Analysis Overview
SHA256
86f1d5ca95e1ff395be3a353bb45a1d33729432a51acad8243669d35ffb9f44c
Threat Level: Shows suspicious behavior
The file 2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Modifies data under HKEY_USERS
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-03 05:29
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-03 05:29
Reported
2025-07-03 05:31
Platform
win10v2004-20250502-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
Reads user/profile data of web browsers
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Windows\System32\msdtc.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWow64\perfhost.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\TieringEngineService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\TieringEngineService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a927356bdbebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007fd0ff6bdbebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000879e4a6bdbebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b057286cdbebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\setupapi.dll,-2000 = "Setup Information" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000063e2126cdbebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000002bc6326bdbebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\msinfo32.exe,-10001 = "System Information File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\msxml3r.dll,-2 = "XSL Stylesheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@fxsresm.dll,-1133 = "Print" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{487BA7B8-4DB0-465F-B122-C74A445A095D} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000003064306bdbebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe"
C:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe
C:\Users\Admin\AppData\Local\Temp\2025-07-03_113823381d651780a04c014720f41a69_amadey_black-basta_darkgate_elex_luca-stealer.exe --crash-handler --database=C:\Users\Admin\AppData\Local\Google\GoogleUpdater\138.0.7194.0\Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=138.0.7194.0 --attachment=C:\Users\Admin\AppData\Local\Google\GoogleUpdater\updater.log --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x2fc,0x9229c0,0x9229cc,0x9229d8
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 804 808 816 8192 812 784
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 44.244.22.128:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| US | 50.16.27.236:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 44.244.22.128:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 44.244.22.128:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| US | 50.16.27.236:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 3.229.117.57:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 44.244.22.128:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 3.229.117.57:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 172.237.146.25:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | przvgke.biz | udp |
| US | 172.233.219.49:80 | przvgke.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| US | 50.16.27.236:80 | knjghuig.biz | tcp |
| US | 8.8.8.8:53 | zlenh.biz | udp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | knjghuig.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 50.16.27.236:80 | knjghuig.biz | tcp |
| US | 192.64.119.165:80 | anpmnmxo.biz | tcp |
| US | 8.8.8.8:53 | www.anpmnmxo.biz | udp |
| DE | 91.195.240.19:80 | www.anpmnmxo.biz | tcp |
| US | 8.8.8.8:53 | uhxqin.biz | udp |
| US | 8.8.8.8:53 | anpmnmxo.biz | udp |
| US | 192.64.119.165:80 | anpmnmxo.biz | tcp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| DE | 91.195.240.19:80 | www.anpmnmxo.biz | tcp |
| US | 8.8.8.8:53 | lpuegx.biz | udp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| RU | 82.112.184.197:80 | lpuegx.biz | tcp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | vjaxhpbji.biz | udp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| RU | 82.112.184.197:80 | vjaxhpbji.biz | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 54.146.6.253:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| US | 3.238.30.69:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 3.229.117.57:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| US | 50.16.27.236:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 172.237.146.8:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 3.250.92.156:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 34.229.166.50:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 8.8.8.8:53 | xlfhhhm.biz | udp |
| US | 104.156.155.94:80 | gytujflc.biz | tcp |
| US | 54.146.6.253:80 | xlfhhhm.biz | tcp |
| US | 8.8.8.8:53 | ifsaia.biz | udp |
| US | 3.238.30.69:80 | ifsaia.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| US | 8.8.8.8:53 | saytjshyf.biz | udp |
| US | 3.238.30.69:80 | qaynky.biz | tcp |
| US | 3.229.117.57:80 | saytjshyf.biz | tcp |
| US | 8.8.8.8:53 | vcddkls.biz | udp |
| US | 50.16.27.236:80 | vcddkls.biz | tcp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 3.229.117.57:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | fwiwk.biz | udp |
| US | 172.237.146.49:80 | fwiwk.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 44.244.22.128:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | tbjrpv.biz | udp |
| IE | 3.250.92.156:80 | tbjrpv.biz | tcp |
| US | 8.8.8.8:53 | deoci.biz | udp |
| US | 34.229.166.50:80 | deoci.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 52.43.119.120:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | gytujflc.biz | udp |
| US | 104.156.155.94:80 | gytujflc.biz | tcp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 54.85.87.184:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | qaynky.biz | udp |
| US | 3.238.30.69:80 | qaynky.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.15.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | bumxkqgxu.biz | udp |
| US | 3.229.117.57:80 | bumxkqgxu.biz | tcp |
| US | 8.8.8.8:53 | dwrqljrr.biz | udp |
| US | 44.244.22.128:80 | dwrqljrr.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 44.244.22.128:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | nqwjmb.biz | udp |
| US | 52.43.119.120:80 | nqwjmb.biz | tcp |
| US | 8.8.8.8:53 | yunalwv.biz | udp |
| US | 8.8.8.8:53 | ytctnunms.biz | udp |
| US | 54.85.87.184:80 | ytctnunms.biz | tcp |
| US | 8.8.8.8:53 | jpskm.biz | udp |
| US | 34.209.195.255:80 | jpskm.biz | tcp |
| US | 8.8.8.8:53 | myups.biz | udp |
| US | 165.160.15.20:80 | myups.biz | tcp |
| US | 8.8.8.8:53 | lrxdmhrr.biz | udp |
| US | 44.244.22.128:80 | lrxdmhrr.biz | tcp |
| US | 8.8.8.8:53 | oshhkdluh.biz | udp |
| US | 44.244.22.128:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | wllvnzb.biz | udp |
| US | 50.16.27.236:80 | wllvnzb.biz | tcp |
| US | 8.8.8.8:53 | gnqgo.biz | udp |
| US | 34.229.166.50:80 | gnqgo.biz | tcp |
| US | 8.8.8.8:53 | jhvzpcfg.biz | udp |
| US | 3.229.117.57:80 | jhvzpcfg.biz | tcp |
| US | 3.229.117.57:80 | jhvzpcfg.biz | tcp |
| US | 44.244.22.128:80 | oshhkdluh.biz | tcp |
| US | 8.8.8.8:53 | acwjcqqv.biz | udp |
| US | 50.16.27.236:80 | acwjcqqv.biz | tcp |
| US | 8.8.8.8:53 | lejtdj.biz | udp |
| US | 8.8.8.8:53 | vyome.biz | udp |
| US | 34.209.195.255:80 | vyome.biz | tcp |
| US | 8.8.8.8:53 | yauexmxk.biz | udp |
| US | 34.229.166.50:80 | yauexmxk.biz | tcp |
| US | 8.8.8.8:53 | iuzpxe.biz | udp |
| US | 3.238.30.69:80 | iuzpxe.biz | tcp |
| US | 8.8.8.8:53 | sxmiywsfv.biz | udp |
| US | 3.238.30.69:80 | sxmiywsfv.biz | tcp |
| US | 8.8.8.8:53 | vrrazpdh.biz | udp |
| US | 34.209.195.255:80 | vrrazpdh.biz | tcp |
| US | 8.8.8.8:53 | ftxlah.biz | udp |
| US | 54.146.6.253:80 | ftxlah.biz | tcp |
| US | 8.8.8.8:53 | typgfhb.biz | udp |
| US | 3.238.30.69:80 | typgfhb.biz | tcp |
Files
memory/2352-0-0x0000000000400000-0x0000000000A79000-memory.dmp
memory/2352-2-0x00000000029B0000-0x0000000002A17000-memory.dmp
memory/2352-8-0x00000000029B0000-0x0000000002A17000-memory.dmp
memory/4300-11-0x00000000026E0000-0x0000000002747000-memory.dmp
C:\Users\Admin\AppData\Local\Google\GoogleUpdater\updater.log
| MD5 | f1f52561647b2fa0fb0d1d35b6d407f0 |
| SHA1 | b1d60d86c769966b511b44898024f9729387aed2 |
| SHA256 | 0a29f8ba30da46953df31fe6ba0fe9ee17326b95c52cd55ad4d5d2007eba9105 |
| SHA512 | da3ef05ef1e1a4a7d08cb5591e485be49e7a6dc5da7b3ed7c4673df4ef3bf9baa53f5c360ba19da8f8399db621a395d447b1971490c5c102d8bf27b91a52aab9 |
memory/4300-18-0x00000000026E0000-0x0000000002747000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | c7486b08a15d2c25b8a5fa27d006af20 |
| SHA1 | ce5cd158023ac9787231a17abac304398f82ea8d |
| SHA256 | 5a13369cccd7a59581dd5310882a06cfebe74b8af6879727a89ef82cf1868a67 |
| SHA512 | 11f84f503c528d7b3a075fc977b753c282540c9faa6b82a02777f386d4445a734d861919b9980089afb4b030b26204c1eb604c5b54cfe2023084106178be6898 |
memory/1448-21-0x0000000140000000-0x0000000140148000-memory.dmp
C:\Users\Admin\AppData\Roaming\fe2a357a676a9926.bin
| MD5 | 8058ed1c664df76954aca299fa8e454e |
| SHA1 | f3b150c672bff3827ae9d865d16b4dd9ddbf13bf |
| SHA256 | f67476dd69a31ba3e68710007052c89fcb43bef5f2cf41b2322781f954640841 |
| SHA512 | 31fc0ff3826d69c8a4929e4feb6d429e3210ddf69a2e41eb922ecf21a884d75075eadce840218526be2f6b1f25bf7263900b0f3c0006368cd1727f9a8b8e47aa |
C:\Windows\system32\AppVClient.exe
| MD5 | d783258b338e527953fa6abc2f30aae0 |
| SHA1 | 06e04315fa06c82cf102cc2ad4059c8d22438e5e |
| SHA256 | d9df01252c500c4d5e597fec8584a1ac4926ee57106d7328564eb2f9ca854ed6 |
| SHA512 | fc05984683fce91c38e60393ecc6fcaf70518a270a6086bb3e0a32b48134df849c11d9fb6c180589295d9fd9ae4c2903b7e341302c4945e6c23f6e3479b0b07f |
C:\Windows\System32\FXSSVC.exe
| MD5 | 5f4608de154581a10de2e5860e97deef |
| SHA1 | 83de083d23ab18ed04f13a970587b71ff8d249a8 |
| SHA256 | 120dde4ec693a8e49897ca9125d9541926a2dbe34235d736c09a7c6bfe5082a5 |
| SHA512 | a3eb6c8be8a26bea78f8d0c6f43e57014da07dd183571d55840fb8409a8701dbd5eccee4db916f93776eb62397d6851cc6dd71dec94fcd8ee68f86a3f630fabb |
memory/3368-30-0x0000000140000000-0x0000000140135000-memory.dmp
memory/2352-29-0x0000000000400000-0x0000000000A79000-memory.dmp
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
| MD5 | 1600a54baf39b871fd5aa6e503e4e52b |
| SHA1 | e12cfda04f1badd43ca6b98551ca89c5b879664d |
| SHA256 | ae5d8b85e4b1fd5a2c87e21839531d878d2626111bc5955d9a96a559a67d034e |
| SHA512 | ee3375bee676842480add91b8849e4d7176db41b3eff777e1879ac3184e93a7b311bf2ff742f7c28ca54415cf66edc91195ce3fa4a3c72768b7525922c191373 |
memory/1104-42-0x0000000000C90000-0x0000000000CF0000-memory.dmp
memory/3368-44-0x0000000140000000-0x0000000140135000-memory.dmp
memory/1104-41-0x0000000140000000-0x000000014025F000-memory.dmp
memory/1104-35-0x0000000000C90000-0x0000000000CF0000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
| MD5 | 0d59e3c83da4dfb3d31038fc616f9630 |
| SHA1 | 740efd49d2e934aa9e7ab4591e7907c8a3286230 |
| SHA256 | 624bc27c7c6cc2368fb14b2c403cb7ce0a3647b3df459d56d0907bb344c7de83 |
| SHA512 | b66812a156e1e0b42172a48899833725a9ad19db6de648ac23c5ae5c15914761565aff406349f151beb2ac34b258aca4f900016a71e2264335118d2b6f62f293 |
memory/5792-48-0x0000000140000000-0x0000000140266000-memory.dmp
memory/5792-55-0x0000000000990000-0x00000000009F0000-memory.dmp
memory/5792-49-0x0000000000990000-0x00000000009F0000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 53fba451c5528597fd382a7718017be1 |
| SHA1 | 8a826b52ee95012c12fa948883327c02d26375a9 |
| SHA256 | 969d792306f67014cff365c1d272154f5fe888c43d473fd5bc22abcbf7d7d044 |
| SHA512 | 5ec4ddc02964fae240f2654484345daef789832245731ba54e52a0c13421abcf91987705c7f208f5c2a0cd6473377e6e628e3f88814fa934dbc76ff9e8300df5 |
memory/448-59-0x0000000140000000-0x0000000140174000-memory.dmp
memory/448-60-0x0000000002290000-0x00000000022F0000-memory.dmp
memory/448-66-0x0000000002290000-0x00000000022F0000-memory.dmp
memory/448-69-0x0000000002290000-0x00000000022F0000-memory.dmp
memory/448-71-0x0000000140000000-0x0000000140174000-memory.dmp
C:\Windows\System32\msdtc.exe
| MD5 | a12fe6a03b1b15e4ea01a1dbc16f2ed7 |
| SHA1 | 6126d65fc2372b66c24093feee611f2e162f444f |
| SHA256 | 78b75e2a55ef71d4dd277ffc52834519da1c93616dd3353510ee5e3de364eff4 |
| SHA512 | f2056a9d584ae7d47f3b1b2129aae5bf7a1ee3026235f8b1c352588ae4d7e0a9b5c58eb46095887d487b707d62db01f4e59b3d3928998813cfbebbb7eb997bb1 |
memory/4504-74-0x0000000140000000-0x0000000140157000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 79585348f55c5a5114e5cfb9a65952f4 |
| SHA1 | 8b1d29af2945a3937c17e284cdfc1e93433a28ab |
| SHA256 | a6cfc82a937c21362a1dfc5c88dfbfb8cb3f304cdfa0333a13744fdb6f9f7696 |
| SHA512 | 24f23843cf3081567115d4e34d15f2160844cbae909e95ca490496e139dfee27925cd1eec418cc1872fce5cc2e71ceb2dbaf3db654f6a8bbadc45cde8f13182f |
memory/4552-84-0x00000000007F0000-0x0000000000850000-memory.dmp
memory/4552-86-0x0000000140000000-0x000000014016E000-memory.dmp
memory/4552-78-0x00000000007F0000-0x0000000000850000-memory.dmp
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | 2d868bc5d6ee5107c7395049bc2dfa2d |
| SHA1 | e817cf27ff6cf3e1d8538b94c398ee823661b0ea |
| SHA256 | 62ff6082ef905a592366e3308475c2467d25e13293888c701df0e5c5ec4157bd |
| SHA512 | 82bbee2e7cb0b31f81d2acd1926c8b81d4783c0cfe32c47697e87383ac9b3d1517d43758e90be8a738dab4260c8f2ef29ca3e45164c2022d40f2084088ab1879 |
memory/4656-98-0x0000000000BF0000-0x0000000000C50000-memory.dmp
memory/4300-100-0x0000000000400000-0x0000000000A79000-memory.dmp
memory/4656-92-0x0000000000BF0000-0x0000000000C50000-memory.dmp
memory/4656-101-0x0000000140000000-0x0000000140149000-memory.dmp
C:\Windows\SysWOW64\perfhost.exe
| MD5 | 033df1dfa45974a8a8c4259f591f2a35 |
| SHA1 | c250611b857d4d64066b5469e3b060fd00ce902a |
| SHA256 | 24725b9abf6ac06d0920eccf7f9918320c9bfbf5c664b8107282147a7c0aac09 |
| SHA512 | b3297dc6adf45ed32c7316baad145c5fdc538ec3843111d0786ea94f70727f7d25f56b040a64726e8b4684144dba51b4a670b386d0eeff52c39ec35e49713389 |
memory/3464-104-0x0000000000400000-0x0000000000535000-memory.dmp
memory/3464-110-0x0000000000830000-0x0000000000897000-memory.dmp
memory/3464-105-0x0000000000830000-0x0000000000897000-memory.dmp
C:\Windows\System32\Locator.exe
| MD5 | bb357a6fad07d1e25ee16c73eac24e65 |
| SHA1 | 155250d264180e0f974e727bd1436a0cb9ff06cd |
| SHA256 | c0eb128050bcbd2dfb13032bb5d252fa7d503ef5dc3e748dea91f56e7db48c5c |
| SHA512 | 655b6857475cf693eeb3df4445e2735174a16ac93146f86be1a22633d5672ad2a9bbb5cf281cd6c1bb06d2697037744590993e8bedd513b950d3cc074db8346a |
memory/1496-114-0x0000000140000000-0x0000000140133000-memory.dmp
C:\Windows\System32\SensorDataService.exe
| MD5 | 2b09bb5c7c7fe0ae1ef1d4f8db239a34 |
| SHA1 | 0df29a7edafe5e271fa4b732aa849b31c719d497 |
| SHA256 | d5fe4f45542c401821fbe02d5a86bd3bcb6478f70a7d3d4ed927afc24c3a5d2d |
| SHA512 | 67f125b97e8466e98226cf3892c6499038013107b817ece00bc299d551422f3ce0cb49ba6703cb8d9d065520f7ea265c22aa02285e68020b8d8feff7ac90f40c |
memory/4956-118-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/1448-117-0x0000000140000000-0x0000000140148000-memory.dmp
C:\Windows\System32\snmptrap.exe
| MD5 | ff7a81c1199e68c38faaac80dea75495 |
| SHA1 | 9f31b42538703d9cca5f17264bd12b3c34c15b0f |
| SHA256 | 17e2bcb5fab12b64930126a0740c05ec69e89536ee4326daddcc20352300117f |
| SHA512 | 1de5e3e66083a59e8499a284d7846dbb95bc3bf03ffe4035d299f4054a0920e2f85f342bc72503077b34e1073af7b2172469bfd36c6c205ce62ef18a591a4e58 |
memory/5208-122-0x0000000140000000-0x0000000140134000-memory.dmp
C:\Windows\System32\Spectrum.exe
| MD5 | 301631ebea1f9c7fb6db0d624b32deb1 |
| SHA1 | 274134e0ff190576333f40e806e3417e156e48c3 |
| SHA256 | f583ffc2de7f0570b34d48a5b4e57355f373d746324fde976623e0ba8c8b028a |
| SHA512 | 0dcb5f5eca627e6256c5591c3b506c97c49a99fa933ba5cc46976300349260c557eae608e635a51a6637c211b415a8ff18af5efb74e97359dd32b4da9d34bb0f |
memory/2476-126-0x0000000140000000-0x0000000140169000-memory.dmp
memory/1104-125-0x0000000140000000-0x000000014025F000-memory.dmp
memory/2476-127-0x0000000000760000-0x00000000007C0000-memory.dmp
memory/2476-133-0x0000000000760000-0x00000000007C0000-memory.dmp
C:\Windows\System32\OpenSSH\ssh-agent.exe
| MD5 | ea704863024fa8095be360cf5a2684b3 |
| SHA1 | e3362b28de537ac0ac2007a9584e640631759d5e |
| SHA256 | ea8d8cc95182dc38dfdaa1c42ead18a8907924ed1eab823bb248fbaef8014739 |
| SHA512 | f796574fa0d4e40d61daec133c6727fd5edd095fd9fff69e120946b368e11f643e35f4825556f9b76e0e015f47b11546f295d6b5acbfc7316b6cac4b8fa82faf |
memory/1380-138-0x0000000140000000-0x00000001401A1000-memory.dmp
memory/5792-137-0x0000000140000000-0x0000000140266000-memory.dmp
memory/1380-146-0x00000000009F0000-0x0000000000A50000-memory.dmp
memory/1380-140-0x00000000009F0000-0x0000000000A50000-memory.dmp
C:\Windows\System32\TieringEngineService.exe
| MD5 | 631b4e5490e0e825e97130ead89bcd8c |
| SHA1 | 440e6d1ec987a3bfb9334a5e174e9628f25bf924 |
| SHA256 | 60061723943485bc22ecded77c2f56b5b1cf6d1dfa046254d4aa6a225ba93015 |
| SHA512 | 4e40e22a696385a8b1e93919fe597703bca85f45e2991d18a62c4276b61913553f893cefebe90433b609cafbcb39deaca65aaa0f387d4827397b566d7d7c9505 |
memory/1252-150-0x0000000140000000-0x0000000140180000-memory.dmp
C:\Windows\System32\AgentService.exe
| MD5 | 5a39eb8d363c1d9646626b0cf4210bfa |
| SHA1 | 4aedf0959bc12eb70644a10224e659cd71fa899a |
| SHA256 | 719d231e87ee89f911183547c5410e453e75cfd63de3ee5456a71091e98ec1e2 |
| SHA512 | 2af6d3641215b2340bd40365026ee8fd511d7c7e027581f9fc574bba03ae353cdfd08219242cf5d5052ba1a0b3098e793d04207fc41d9a74289f7c2f98497705 |
memory/4504-153-0x0000000140000000-0x0000000140157000-memory.dmp
memory/5736-154-0x0000000140000000-0x00000001401C0000-memory.dmp
memory/5736-155-0x0000000140000000-0x00000001401C0000-memory.dmp
C:\Windows\System32\vds.exe
| MD5 | 9756fa823bbc75a3e4409666601d52fe |
| SHA1 | 298e7b8af16a47deb353218d8af0852f22cff13a |
| SHA256 | 2e96daed41073e6a5903b4473217e16593644575c978e3c6cb71f088de2b46ec |
| SHA512 | 143068d86f270367c3fad79dbc829392bc33c0287cca9917357e6ef240aefc4df872bac13030afcc8e90fed68ae1ea5ae5cb8a2b2a3e8d1bfd9e5e74ca1acad5 |
memory/4552-158-0x0000000140000000-0x000000014016E000-memory.dmp
memory/3232-159-0x0000000140000000-0x0000000140147000-memory.dmp
C:\Windows\System32\VSSVC.exe
| MD5 | 16d7ae24d307060ffcb78666de90ff71 |
| SHA1 | 39baf949895024f0cf4967ac4b319ccd28e168cc |
| SHA256 | 66de3239abcee69dc4179fefb3574cfaf346673d0c4a6b4dd02409a241935bcc |
| SHA512 | 3aca7ec2843d8eb4f82801f9db6e440a9a314815997b6426cc058b5aaec1a67eb667756f6454a9e014b76c474fd03b45f0dfba0d066bf88876490acbb8b857c6 |
memory/4656-162-0x0000000140000000-0x0000000140149000-memory.dmp
memory/5556-163-0x0000000140000000-0x00000001401FC000-memory.dmp
C:\Windows\System32\wbengine.exe
| MD5 | 61cb05dec447b289ffb5880ff4d08567 |
| SHA1 | b000dd21c4bebcaf267c82d7ac1c5f05a74483ba |
| SHA256 | 0bf1118585f11c06f944f06b62fff6e8887ebb11ac62ca4b0c9a10b2ee48b470 |
| SHA512 | e38161cd0e48ae6453b6599ce639d1afcf4844e0ecb48755a3b6c9cfeb995ff4e64de62c555af3b1a72f7973ed81c3034ed9f395f9ec1056543deefe7be756b2 |
memory/3768-167-0x0000000140000000-0x0000000140216000-memory.dmp
memory/3464-166-0x0000000000400000-0x0000000000535000-memory.dmp
C:\Windows\System32\wbem\WmiApSrv.exe
| MD5 | c2b883b885f15eed3bf9c543f2f9ccbb |
| SHA1 | 89ab7facfc603533ed3f1c23d658fe05f492a2a3 |
| SHA256 | affdfffd950dc9ebcdac3a08dc6a7f38f0b75d3320a72c7133770b64a58c31f9 |
| SHA512 | b781aec46f9b521e63196c0871ce4e2aa55ab0b92d7da6a0a1fae1d83e993eb569164cc7eb7297831d9a59b7cbdb83443ed19ac3e99b27f25c241b00eeb78a4d |
memory/1924-171-0x0000000140000000-0x0000000140164000-memory.dmp
memory/1496-170-0x0000000140000000-0x0000000140133000-memory.dmp
memory/4956-175-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/5524-176-0x0000000140000000-0x0000000140179000-memory.dmp
C:\Windows\System32\SearchIndexer.exe
| MD5 | 38d00b3a9b373af147e9f41667ef772a |
| SHA1 | 24a10c4ad42e59b1662038b11e8edd16fa9e8586 |
| SHA256 | 58dc80abe5de344c45355707873a51d6d99dba19d412c328249fb6711971ebf5 |
| SHA512 | 8b38d52be3f541bf3e3e3ddf10fc8eb5b93e8abd78bff0f9f3d9757b443f0fa9a8fc3aefe9e835ac20e19112826307d52dc7cae36a0605059057c86897339205 |
memory/5524-178-0x0000000001770000-0x0000000001780000-memory.dmp
memory/5524-194-0x0000000001A20000-0x0000000001A30000-memory.dmp
memory/5524-213-0x0000000009E60000-0x0000000009E68000-memory.dmp
memory/5208-230-0x0000000140000000-0x0000000140134000-memory.dmp
memory/2476-270-0x0000000140000000-0x0000000140169000-memory.dmp
memory/1380-307-0x0000000140000000-0x00000001401A1000-memory.dmp
memory/1252-337-0x0000000140000000-0x0000000140180000-memory.dmp
memory/5712-343-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-344-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-345-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-346-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-348-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-347-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-349-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-350-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-353-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-354-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-352-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-357-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-358-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-356-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-355-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-351-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-367-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-368-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-369-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-370-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-372-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-371-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-374-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-376-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-379-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-378-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-381-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-383-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-382-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-385-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-389-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-388-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-390-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-393-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-392-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-391-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-387-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-386-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-384-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-380-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-377-0x000002707C160000-0x000002707C170000-memory.dmp
memory/5712-375-0x000002707C160000-0x000002707C170000-memory.dmp
memory/3232-414-0x0000000140000000-0x0000000140147000-memory.dmp
memory/5556-431-0x0000000140000000-0x00000001401FC000-memory.dmp
memory/4956-432-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/3768-435-0x0000000140000000-0x0000000140216000-memory.dmp
memory/1924-436-0x0000000140000000-0x0000000140164000-memory.dmp
memory/5524-437-0x0000000140000000-0x0000000140179000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | d270870357dfce03502019acb72682bb |
| SHA1 | c11235842793787afe3f2ca569c318e42875bb85 |
| SHA256 | 323aa9dc820010d13877d0cf9e8fb776b49da87dab0f1814f53ef48db85fd886 |
| SHA512 | 5df0ecd8fd6a2c8afc8193fbf6e57b9267757c32969ba1532177ea1007b5ded39f95efa47949ade58e4b2422ce96d9d8bddacc47459ea52929d76d1e55d2d199 |
memory/3632-453-0x0000000140000000-0x0000000140147000-memory.dmp
C:\Windows\system32\msiexec.exe
| MD5 | 715a14a544aa2134fceecbff319fe79a |
| SHA1 | 2b83206e3dea3b3caf8f42c4a210bd57d0110eb7 |
| SHA256 | 54c4bf334ec20ad01bf68693c1695921c046664ca621f3d731b071a5267bd238 |
| SHA512 | cd1fca5b40662ed3a2d742b762c464dc2f5b2568836d774d0c4fdf87d087dc2d69d2d20a4d32bbab5b8997a23aaad2b640edb3fc1804b2872ab0cd423fbf87e5 |
C:\Program Files\Windows Media Player\wmpnetwk.exe
| MD5 | 2a6f0775dccce4900b3a10e13e16529d |
| SHA1 | cbc2fb0d5331b2e5ffbd7e88cd8f131a48b9ee85 |
| SHA256 | a74af6afe33fe46086729e3323165bce427c4aca70824179ef2c2ba62b4180e5 |
| SHA512 | 32443fa119034f40835b2e140537ccb376b83060fb8d43290ab09ef505fc8e7096230835eeb9e1c5851e79228110408d39165ed5116d58e96afdcc600e827121 |
C:\Windows\system32\SgrmBroker.exe
| MD5 | 71a1bddd88401df10621702da88397cc |
| SHA1 | 83da91db1f1ce79f55eb898dc131f0b4faca6a56 |
| SHA256 | 9e85a3dc080d7ac24e940eeaa52e62a0e184dfda5d2b29ff4b733a4ac5e53b6f |
| SHA512 | 0fff5a0d0a76d479b5edce401334a6686b7b49c535ee48aef7162495c41313297f60a68456875164cb5e31e73b5d8e7e4988dd2d8054a572b7d2f2b0ee0c76a0 |
C:\Program Files\7-Zip\7z.exe
| MD5 | e0693e0470bb3313d0bbb45e8de0404d |
| SHA1 | 494b3703bbc792abae787c0e9c3727de881f5c21 |
| SHA256 | 8baf14d3d611325c7a04021c65d41f77682cdaa342ae01b307b4dfaf62103101 |
| SHA512 | 3b0aa5381dd03189430f49fd4f6ffccbcfc3c337196b5f8f770155925956e9a01990ffdc837513dfe326c5a6ef008bce4d170da1311c5f6489958207e27596bb |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | e1e9c0b8921f8da503999d3c8d74f2a3 |
| SHA1 | bf069dd9bdf89c71314216e8d481b40fef3d5f4a |
| SHA256 | 6cacc17e7187635f63e262831696834693ddeadddcfe4ddfd25038d820545e4e |
| SHA512 | 374e61a643515966e465586457d72783cc965aa8d734c9eb03127a44e11daa9534fcf5caf8af14cb0320040618c7e0d232c73912aa32f54aed1dc686159779d3 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | e42298066933fc5a653e17bff8fee153 |
| SHA1 | 0455d531dd388d0375481326562a6e53a04219f1 |
| SHA256 | 0f762637502c5bdd298238002eea06ea38e33b253660219a79a144db040ba9ac |
| SHA512 | 1b52a04c9b23e861149c80d979a0e4424630b540d8069d8dac7fcff117f22da3b4159c9bbedcf87c36174680546da843451ada97fd9c7fd4747041deb9a52ff0 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 02d07e523294f15cf76aef523d4a9024 |
| SHA1 | cf63c36513dc3de346d5206c52ba619861dd7a47 |
| SHA256 | 025ef181058a3a7db92d8e2cb79a549f5c2751b9756a487aff01af26318b8b01 |
| SHA512 | 59f8a37ba5a5fd4f45cb70addc88432a5ebcf720556d339848f2532d22b0ddfbab0a1f5260815a655f6bb7016a4f7aa75096f00a934a2ac4b8df95470704906d |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | d8d6c6972fc658e83c1dcd8e906d4166 |
| SHA1 | cb2d1ed0326c8b19dbbd2fedc6f0a1185d512a14 |
| SHA256 | 709c18f75d9996d3d26db1d4e1e4cfbfb95c53f53f7f40085c925e3040e1a787 |
| SHA512 | 7f738302a2618ec2d8b203e310245aa0c17acf1d0c7567ee1e197ffe3d7ac7b2b4269b14e012988686b672a3ff13311d185a02b21edc10f8907da06cab0b3ac9 |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 0a45a2be1f533a790b64b875aa78ad33 |
| SHA1 | 2a128e7d51f5a62101c5925adf57e045e3521230 |
| SHA256 | d816d7e6bd1cd746ed4d0368bdbd6be3e57ef534b02c57c3c9b74f7bed839c4c |
| SHA512 | 81bc0f0c7696f1c1228c8590730f8efe90034db6c939df1607e4e72174d37ef56a3857e1f1cf8c85060103785b5e72fc3f5a8b9de4298af7b83aad0208ef0969 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | 0ba9010d14c858d014aa4e692a216613 |
| SHA1 | bd26572bfc2358953c4dfdcae715c9e7e98879f3 |
| SHA256 | 9860820a91a9538e766c3bb376a2585fc633f78345e1ade1f034aafc67d4a37a |
| SHA512 | e80a2fe3b92b8cc1aed3e2116ae4b51ae3ade92452513c26beca624a21dbfaec2a41c4456a85f3f183973c547fe035f79227670d841286fdb6d86f6d9c9772cf |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | 3a9009da79763bd57c6da4d55b0b9c77 |
| SHA1 | 23f5133fbd53b99656d0367cf9e6cdebc7f6dda1 |
| SHA256 | 5607fcf521340aa6ab5b60f91af7f02b0b17795dacd18b0ea5dc5ac2ff08a994 |
| SHA512 | 7454c1aad74ab1d243fef9908602c6b0b0bf07ced36408ced6b4056abec1ac0f8f104d9fda709009a47b152c2b2e80e7fe64b972872c9750c793faec435ffe43 |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | 19294a6c4a6b219797816abac1cbeb34 |
| SHA1 | 95615278f14ded5c1caa44d4f15a461452bf4d86 |
| SHA256 | 98b98d163ce31b6d1f1c75aa3424e18ecb85209bb8cc73f46c9614b4ad77a89b |
| SHA512 | dcc7d88be301b7990d268f29dd75342f6a415d5a23d29ebc1d8e0794ea97c3561a1f9142dbc8a2b912f66f42add374e5f71906d4a201d2257230fb18f86e3015 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | f073be820bcbb319c47b9ce034f302b1 |
| SHA1 | 81a3803e2b31efda6d889dd817bdfd9b6d46f51e |
| SHA256 | a727f843e1efad40fa506e0236e9e267ddb2a9243c352934ac13bc07a6bdde6d |
| SHA512 | 31552fde53e3a04689fdb228f3df5470aa40e2c81c4efcf744725d902a33ff3c64db0aa62d61befa248861471ffa53987d6315a45b7296fd60f507683b9197c2 |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | 7c4dd031ec178f3c66a10ea13fadfcd2 |
| SHA1 | 79bd05dda32e8e71accfac2060d24bb18d3c2f4b |
| SHA256 | 69d11416fb0d1716cf9fbb743b47c825829caa8cfff3c33e46cba6f3cfc9d2b2 |
| SHA512 | 92449980912e84dad709887f8624a7c062cc5ccff4a158d05af7ac10373aafba814559cb19f7c5503e26f84f07dc55461cbb0ba84d878da882a5785878e34ab4 |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | 9710bfa9a8ffbf7550c3d3921e358dce |
| SHA1 | 23bfcabcbcbb779ab308be66734a3f930c71f729 |
| SHA256 | 6d0ab4633479c30e6f52706972c933067f8db74b43d2d085190194a0c3ce9dcf |
| SHA512 | 1f3433f59b32dc315d9c99306ab7f333e24c18a68d5ed6bc0675c32ec349f2de4419c2c1e0f0dabbd3a972d9e3058ecf533753e17301242279577cebf90b140e |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 7d33d2e66c659858402dec55b44de6cb |
| SHA1 | 7500a3d89bee24d240a3e5f40751c199c715ffa8 |
| SHA256 | 488bcd84bec3dae24b513b4188e30507d4677ec5c226b4b612ca8fb11e9dbfef |
| SHA512 | 8180469edfa290ba5b2e3032fd9644db63ff3a8ff5963c95f43586679058dd79c963afba7e8e8a814a6dcd8afa794c19f2ed0b217c5082cafa25d1dd11383ae2 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | 0aab029838155b492008787ab6e235f9 |
| SHA1 | 43cb1b390ea1ef6a7edf87b749353601372105cb |
| SHA256 | 1d6e193a91a53a5c078415ad9240d93304b66383bab4857a9bf9b37604e30d4f |
| SHA512 | f2b811e56b42c23a71c5cd884a89cb549082aa320accb6d7d0094cdb357a5a1d1330bd774177ed34c20fde47f443695776a66ef9afb05614d11b02b554de1cf7 |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | de2425e34d8e7d68500a86a092aa9f72 |
| SHA1 | 68a75f8e8d11eccf85d75480bb557cbb9c032b70 |
| SHA256 | 137ccd7234687dec2f859bb18861a8f400657067c9b0ebbae8acfdf2704108fb |
| SHA512 | 7648969f44beaeb89d5d13c2ad3c1cf23ebe659722b3345f6a6367c7d90eff97def7f5e4cfefe78aca815c2b6fcbca787032f7bf37bb9accd92b1f7591ef8f2d |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 98603151562a388f93595ebffb03c89f |
| SHA1 | d29e53a492145185cc4651af674766c9aabdd3c1 |
| SHA256 | 14d1f21314bc724b79c7ce6f75b28931128dde690cf6c388eb4efaa7a19f7dc9 |
| SHA512 | 9649d05755a7adbf4b94580b2efeb147dc822ab18570f40be09b2a88b482623867c216de2c984b7fa2f3352230d173eddb0d9a58a8d4b469cc7e60b6a6d8c2b6 |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | 9efa04983443a8e9842764f8afba438c |
| SHA1 | 5723581beffd64550b4db4df1aedd0b448fb3016 |
| SHA256 | 1a7d42eb68e60170e8fa798ff8153bd8b1c55f950636799c498636add86e190e |
| SHA512 | 5cdf413e6e278b2f262832405eded8ae8ccd1ec2805bacf983f74911efde05a0987e8de95ac9d2be868b70b29130144e5da20dff32cca20d40166fb83f142534 |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | b0530bfb0ae37605bcb7b94370d6d4df |
| SHA1 | 93068767db91dc21ff751e14b3c92ab80ada851a |
| SHA256 | 905bc0ae2dc8ab0cb05a388ca5ac0a3dee8d1ebecdd4543c15f63a9666a92e2a |
| SHA512 | bc6ff3a498a497c14fc5efafe1339b3bafa61c404f4def9a7691d002974d27316c6332199d810d71e7572b9cdb546bc144fe2982ea7348afcc0922be7237be8e |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\os_update_handler.exe
| MD5 | 7c22325401db9675201ba3564e640602 |
| SHA1 | 8511cf647dd35cd211e2c526e87ca6014ff05b01 |
| SHA256 | ea020e0ff8b91b0074317ce4fd4e83ef73dc597b21521ccdc0663c75a20f7829 |
| SHA512 | 6c076d3738705f86a194a580ec6f8b198833d9e4e0e107aa7b37a229c7f6282fb62e9592f40304ab04726c622fdbe47c0ee88308764ac60cf082f0fe91632266 |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\notification_helper.exe
| MD5 | 3cb679435d9eea5d9dccdd46ecf07e1d |
| SHA1 | 7efbe5a37678b62db29fb13c2fde8ce57e6bb8dc |
| SHA256 | d4d22fb6d807a2da64c851912d1356a3b654fc4e1d75414e647d95279e1daa27 |
| SHA512 | 9cd7fe86baa479f33b43d9aa6674982cb19bb7d4caa0a2081a6660e4a52b4cd3575c1d0055b3942d24e0173616759983d3e6bf5f534f0d44c0aad1a4771b0483 |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\setup.exe
| MD5 | 95f61bb9d4009a02fef20fed00b843ce |
| SHA1 | 2d78d44cd479797634febf6519d819bd8f728da6 |
| SHA256 | 66078efa28eba1f540a0b774d947381e0b3d7e90f8610c90e53c71b5018a9821 |
| SHA512 | 35f68259b8971c900872e5cc07172c79c1ae903f4eb5142a1a69559b54a960ee267d4e82d74893d7634ead3431ecef5284790b2226b0e06411bee7bf2d6d79d0 |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\chrmstp.exe
| MD5 | e0a36977513a54141edc3dcd62360470 |
| SHA1 | d2cd97a86ea02f720f27d7d97f5fbb7bcd335286 |
| SHA256 | cccfaa34d36aff6838145a82902168414c5375a2c3cd648b55094c657e84aacf |
| SHA512 | 8bf33fe3086aed57bc5b4f57a694594da667f3d5d40d51186d36cd2fb53df831c7be4ac59683458527c2961c63691dd8253fe6049420421dc30338b57e3584fb |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevated_tracing_service.exe
| MD5 | 82f9341685a8649443e36e41925fbeec |
| SHA1 | a3e8f1e067386d16c92513c8e9f96521ef3a9856 |
| SHA256 | 411495a4b4378f0dcad81fcd744ad10364a98224b4eefd35456c1147fe42995a |
| SHA512 | e7a9bd3feff9ad0fec8ae3459615a844acf31bf75e2808d0b2569a85a82920908bbaa2ae30fd82cccc7ad49763ac1f43c0e47135ef1c15817138c6bfb0e5572f |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\chrome_pwa_launcher.exe
| MD5 | f06ead6f7e150921454028df5c215972 |
| SHA1 | a2133eb6828bd0b01557e036d88205ddf09a055e |
| SHA256 | cadfe9efb1bb37efc1f4817478a677d2c5960cccc37955e35859f800d6027caa |
| SHA512 | ac66e500d9e5e99c062bb37c1dbf67cfc672abbcec8a9cac050446ca63a0e2fc1471724697b08e80de3a34319e9f1107e1f8156a4a3e91be626aae2e2732f3c8 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | c03f87107e538d4533006cbd6f214c69 |
| SHA1 | 4311717efe005a1697f9bd3372e03649cb284798 |
| SHA256 | 74747e890a3915c2f13262e2fe67e70cfc360ebdef25f83d74e2e1fa6239ec07 |
| SHA512 | 3c23ec4631f55a1379898568c4442c8e5590f4d8b3341bf310e5dc8f6e421a0f3609f8d2df8c169320cef5211b401f338b0ce0e2a9bf8c16c7b32de2e4c68001 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 167f5a880da599f9d37e0a1268d3ebf2 |
| SHA1 | 0187349c5636719396e17f6853a1fd4b5ee7c036 |
| SHA256 | 105a791bf6e0d5704b17c122b0804051a4d78c7517f5e67dc613c5b2540abad8 |
| SHA512 | 84f334840d41116b1bddf1fa5525906ba42cc50194ca9a5105051b5938c5915630fc3feaab5173826aa0a0a4c085af009f9ad8a965802eab6762f11a63a53075 |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | cf04d87c6cd3b515203b547e0401d48c |
| SHA1 | 37796fd78e6794c45fa0c6ad28dffd118c1978ed |
| SHA256 | b0a4fce18ae020d3fe7fa1c0c6abb0406cf8758dfebfbeb6da56a546cc00e706 |
| SHA512 | ab8669c023c144ff64599f61ed6c0e59d3bd7c24d540af08d223f3e0a10784b3c3aa31eeb75f734e9861c0a5da6ea3827f99e65f7f722a7963671da7791bd92d |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 1cf63f86fef08c602b5ebb53767613e7 |
| SHA1 | 435009a3bf297dbd496d48441b1ad654d14919fb |
| SHA256 | 20d84436abc116e697c6c1748643acb522cb6fc740da57d60a98ad47980ae0f4 |
| SHA512 | d6fafdaaf1a3d3ac61e1b46f28d3397c5a14fadb8938cc4720bdbe93355413aee31a8ade79d9e0ac0b1beb7ff2d6d57ded3f9a2c4f1cf0b1ca25794b666a7b40 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 8b8888b63b5a20e75a19f330cea16c0f |
| SHA1 | 65f6606b1ab371dedd023f84ad3bc6ef4a42630f |
| SHA256 | 9d216d5c9088a68d64c91409c0203cecd10c96292a814e906cabf65df2c363be |
| SHA512 | 6f15ecaa85d88055c9ad3d1a12a126498697c064614be9ae9e850743e1386ed1798ed3c7f6d5e108233f096cc60cbbf940496e55bb4b71e2e6c10c486ba723d1 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 62e539131e7423f8a0fee0d10b28c5c4 |
| SHA1 | 26b92f2215d4b21f7f4ff9c103c6cd47d0815199 |
| SHA256 | 9b9b3576ee84fa4f0ae8a1ac3ceb825a7d2e582df077f2bd407bee8c98a4055b |
| SHA512 | 7cd7b9da0a19bc902a08900d3113fdda0ea40696ba0d19454bdfc494e4136926d8254bc80aa8430b5a77ce74717e72d0e8097d86781ef496b7fbcdd744cd3742 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 6efd52018860d156eda900f0fdd70d21 |
| SHA1 | 12ba26402ad519d7309c1f1dfb45e92b9828a936 |
| SHA256 | 629df74ffd6dac033b5eec2c83c22bb5a6c23a26a91e78f1c07d4be2df51b3e9 |
| SHA512 | ee2bd85348e85bc6c248921ed19f2ef1ddfe541c4c3722bfee4dce8428fd2ec6e9f7ed1cc3063c351320db3065cc1096760546d8ebe3e2cb7965220d1c4ab5ee |
memory/3632-501-0x0000000140000000-0x0000000140147000-memory.dmp