23af9c49712ee9a7aaffd8f3a954c2d293be5be2cf3c388df4af2043f82b9b2ea041acdbb9d7ddd99a2fc744cce95cf4d820d013 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\a46df77acafec60e31859608625e6354\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
| MD5 | d9c0055c0c93a681947027f5282d5dcd |
| SHA1 | 9bd104f4d6bd68d09ae2a55b1ffc30673850780f |
| SHA256 | dc7eb30a161a2f747238c8621adb963b50227a596d802b5f9110650357f7f7ed |
| SHA512 | 5404050caa320cdb48a6ccd34282c12788ee8db4e00397dde936cee00e297e9e438dcaa5fcb4e92525f167637b500db074ac91971d4730d222ac4713a3e7b930 |
C:\Windows\Temp\Cab8305.tmp
| MD5 | d59a6b36c5a94916241a3ead50222b6f |
| SHA1 | e274e9486d318c383bc4b9812844ba56f0cff3c6 |
| SHA256 | a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53 |
| SHA512 | 17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489 |
C:\Windows\Temp\Tar83D2.tmp
| MD5 | b13f51572f55a2d31ed9f266d581e9ea |
| SHA1 | 7eef3111b878e159e520f34410ad87adecf0ca92 |
| SHA256 | 725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15 |
| SHA512 | f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\dd4deeafd891c39e6eb4a2daaafa9124\Microsoft.Office.Tools.Common.v9.0.ni.dll
| MD5 | 598a06ea8f1611a24f86bc0bef0f547e |
| SHA1 | 5a4401a54aa6cd5d8fd883702467879fb5823e37 |
| SHA256 | e55484d4fe504e02cc49fde33622d1a00cdae29266775dcb7c850203d5ed2512 |
| SHA512 | 774e6facd3c56d1c700d9f97ee2e678d06b17e0493e8dc347be22bcba361bd6225caef702e53f0b08cacc9e6a4c4556280b43d96c928642266286f4dec8b5570 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\dc8ba97b4a8deefeb1efac60e1bdb693\Microsoft.Office.Tools.Excel.v9.0.ni.dll
| MD5 | 9958f23efa2a86f8195f11054f94189a |
| SHA1 | 78ec93b44569ea7ebce452765568da5c73511931 |
| SHA256 | 3235e629454949220524dd976bec494f7cc4c9abeaf3ee63fc430cbe4fbcf7b6 |
| SHA512 | 3061f8de0abf4b2b37fbc5b930663414499fb6127e2892fe0a0f3dfba6da3927e6caa7bcba31d05faee717d271ecf277607070452701a140dc7d3d4b8d0bfeb1 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\6337d25ea4dd40045a047cb662ee4394\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
| MD5 | 0a4ed78b7995d94fa42379f84cd5f8e9 |
| SHA1 | 90ba188fe0ebd38ad225e7ce3a24dd9b6b68056b |
| SHA256 | 0a75d0d332692cc36d539abdd36f3ff5ef2ab786a9404548ca6c98fd566c4d86 |
| SHA512 | 86ac346de836aa6dd7e017ff4329803c9165758dcfe3aa1881e46ca73e15e6cdb269fcc5b082d717774666f9bc40051a47b5261bfe73901804eb4b0bfacd1184 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\11940d5133d63001fa4499c315655e15\Microsoft.Office.Tools.Word.v9.0.ni.dll
| MD5 | 7835e60e560a49049ae728698da3d301 |
| SHA1 | 87b357b1b3c9a2ad2f3b89b10a42af021ab76afe |
| SHA256 | df34cbc18c66aa387324c45196d71ebe7c91a83fbbdc91766f9f47330a0cb2fa |
| SHA512 | b95c33a2746a331e4416f7449c8ab613ba16c716a449e446d825f34dfaf754ea7562bf77cf5a73a78599e0b67a3a697437baa9aa516e40e06981693c8ea5b993 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\585e8f83eff436c8156f071e8f2bdaa0\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
| MD5 | 04a6857c04546270358d14398fde209e |
| SHA1 | 596a3e11ac6c303c679edfd6c30aa71e8eaf8a23 |
| SHA256 | 8eb8d5e0c2097d6fdae4b58cfde3e1be1dd6e59968891ac6d11efe8adf227285 |
| SHA512 | 4e8bfd6bf9463a004c17a897026bcc1b4edb0764c7e959f09a744d395e9885b24f8e869b78896218ce930562796a3a8e3a7f0a59ba11c8dfa32b0908c5706b22 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\4b363c5e4c1eae1701bf45d167f8658f\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
| MD5 | adc5887e89bc56694a193d92898d3518 |
| SHA1 | 267f14c45a86d50ad627c6cb00626049e9c1ee20 |
| SHA256 | edc77665afe4901d4370c6a4fe7427b235a8b4bbcd58ac41ee72440cf414bb5b |
| SHA512 | bdea1e13b655e62b74f908f1012a746992245ffcebe21bad624e6e051429e8cccf531fc03fa1fc7319bc5c9c6367c261174394f9623a1968c6381d674b341a37 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\a8141e9e81e2c3bbf457e4980d4c2847\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
| MD5 | aae5a97685a809d0a0f661f9319f8a12 |
| SHA1 | b5fdd4ec4cc057fccc868de4f4910be89e23e48a |
| SHA256 | c26eea914017a12af65dc7ebcbbf86d5a620de60f57e3660057163613f2b0233 |
| SHA512 | d95c0635c587fe40e2c33cabf14e2893be49df06aebf2d40f4c0623f649e9abbd73a95cc5e3740db3b15df07406e36b1534781e63ee485e54671cfb21d3317fb |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\6348aa5d2bd39c221a41286e95c18b97\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
| MD5 | 0811b25e0449e04f782127bc6f8ac5e3 |
| SHA1 | dc1766e20ee338b12fa80e3ce0052ef97ddf9e20 |
| SHA256 | 20d8234901a58ec8ec24f2ce7048ac9e1e7381e3eae10cfeb1e002001d2c8b6c |
| SHA512 | a3a07aa4263175688019597b0829b090ad3b8ff43c554b8c89e16b48de86fddab4be6217bce24ccce9cad0c98df1240a7068c8b55778d836c34d5326cbd9c8a6 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\74054b5793bfb8c8c0753b4d4aead8e3\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
| MD5 | b1aa17d171be82960213057ca35815a9 |
| SHA1 | 6c68a8a2c524ddbe04395dfa613378bb311aa314 |
| SHA256 | c632156c276f9189d0f53addcc1043006d86188e3b74d9c4042ab2110b6cfd4e |
| SHA512 | 6f042aec9c74da86d15322d4300d93e4a9e69ad3555b302d42d7629dfa060209898b4569a380e9da1a785ddb53a6e0cc0f7543606f17ee467277990971c2fc1a |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\daa561280ac1119d9c2694442212aaea\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
| MD5 | aefa28d036740086ae52d157f245200a |
| SHA1 | d502f55fa76c3cdb69c8ab97321cd9b9a4b68e55 |
| SHA256 | 75127c1e3a30e544413d7eb24fd726bacf8c3a3951ddba1fc990ad00a7f1cc49 |
| SHA512 | 3943c099644525fc2b3a50f843cc1612a003d4f92a9187b2fcecaaf90b33071bced0db4608a91bb59c6bf5d1f6f4eb158881bf78cced0597b7bc3045d9b66ee3 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\ad7d01564f0056d2476f6ae5d257356b\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.ni.dll
| MD5 | 748bed51a810c033b91c660b5776ab95 |
| SHA1 | ec2616fb01949fb9fe4b0eea707f7095b69aa9e4 |
| SHA256 | 45ee38adadeb1586532e8dd4baba14740ccb0801c2e21318c35268543e0ddef7 |
| SHA512 | dc0cce4c633b8e43d8f6d565fcfc73d79bfea375a79ae5057af6d3cc1b62f929e34c95bcfe2f7d378ec7f421fafdd9ab73cff454df0934e2d2f45a52580e9df0 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\36c5a9d83dfb1b6b1c0202fb505c9daf\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
| MD5 | 78c5a493778f578ef5517fe161162819 |
| SHA1 | faf377bdc739623fb5f111d51af97e8c78f11525 |
| SHA256 | aa332098d4073a4c4a654d16ec5fd0b6e2b1f284890057e164204d756095dd93 |
| SHA512 | 6a905ef75d2eb909cd30c3916110f6b41a849ff4ed9f4c19e4d5f85ccf05d9b9dd009b351003386778801909d2628ce4c6cd9b1a54e3a0cd1ab9c5496f35cf50 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\19c2b79f666960d7a242a04c5d76f114\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll
| MD5 | 4ec89a4e8fe1b5b9916ace8dbabc0418 |
| SHA1 | dafec0baada7f2fa425978a5816fe852053fb1fc |
| SHA256 | 6c4f0f9775fbaf81122cba659cdd5449974810c772d51e152fc20016211988e0 |
| SHA512 | 648704c9808193a045035858b68f7e98981da8c1c98f07e04afacb1b181beeb0bf7df9f42a563636093aff05f01f0c7faacdde0561e9e8776e914611f9f43b34 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\0817dd144bd1703a16af65cf81ef80e6\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
| MD5 | 37c49cf471f7ad881127f9e38bed1a10 |
| SHA1 | 473c3a7a28d138ccfff0d971a1ce9360ab990aba |
| SHA256 | 9ef88d67461f4d91de1e16fab938d5561db9d04898d8776f9e716fdd52f91369 |
| SHA512 | e88e5b3b41b5763ed7de4d3ef40ec77144252c30d8d67f5b387b905026bd856e9d70889ccf9f78b0c0a7b0298ca8afdbaed133675001dc60593c6fbc31e93c47 |
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b22777deb45f6aeebf6bc7753dd76eea\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
| MD5 | 5c35887a0b76108f6fb6daac51256ef5 |
| SHA1 | 3be6ece2f60d205bcb955a5da0aa182d83cc1899 |
| SHA256 | 9f8de356dab305f2be5cf1f75934eb6b87072e1745ab5ee73ab4b319bb9a2b5a |
| SHA512 | 0d1d2e5dd3ec776fab85e8f3b8cde32718bbbb52463c2702a17336326570a2fd624b0e32fd98182bba8c25fdd57ba861edebc1f00cfa66c04ec1c8a6f10fcee3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 23:21
Reported
2024-11-09 23:23
Platform
win10v2004-20241007-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\alg.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| N/A | N/A | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | N/A |
Reads user/profile data of web browsers
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\alg.exe | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\43b6190794857919.bin | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
| File opened for modification | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Windows\system32\AppVClient.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Windows\system32\dllhost.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jmap.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\orbd.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iediagcmd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\orbd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Install\{86586A1C-7EEC-4BB2-AD86-7C1FB3D0D811}\chrome_installer.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ielowutil.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\servertool.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\javacpl.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javapackager.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\pack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jjs.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javaws.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ktab.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\kinit.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javap.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\xjc.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ExtExport.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ssvagent.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jar.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\unpack200.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ieinstal.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File created | C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\javapackager.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\ExtExport.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe | C:\Windows\System32\alg.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\Windows\System32\alg.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
| N/A | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\alg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe
"C:\Users\Admin\AppData\Local\Temp\e7907c187fb3c1829f1c654f1b6a1c1aa5eff54bef709e822b403b537241f283N.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 54.244.188.177:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| SG | 18.141.10.107:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | 177.188.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 54.244.188.177:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.10.141.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 44.221.84.105:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 172.234.222.143:80 | przvgke.biz | tcp |
| US | 172.234.222.143:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | 105.84.221.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| SG | 18.141.10.107:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | 143.222.234.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| SG | 47.129.31.212:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| SG | 13.251.16.150:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | 212.31.129.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 44.221.84.105:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | 150.16.251.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| SG | 18.141.10.107:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 172.234.222.143:80 | fwiwk.biz | tcp |
| US | 172.234.222.143:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 34.246.200.160:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 18.208.156.248:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 208.100.26.245:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| SG | 13.251.16.150:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | 160.200.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.156.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.26.100.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 44.221.84.105:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 54.244.188.177:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 35.164.78.200:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 3.94.10.34:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | 200.78.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.15.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 54.244.188.177:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | 34.10.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.15.160.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.211.97.45:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 54.244.188.177:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| SG | 18.141.10.107:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | 45.97.211.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 18.208.156.248:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 44.221.84.105:80 | jhvzpcfg.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| SG | 18.141.10.107:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 18.246.231.120:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 18.208.156.248:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| SG | 13.251.16.150:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| SG | 13.251.16.150:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | 120.231.246.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.211.97.45:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| SG | 47.129.31.212:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| SG | 13.251.16.150:80 | typgfhb.biz | tcp |
| US | 8.8.8.8:53 | esuzf.biz | udp |
| US | 34.211.97.45:80 | esuzf.biz | tcp |
| US | 8.8.8.8:53 | gvijgjwkh.biz | udp |
| US | 3.94.10.34:80 | gvijgjwkh.biz | tcp |
| US | 8.8.8.8:53 | qpnczch.biz | udp |
| US | 18.246.231.120:80 | qpnczch.biz | tcp |
| US | 8.8.8.8:53 | brsua.biz | udp |
| IE | 3.254.94.185:80 | brsua.biz | tcp |
| US | 8.8.8.8:53 | dlynankz.biz | udp |
| DE | 85.214.228.140:80 | dlynankz.biz | tcp |
| US | 8.8.8.8:53 | oflybfv.biz | udp |
| SG | 47.129.31.212:80 | oflybfv.biz | tcp |
| US | 8.8.8.8:53 | 185.94.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.228.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yhqqc.biz | udp |
| US | 34.211.97.45:80 | yhqqc.biz | tcp |
| US | 8.8.8.8:53 | mnjmhp.biz | udp |
| SG | 47.129.31.212:80 | mnjmhp.biz | tcp |
| US | 8.8.8.8:53 | opowhhece.biz | udp |
| US | 18.208.156.248:80 | opowhhece.biz | tcp |
| US | 8.8.8.8:53 | zjbpaao.biz | udp |
| US | 8.8.8.8:53 | jdhhbs.biz | udp |
| SG | 13.251.16.150:80 | jdhhbs.biz | tcp |
| US | 8.8.8.8:53 | mgmsclkyu.biz | udp |
| IE | 34.246.200.160:80 | mgmsclkyu.biz | tcp |
| US | 8.8.8.8:53 | warkcdu.biz | udp |
| SG | 18.141.10.107:80 | warkcdu.biz | tcp |
| US | 8.8.8.8:53 | gcedd.biz | udp |
| SG | 13.251.16.150:80 | gcedd.biz | tcp |
| US | 8.8.8.8:53 | jwkoeoqns.biz | udp |
| US | 18.208.156.248:80 | jwkoeoqns.biz | tcp |
| US | 8.8.8.8:53 | xccjj.biz | udp |
| US | 18.246.231.120:80 | xccjj.biz | tcp |
| US | 8.8.8.8:53 | hehckyov.biz | udp |
| US | 44.221.84.105:80 | hehckyov.biz | tcp |
| US | 8.8.8.8:53 | rynmcq.biz | udp |
| US | 54.244.188.177:80 | rynmcq.biz | tcp |
| US | 8.8.8.8:53 | uaafd.biz | udp |
| IE | 3.254.94.185:80 | uaafd.biz | tcp |
| US | 8.8.8.8:53 | eufxebus.biz | udp |
| SG | 18.141.10.107:80 | eufxebus.biz | tcp |
| US | 8.8.8.8:53 | pwlqfu.biz | udp |
| IE | 34.246.200.160:80 | pwlqfu.biz | tcp |
| US | 8.8.8.8:53 | rrqafepng.biz | udp |
| SG | 47.129.31.212:80 | rrqafepng.biz | tcp |
Files
memory/2252-0-0x0000000000400000-0x00000000004F9000-memory.dmp
memory/2252-1-0x00000000023A0000-0x0000000002407000-memory.dmp
memory/2252-6-0x00000000023A0000-0x0000000002407000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | f3e8d33da997327c6b9596fd1db3801f |
| SHA1 | 1e63d54d91737b7058646e6773105211f64a60c7 |
| SHA256 | 6e4f28e34f9f396ec94eaec43bf54fe53670bcf72276a4ae9bad51cd54f6d598 |
| SHA512 | fd6e228280c06c6c53a65ca9328b8fec04d33ed26efa18167eaf69efc84413cc3b3624bd3e87d0a251fd4af727c25a8060df04acabaa5052bd89208a196de9c2 |
memory/3468-17-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/3468-11-0x0000000000530000-0x0000000000590000-memory.dmp
memory/3468-20-0x0000000000530000-0x0000000000590000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | 86336f5f56c614bd95430a22a56237aa |
| SHA1 | aad33614860b2cbd0c71bd68f62c0e3b78def5f0 |
| SHA256 | 7d31473e64e3bd0082188ba88d10070a21f6b450c07d29e61de5f8e8ed0877ae |
| SHA512 | 77eaf01de45170edc910e1c659ada504d29424d32722807fa1e0ac35241fa27d7a32c53e30b7cf028803e2e0ccaa06b506dcfd4b93beba9db172cdec22958349 |
memory/3036-25-0x0000000140000000-0x00000001400A9000-memory.dmp
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
| MD5 | e3e4db2c9dfec3ae6de89d08043f7bb6 |
| SHA1 | 447baf799be4862d11afef48150051aed79766a2 |
| SHA256 | 5aef924e15fa7c54790449a25f06d10c594abbdf5d58a7358f1414391375a9ee |
| SHA512 | e514916ab23df7688c1dd0bbbc6105b58a8c9bcd606e45280b909fd15eaa70aab565595eec0af703e51847e181b778b09dd666ffc292e27455c5a69a38c02e88 |
memory/3036-39-0x0000000000690000-0x00000000006F0000-memory.dmp
memory/1172-50-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/1172-49-0x0000000140000000-0x0000000140234000-memory.dmp
memory/1172-41-0x0000000000440000-0x00000000004A0000-memory.dmp
memory/2252-38-0x0000000000400000-0x00000000004F9000-memory.dmp
memory/3036-29-0x0000000000690000-0x00000000006F0000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | f25725d3a1b72b6cc95aebe0dfeaaeff |
| SHA1 | 35f8955bdc190e7ab3ac0218514731cd318f8de6 |
| SHA256 | 66cdd72e2c1a4c8943cabca157a29c703a5b704cc6ade958111b10a309f6960c |
| SHA512 | 79174a117f08fc9120682cc5106e14fe00307c374b4d9c4fd88a3a7db5a35d0aef1b3d5b347bfb03073475b25be38499e9d9daf5365cd1d2f58506573e3f8449 |
memory/2168-53-0x00000000001A0000-0x0000000000200000-memory.dmp
memory/2168-59-0x0000000140000000-0x000000014022B000-memory.dmp
memory/2168-60-0x00000000001A0000-0x0000000000200000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | f029153cc5138562e9919231f74b82fb |
| SHA1 | 31a9aeb72d9e12a3c0635594a02e19f91acc0e6e |
| SHA256 | 13653582c5d91789e0b0c5dedf0d300a6f634c67f297440b2c656a3f71fe4853 |
| SHA512 | 3cc1e5d940a6d775d07226f566531c74f7b2e7010f8b596c67c39b15ca3e31cc38c10a847f4646ec4a86f46fc811f165dd652a9290cc0c185f2ca56c48adbd2b |
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | f5ff7795d804827e315ca6b3a151df64 |
| SHA1 | 225493e0aab22e4a3b29c3319f7d13e2cc15a5ce |
| SHA256 | bd258e0dfec85808805760ffb935b8f89db863cf3eae82efaa5adabdec586914 |
| SHA512 | 92a763c21e89c9254793226db9049344937ed9883f43e80130948c3991262b267d86dc0a74be180f93e4bd2d351fe35652462127caaba5da81267744619c533d |
memory/2848-71-0x0000000001AD0000-0x0000000001B30000-memory.dmp
memory/2848-70-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/2848-74-0x0000000001AD0000-0x0000000001B30000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | e59dd5ef19442353073c610eef43ecf4 |
| SHA1 | 21ef950fde467f481f78989d1b7c80206efc4755 |
| SHA256 | c3d603185411bfe094da9b710994051f1d669a77bca03b837a878697911a5340 |
| SHA512 | 8aa61eeea3c97e7d134dddd13cd525abebaba88d022c90a0efd77110bb76cf59d34136892cefcaba66049d28556ad5b040ef745f0390a5d4d27f2c8fdef6f0ff |
memory/1632-85-0x0000000000420000-0x0000000000480000-memory.dmp
memory/1632-79-0x0000000000420000-0x0000000000480000-memory.dmp
memory/2848-77-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/2848-64-0x0000000001AD0000-0x0000000001B30000-memory.dmp
memory/1632-95-0x0000000140000000-0x00000001400CF000-memory.dmp
memory/3468-207-0x0000000140000000-0x00000001400AA000-memory.dmp
memory/3036-244-0x0000000140000000-0x00000001400A9000-memory.dmp
memory/1172-245-0x0000000140000000-0x0000000140234000-memory.dmp
memory/2168-246-0x0000000140000000-0x000000014022B000-memory.dmp
memory/1632-247-0x0000000140000000-0x00000001400CF000-memory.dmp
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | c794673ec1fa9bd1d7bb98eb46a6ca93 |
| SHA1 | a65abb17b618f6c59353bc24dbe4bec19eeba134 |
| SHA256 | 9812cdf8d1c7d07862509bdcc352815288b06396f50658309e7e4b6d53b67b10 |
| SHA512 | 6ef460a3bd7090f3d5c3e42fc3b0cb4055d7089d5ae65db5e7fcb692398bca0f37f66ff5c7ae59d6741c5494a13ec537de6e470a09c97231e13d636e1f346521 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 4cd7249337d90651e39cb069bbf43a22 |
| SHA1 | 69d058741de2ca6effd30d8089dc3bfb59446af5 |
| SHA256 | 9064acf3961165b059accfa1802cf3b12dbd870a69ac855a020b77b59b4f7c99 |
| SHA512 | 38af41747ff4c5dc2b727b5f984d2b526f84ddc10c71083c922b7f08777788f9545bf9084360e937271201882eac1ff0b2279dac94e844ace87b410c479414e5 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | 2950f32ab0f02fff2e485a6c2b19aa2b |
| SHA1 | a7ffc958b7949d162d52b90832083ed8206f74b3 |
| SHA256 | 65435467adf814311ef725d4a1ea152e9f62c891dafb8a23783c56299376a438 |
| SHA512 | d5338f5acdd9916a83f9f0d60c6a9e8db14e286fe2c7163e045ded7b3f1b3f2446120e512842d7ab67b52dedefe2ca37cd2a0ba9de0d220e53cd664a775da7ae |
C:\Program Files\Java\jdk-1.8\bin\rmic.exe
| MD5 | e0ef71b599d6f9cd49fe3ea04a0e1860 |
| SHA1 | bc03d2494d34a523b8917db7388e0fbbec424748 |
| SHA256 | 2d2233047c5e591f42cd4a78f362b336fb0b225657024ccae304458b48c15070 |
| SHA512 | a20052f596e9c81413b56a4f468fd864b26816ef75a5cb616b15b9ce89e2a0b6221717ac8c93449a29f85984a9d5727bad836ec2ef1a47c005c6ff6d9e7bfef6 |
C:\Program Files\Java\jdk-1.8\bin\policytool.exe
| MD5 | 09c2834c08abcd535cf8c440dfbc86d2 |
| SHA1 | 12f74f21b47233eb2158769370f15c8d721b8467 |
| SHA256 | 54a675b630480d15f89a0c09b3ca940ab851c535820404a8be0b69970e3d0b7d |
| SHA512 | eb2a346fde45c1eadaf90137b236ecc6ec047f8e0cc6250e429870caf4a4bf914a113b8b117afd5149ef7b68dd8ad5d050165de4f06d2fcd49c2979f2e12eeec |
C:\Program Files\Java\jdk-1.8\bin\pack200.exe
| MD5 | 64c944df3a954a2f8951ece3d2e058a0 |
| SHA1 | 7ee8b8f61661e4740942ee357d1912e594511d39 |
| SHA256 | 23d444c89ff0f910cf9c32f372fe2a3144d4576ed1b781514d6098c94be0ae06 |
| SHA512 | c32787af52f93766ef195dae4ac7d5f121928de8a0a10d5e00401d9771c5d103b55d8522efdfe96bdea91c278ecc5c163efa6875aa073df14547cf2d4f1a717d |
C:\Program Files\Java\jdk-1.8\bin\orbd.exe
| MD5 | 9c8fdd77dbd6a0d454b220df55919d05 |
| SHA1 | 30b1ed255275cad0dd0ef3469bb5e51e7dc57ae5 |
| SHA256 | 42b82d89c69fceee471494a349a1e775231a710de60dfb4a2d0e9579fc257154 |
| SHA512 | 3648526b3789f787065a57085da82a9a07b8a0bf52fc4c24683f4121b4a06f292e8dfcafd9f431eaa4a9f17b3c24173822a9fdf45497c2c637bff5729b3e3f0f |
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe
| MD5 | c0386e94a5d36636f2c5904bb1e3e2bd |
| SHA1 | e6c7b307ef18c35f771d43390f519a31f7e97e3c |
| SHA256 | 0eb1ad6bde6e66bcaf1cf7a9565ca1ef1bfcf3def495c69182b2607c09c1513a |
| SHA512 | 4de4372857529c21fc99c68e6009d4ca11a3d748d322d40a2c7333932a912fce41d1af054a7f07d1a6c86a54b81907b034ade271e91a30df1a505241fe989878 |
C:\Program Files\Java\jdk-1.8\bin\ktab.exe
| MD5 | b76aa7edfb8f0a0b56d88c5a968e15a2 |
| SHA1 | 784744cfaae89a0de3832a8d83143eac1cfdb63c |
| SHA256 | 1091dc11755ae88947413b92faa2f6685e73fa06bd09f3d365d32037bc90d95c |
| SHA512 | 1c94fca9a1f94d370bb132c4834eb25dd7a3a350450e56c8d57155ae5e86a6d7e09412246bfda3d2ddd1cb4724d8c7795a72f3e7b7187179bc6e00189e6f87df |
C:\Program Files\Java\jdk-1.8\bin\klist.exe
| MD5 | abd31ff45a4c2d48b95e7af2eeff5231 |
| SHA1 | 0e16dbe7bdbd97952cf2170b9413bffff557cbad |
| SHA256 | 277dd9446b4c6fbc5989fcf1b51431e2bcd841a6dd3edbf6cc103948883a87ed |
| SHA512 | 684cce3d5df0409549a1113cf3c3e45e883c286e258d0f4c934cef6a6a17a36157f506aba2728a45bf3ee5adc309f0f523d967c0221cfaaf2a5ca1200001ed79 |
C:\Program Files\Java\jdk-1.8\bin\kinit.exe
| MD5 | 4a28116dde8eb0ca4ea153a0e039ef63 |
| SHA1 | a10905dff0c396ab4858e8243348c8273c00e315 |
| SHA256 | 1026d927bd1b363b8cca5e321cfa9a3b88b8544a66776aeac9c8e2c05f19cf1e |
| SHA512 | 12d657ef2d3f39b3a08f2b26363d9fab8b65bb5eb656bd79812a59be465075f7bd9c7a9a322869dbd778435ae4c35115710bc2368561f7988249bc55600f363b |
C:\Program Files\Java\jdk-1.8\bin\keytool.exe
| MD5 | 4a70dd8561f5e6bfc2ad378745ff5166 |
| SHA1 | 737185873560c5377228a9a5ddd4c60bb2e2fbd3 |
| SHA256 | 787c41e1fc88823ce980139049a67251f779b71b80468a97b583247aa7d304ef |
| SHA512 | 8717f930a62fba744961b537282a3dd581d4795b6471c67b4c7fa14e73f84c25f47ee0ed45350c59a978a256f42d8219c872e538b9ff6199918ba791c947b329 |
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe
| MD5 | 521dfb1a9d6a62e36f3756e2c0b8aec2 |
| SHA1 | c66df1a3933fee2a1b7ceacb26f5a82bda854c66 |
| SHA256 | 389b21a508cd3ea89e53ae31d1a23eb355955f01e6a54f2bf2b68ed3efc9b095 |
| SHA512 | 31e66d4303ff8fd9599c617bd8d02a63db01f749f0e09df0faf78c150457641a5ed1c528d8923f855f8ed6122bf99cef8335f5cd3f5d1aabfd9df06e7efc1fbc |
C:\Program Files\Java\jdk-1.8\bin\jstat.exe
| MD5 | 165f7dd887f0c19dd9a5d0dd7309798f |
| SHA1 | 93318f0db6d6abc3c3107c1077e36c2ef960da6d |
| SHA256 | 7092a95cca6778340fe037765f2e0534e0409236800818504d5f99d282a3d20a |
| SHA512 | 06842a9f35bf5934cd6f2cb500f15140eeeafea7f12388ffc38c3ea3a82bc3be07553fb60226d9531ebdef35f54db09f8bc77543adddf1907d79a270d212d8b1 |
C:\Program Files\Java\jdk-1.8\bin\jstack.exe
| MD5 | 2ca9bcc4b67b866c8eef0c8cf0573663 |
| SHA1 | 0608d5844dfafd79189ec4ab2079662f62eed04c |
| SHA256 | 7cb137c8284fc719f04de2c6b6569a71ee37268c8bccaadd288170053d70648c |
| SHA512 | e24717594cdc31eb2b85cf96c06752eab1692dd97500d5c044f797e20f3d35557c6a3894b1300d279fb242e50dd60aaf780894de22b44798e68a148864a800d9 |
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe
| MD5 | f6860ea29900f227578f775768f3f8e3 |
| SHA1 | 9a42fc71bb8a13b0c664193d04e7b3ffdadc60fc |
| SHA256 | 598ff3b129e06edd58db68cac5da751493c1c95fe7aff5ae4a92b513032db2ef |
| SHA512 | 1a11394fe5ab021e51b511ea4df912490b33ca5e31f4302ecf3c93edb04cff8fe77e9d6f5d68a8000d9bdbe15e41db4cbfd77fdf3178d959d0545ea35c6e4c1a |
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe
| MD5 | b09682d1605625b3e91d8633aa678ac3 |
| SHA1 | 9ca030611c0acf128b9736b22e2c4a92d2869ef0 |
| SHA256 | 7226693d62108ec5c2f3447ffdfc25103fee1e3d7e8ddbd4dee26aafcc59f128 |
| SHA512 | 075326808d06518b2c019b960e6e4d1715affc3774d2d8719f305f5074baa71538bbf3d24c0b8c34e0e313c0099f101afc86202d5b9c0fab400e3e58a7ad0d75 |
C:\Program Files\Java\jdk-1.8\bin\jps.exe
| MD5 | 4a37d75e8aca781407902983aac75b62 |
| SHA1 | 80849e3100f99881cc60992412a05ccf867313a6 |
| SHA256 | 3942e9b405861758eb13a9d7c6dd4fa2b8b7b32c468885b65568752e4d25bdb8 |
| SHA512 | f53ec38cafb3f572b975df10ac07bacffc366ac266701e9a001be494afc590fcc327bb414b3df2243ea088a467a7139b10e15c98ff6c0c9a402630282b21a21e |
C:\Program Files\Java\jdk-1.8\bin\jmap.exe
| MD5 | ef1c66e2f473d1a36ca8a896850aeb3d |
| SHA1 | 713d03d1491d7edf88e18ae19ac01184b8bb0edf |
| SHA256 | 68792bcca44019000ccab09a6b9a043ad7e6fe89f030a2bb5f126bd83984e393 |
| SHA512 | 4a96c0756896e8289b1525df1489ddd80e27eba4fdeabec2eef3158d182b0daade71a8b61fa29cba70395151dfdf5d2af3cb9c5cb016154ec61cc258145106ae |
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
| MD5 | e2720de4c470dca150c95527be1cc077 |
| SHA1 | 061ddb04279fffbc446839eab1ed72cff30b0f3f |
| SHA256 | 08c22d286e83454907b850233874bbf6ea995aa1dcbe7e5f8b7c67d23d122cf3 |
| SHA512 | 85279edfed14381e07c559cddba89d5c5aae50c3896ffbc3fce51afd142a7bde3120b3318d533b385384338b0838605e40d1f9ca180338aab0216c37ee66d952 |
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
| MD5 | 3952aba16a15f2666f0ea62ea0cbe61e |
| SHA1 | 5d22e659cf19c275053e38885fab98070ae43a33 |
| SHA256 | 30a341a64c4ee79b6dd0c6bb416eca93a1057e4034e44de958c18d69692c518e |
| SHA512 | 18348be5a10332c04c81d57c29313146978435ea5bee378053e19192a68925310907de0bffa835b0c6a07f1bb209e35d43083a24f0f69d2cf56b41fbc0d14d24 |
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
| MD5 | c85bf701bbd71300738043b72f3a6e9d |
| SHA1 | 07ae47c4a8e6691c9a70d4bae6511d282cd04c47 |
| SHA256 | 284351c95a427a91502593644e517468a4f0b35f86d806e977a6a3abe83247c5 |
| SHA512 | 959ba2c4f1d612fbe22e7b73495da1ca84e68afe22ba80b3aa137877ec1912b351b073826c7392afe6c50fdb79ae2a276182bf77db7737db5147e6849e2cd7de |
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
| MD5 | ba0b65e850e45bb75ff55b337b190c96 |
| SHA1 | 32af330a69c0bf7b78d5f29ff11cc54c2271dbc0 |
| SHA256 | 4340f2b36e798e3b27ef146c29888f8a4fc480bb8ee08b6215490c7bb9982c6e |
| SHA512 | c6e6b8716dc9e52be3dc82c405805e5594219f87226d9f5e230cb7856ded42fe75e78b9c9c8c1fe663430582299751f4ef80d3d809ed413b8a6b427f6ffc0fa8 |
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
| MD5 | d824d7696dcc43c11b70894d1d1c1f85 |
| SHA1 | dbfd78e78ee822bc99772a7d199157581403bc36 |
| SHA256 | 806a2a52fdc3bf891a702cc97b9e7d65dc49c8f88e38c8475369ef7d371810f1 |
| SHA512 | 108c040103bfc1877de1ae0802c89d98c37f131053f0913a3833ca8346aa15a573f76cabd74f0f4501ac9f5838c106e84c379537e644ac364559a736934ec4e8 |
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
| MD5 | 80803172407da1fbc0125414a2f782c6 |
| SHA1 | 13b79bb8abb9d249080e5194f80cd2065b725474 |
| SHA256 | 3ac1cead91625bf054e0dff4cfb1d1c51b22920656ea2a9306d118a1f804db65 |
| SHA512 | 373238a267d5216491c9fc8aa79a7f009a8062956d58dc20483e4f9bce4a80750ff016b95cfb84fe36f57f102a22e6a36c794fb8de0b0ca4c420393906b3f4da |
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
| MD5 | 3f2c4463eb2de8f67eb203fdc3e640e2 |
| SHA1 | 3211fc14d762f4a180b7038e00c9740d3b325bd2 |
| SHA256 | 69ba3e09161bc5af15db79dab01316c8bee3e53c2e0152fee9d846a71bf6494e |
| SHA512 | 8c219a70017f1660c2dc5d0544e05fdd9bf088fd80c9c230b0852c2a21df26c76308f937cab316a3c1ab693b735850056fb23355d195840a85e2e95478bb9605 |
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
| MD5 | 813a30a1f8267d410497e27a754f5805 |
| SHA1 | c1edfb7267ae2e68815fd760a61ec79675ce91a3 |
| SHA256 | 4daa6e739f6147f6dd74e19389ae22ba2dde5210ecbabc00ff8d4ab9dc341ced |
| SHA512 | aec772c3d797e8f3a20239d2e5425f369e6cbcf77ddcfeee5e321f08f2852f5b7d655769a76c796c207110784e321d5fa5512055fef379c8e3b9aa21566bba5d |
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
| MD5 | 4076480573bd3c46545ff3dd920ac456 |
| SHA1 | eb53cf7208e75358c8af3c5d4f0000e606f96737 |
| SHA256 | 0ed700c48c0be38539d989430f23ee1bf977b4ed79cf11e68cce683434f8bfe2 |
| SHA512 | c1ac29fea856ef20cec8b8378b9ecfd543332dcbc14f198f4fd3e3331b77d9f52c73ee0ab6c70d947bf9ff37b5f92d5ff3df9b223d8be6400249ee19f1cda495 |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 341cf18d18dd0c113987c36dd7002e01 |
| SHA1 | a2706dda6b050d0a8573acd320082807cf93495f |
| SHA256 | 1a17984b15e57bcadf82f91b246267d45b6d7836037f095a9c0a96d9a493b94e |
| SHA512 | 66562b56fcb560e5acb097087006aa9aa49446b504d36c143bdf4b9ea8136a73bbdb1ece2dd663fc7f3d2ea47bd8eb7918f72222bea3ac3c7c7abc512fc4fcd1 |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 5d9e0290c3de04c6cfeb68b5567b7b04 |
| SHA1 | 52b417cb69fc502324b051b2250fde92cf80446e |
| SHA256 | d1d0eef4e04b6494b02a79e87dacbc4e2b99683f61588ad3af8db3f0d1a8c87e |
| SHA512 | 396ab800a7dbb9e7a3273a37de3a23df71fdf78879d4eb43d9a644d1ab4cb49575215a2f69324ca145235615b45bbc844c9a45d87b9e7d9236e60c2a89919ac4 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | f3c8abf602d79348d4286993a6a487c7 |
| SHA1 | c8285a9ca2e64bc9df7bbdbf6bd2d76cd30fd40a |
| SHA256 | 7ecad4cd65adb5f4bc41ba7b58ffa0b83efb5dce479c751a369e28b487ce8ec3 |
| SHA512 | 8d9984f62979878916d9ab513d8737e5589fbf07d697ad3e574f948704b118897022546c0af8ec699a1b830235ac82fd0ccbef37244bce1f641a2e83191cf796 |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | 1d118189b4f53768bca032b121a267e7 |
| SHA1 | 4bcd82e8d9da1f56c2fdf28f65635ee405563f9f |
| SHA256 | ba7935c479548af55cf8727ae5e793c3c1e3c49dd4bbd4ed993d1c7c166b1eed |
| SHA512 | 1536fbca5fe8e80d64c7f084ebedfe0f340f0ba9e275b8b574fbd6496bbc18ac44d8b283a203c2c328bc64bcfa0648d8cb859af5ad7108d879f32355509d1331 |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | 4aa2ea3c4659244b41bb041f7f3ad3f9 |
| SHA1 | 088f7a0094587e6bf48294b799951990a2c15f09 |
| SHA256 | aa702fc90f98be38174dfcff52ae9be7e9470f8bdfa9fa1f1eea415a881a2ef7 |
| SHA512 | 591a24d8727a3a694d9e0bf90e8e4d3c9de36a39fa2b470ad72b84715936a7cc12ea97eed78945ca9829ee1f29e02fe6552b73e18296b21d490f9066bb0f9bf9 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | ea5adfc1b9c3c1c222711bf82ee68465 |
| SHA1 | c3d71deddfda8e19869fee07610c44f9e738344b |
| SHA256 | 23a252486e5d8fdbe6cb4d5b67d901edb36a5db3d6f08320b59f3f7408d73f5f |
| SHA512 | ba53ce211fa23fb84609d523a92db2c59dd421d37b0a7f4b519f8ba6d4ae85972e6b1301ce3c57e75c5dfdedc86ec13f23d78b9862e15e4b2c8625ebe2cb007c |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | 3abb65d70f639000e6405900aa60a35a |
| SHA1 | 156b1554a21a2672c0584697c56e1e49998066ea |
| SHA256 | 489f3185965aab5da4139bc8cd9e4b1b0191dc310ef45e6af7b0220dfa70f5b8 |
| SHA512 | d274558f33b888f1cbbb528102cb695af1b8b33b3397bbcccc3a1ce6edf764d792d8ac588cd8116c942cc79861088d2ae0d6d57c9eefab912587ab0fc286bb41 |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | 510dd870233f1d285b4d132f0e4e7506 |
| SHA1 | 81bbe3afdf53d220290f69bf4a2a1caa2860a271 |
| SHA256 | 0f7d6f36013c167e7bdaa304ebcda5aaf520a68354896669fbe616faf3e5395b |
| SHA512 | 110969e01277d5ff3285ed3df8880ea8433d771263c6415fba0350a95be5e70d27a4a3308e863a3d0dec9cfe1c5927204c689e0b5414b370be686a32df7a83a8 |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | af2fee82c56fdf08cb7b6ad848993099 |
| SHA1 | c1f54fbcb8d72bf7dcd40e537e58d5f8ee210802 |
| SHA256 | b0f286c4ee5e62c82d748e4507260fe42ce89b1c45f1b7205ce7db2b665ca3b6 |
| SHA512 | a52c31e60a65e3d3b6230a58753f2d2ae78e936e279fe46531f76edf5b87e443aebaffd77854911e3195ded3d7bd17d933e9da8eb3a1ea034113452149ad08bb |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | 952f9c1eabc2246fdde91f86ac70b13e |
| SHA1 | 39853123530ce93d44d9fa5428c36e344473770c |
| SHA256 | aa4b2cd5528693284ad1bd3d54d8984442cf8ee6f6e929f2ab96d4f6d20c2703 |
| SHA512 | df5e35feb752516760e89b74e82e673bdac2aff3767a529d536d93bb38c517331c853944711f22398208c99a2d20af2cd96eb13374d4ed7077a706afddb6c1c0 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | b16f25f0418905f8323b37fe35a7ccb1 |
| SHA1 | 0ff18ffaccafc5985032179f534ae2e44c1cb110 |
| SHA256 | f8a572a90f829ddc33038268695d68a093168ee9c781a34ed2f25fc0f1c1a415 |
| SHA512 | f8d87978372affa8532e2ec7b03c8efd510765172dff41efc4e2c43b8f3c51d4a211b45f4f83d5206afbfeccd752b554d6e68ca35d86dbad62ed08409d6a8430 |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 98e5f91c69802847397b62de27c9080e |
| SHA1 | 0454ac2323986563db1c4e801c5b39d04a54ca3f |
| SHA256 | 424355f23b4f86755de0095fcbf261047be15f62710f58fe94a50137760b952d |
| SHA512 | fefd36b7327baa985228c300cd8ebbaac03ccce46c83fcc44d235d8f3999f4bc647f284db5626fac04092dccea2648b82e6fac7b8d56dfde16174d8818a8414c |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 0a664633be042a681298a4c58366fad3 |
| SHA1 | cf4975d5b14fb7bd419f2f53c5f7edcd11cf6406 |
| SHA256 | 06c4da348d5a0a27f8b48436273f4c9e34f0dc5db44bc9328477269570c8e301 |
| SHA512 | bb76be59e2cb01c1a51958f2c0d372f4229755dae9f69c5c8c8960dd89a484dbc38d0313f80e5b9525b1717655867f3c2621c0a07461180be5760c991314d8d9 |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | c13c85ca530ac0385e49c23b851d1bb5 |
| SHA1 | 8cd284394d06a3c767f80de7ddcbe26688a9938d |
| SHA256 | c8ed189cdce7f4921879f7de571d409877a863ddac4e1e6c86199fc65a354e5f |
| SHA512 | d252ba3ddd67c4aa40f9fb7c9ab0886cbcf940542cdb6be936b59cb20bca026ce92eab34a103e2ac1649ee8e291a8c6c6afe0462e1f399501b5f00046d0c09dc |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe
| MD5 | 0619b24ed909a40532fe1d385b96ba86 |
| SHA1 | 37bcc798f2acb8f4f0e4a8921758b9fb55db1104 |
| SHA256 | 2f8d9b51092d7d3957879adc2eda4df3e53298956c75ce33b4e273373b7a34d8 |
| SHA512 | 52ce9dc093f527a7c2f9b6386ca717da0f4bc0d4a5d20a0c2ccc801eb9156c9653b678c4872de5a13c1b00b3ef4a778d06cbd1959a0e68fbe988732f0eb66517 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
| MD5 | 0c08b5f453b3747e1ca75ff09667e0d1 |
| SHA1 | 46eed0e60ea5f5d5fba44e1985442f59ea78c529 |
| SHA256 | 1e5c103e75ef4a55818f2224801e7008e61cf8c767e4892a961c394d709ac495 |
| SHA512 | 491ccbab77c3b49aa98d4fb535d909fd6100a54b82626148d4917ec7147fcf93870be04994e1fe3e89d00fd9c389e7d06e6f00d00d4a1070bc29463c9638e057 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
| MD5 | ec6276b61df017bc783b9f78195bf506 |
| SHA1 | 096ccb983e27feec5dd17e11edab76a079c02d43 |
| SHA256 | cc9c4fd8b259cbbcea6cd3f111c4eb7a5208a82f3edb37f764f11d343ef7b42c |
| SHA512 | ea57652242885a131699f79346f0362e55eaa7a10a3dae917b79e2bb6293db97d7e7fb42ca9652d68fda44d5c76a6b70b0fc8b2da0099cdfd54b2d440a6c2c45 |
C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe
| MD5 | 0370bc06371ebd1c4d84d5990603ce68 |
| SHA1 | 2319d829a60ebbda40ef27957dfa30ecbd861d49 |
| SHA256 | 666dfc7bf0b75ec8de1a4591d28d6015fb552bb18db04ac8c087f6fe2df14595 |
| SHA512 | 3815c9097d65af49c5411b24ac32f41f9119dd340662f74df7737f0ee5ab87679069f595e262432657840b4542debbcbf6445fca3e8812a052b1cf6e9f8be599 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | 65fa5a8a6c07bb4d211d63479bb3e115 |
| SHA1 | 348c4254ebd441a24da997e99ae8eaa70ae587b6 |
| SHA256 | e443f97b360cd498de55a8ef75600ba1f814c600f9a923ee07545a4781c32948 |
| SHA512 | 2bf02bdbccb2df5158a7857cb72b66ebd726cc2c32c493cfe4efd03cefc30c49bb88f487ce2768744bdd64a6cd41b52d80e6b43ed22adf05ac1b0d8ac3eefff5 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 83211c920f9fc8deadb3cebf663802c0 |
| SHA1 | af12d95a3b70e67b5593c869b0ca6fdbb66d5e1c |
| SHA256 | 53ab6b209f0da46f764efefb6ade889e370f50fb9bb3668b35fea3a4bba17547 |
| SHA512 | 9d576e8ab4ebbd47e886e6ce84c39e72bd750acc22cd32b19c0f9e4c79a054d4bc868a342b76b5e55d4a84e0908962549acf7ea1cf49a89730216158f5780dc2 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | aa286f7b8cd2380a191a896725c8e26f |
| SHA1 | c1302832306fe3d9861f1fb358d3ffe12c6bbed0 |
| SHA256 | fa7c2eb202119007dd898197b9873da62ecb20e638662f3ce96c41cd0ecdb2dc |
| SHA512 | a8b2edbed9b736e2f43a11c725abbebc06d6e52992f2847b19dd3b8efcd43a1918c65c8b8376dca21d7762c97d7690c6a5b8cb5f6a2425539ff2c66f06647285 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 3909125842053e3ada32d7d57fbdba2c |
| SHA1 | 76d7ba7583519e7268756adc7d1ffc9ccb6585be |
| SHA256 | 817b120e0f5b46e1a3e80125683b4b24516ec7306a87277fd41f4b11cbf94be1 |
| SHA512 | 41c00ebfff92a29da6367137a14bfedfbc82b21ab29e03748e2b4371864bf57729eb2d170ce12b0796c1039059dc6da914e90cdac4ed947f1048074b1ee6cc0e |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 015c3320106e9e2a5e1f49bf65184445 |
| SHA1 | ad51a6e9bccf87c0b7415baef393b5fc59a38251 |
| SHA256 | 7b28d1c265bbccd36f7f78aa1a07650420d4d24b6d670d5e7948c626420b3123 |
| SHA512 | 807beaa0217ab710d150d4b6e674f62c8dbb7dc87a5f86421957093b09a517793bb87678be2b8e354fe8f07d1f56b9c436eedfcb8fc1460044248186e086488e |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 97d9d7033bd8f50f66b208b96ccd8adf |
| SHA1 | ac4db4df486ac7d81f1f10bf649959bdead92100 |
| SHA256 | 6792d9d3865b23b72df45c901cd6302c3f587b59c58f951bfd71088e22694d2a |
| SHA512 | 2acf078c651b583929850595aa6287588587dc2841a573e2ebd68c1fd2613840509db27b8e11d13d179b8370eae1b754df13609f46d10ccba9d64e6861f36ccc |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 559ff10f7b5ebd393f5db3c42bec2b8f |
| SHA1 | b23b0196c8ceb8d5658b3b8b2b1b302a79dd62cc |
| SHA256 | 6e105db1a64e6b071cd1cef2cf224bdbfde50a7ac4631e89ea80955201110bc8 |
| SHA512 | 33423f8cc9a65d1e8b1cf9fa9377ac17bb25d9408e164ff2f9d94cc2dd3367ca6dc7baf00263e80ddaa6a56cd08c8ade09e36493bca3225179966f995c1c6c2f |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 423a5078541c6b2b533f4ef02b3e50a0 |
| SHA1 | 35567779a567ac47e6be3e49f27c5c90572c895a |
| SHA256 | 0b79cc379300dc689a1f807a9140e344fd372c83c4222ed2cdcd4e23252f5f48 |
| SHA512 | ffffd96d1f73cc0feda908b42c2af593427ac0af46fe3f8da6b44ad38f856ab8a8312c7d7627a297072bc3034506f32ff60007b6af6ae1284d2679dd35b7b228 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 08335e93591fbab5ac14324b09d4a85e |
| SHA1 | 6e2c8473cc342a994c2da09a4b94045e983d44dc |
| SHA256 | 29a6c5a0cc2d85678ba82c2dd89c3373dbbade8fa8f3e4994d09e0bd8a836a33 |
| SHA512 | 794373cbf3d57ff3bb120745af905663fff32b0eff9598021d7742187c1cf1d7dda604f046f54639f18e3fd4cdb02cd6a6a26e47a457a763415f66d7d03f0cea |
C:\Program Files\7-Zip\7z.exe
| MD5 | c6080d9a8a7b22d22182ccf889f42088 |
| SHA1 | af96afec48a6fb95b83157ab8acc890cc0453849 |
| SHA256 | dfb804c2a40cffd42b03058e7694a4cd50e7df0393485cf328540ce4abff6c82 |
| SHA512 | 912f77956f7be4ec7204e4dd47a24d94af56242fbd20c982ddc308ffca666fa02d4fbf4fde871900e40eaa4a2ff605d1194f62982e79db6caed13e426c1cb7c0 |