Analysis Overview
SHA256
c697b3b40a2115c5c7e2d3fb2da0b3ac26b6caff42babcb1b4522128f008818f
Threat Level: Shows suspicious behavior
The file 2025-07-03_9919f5cac21ac109d52310f6b86eb7a3_black-basta_mespinoza_ryuk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Suspicious behavior: LoadsDriver
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-03 05:54
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-03 05:54
Reported
2025-07-03 05:57
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
Reads user/profile data of web browsers
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-03_9919f5cac21ac109d52310f6b86eb7a3_black-basta_mespinoza_ryuk.exe | N/A |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Windows\System32\msdtc.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe | C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWow64\perfhost.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\spectrum.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\system32\spectrum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\SensorDataService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\System32\SensorDataService.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\TieringEngineService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\TieringEngineService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000026329204dfebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\acppage.dll,-6002 = "Windows Batch File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000052949404dfebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" | C:\Windows\system32\fxssvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\wshext.dll,-4803 = "VBScript Encoded Script File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000022723004dfebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000019d43204dfebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000091d25104dfebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000094a7a704dfebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000067bb9b04dfebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ddc3a605dfebdb01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" | C:\Windows\system32\fxssvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9912 = "Windows Media Audio file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9926 = "M3U file" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1748 wrote to memory of 412 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 1748 wrote to memory of 412 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchProtocolHost.exe |
| PID 1748 wrote to memory of 3716 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
| PID 1748 wrote to memory of 3716 | N/A | C:\Windows\system32\SearchIndexer.exe | C:\Windows\system32\SearchFilterHost.exe |
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-03_9919f5cac21ac109d52310f6b86eb7a3_black-basta_mespinoza_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-03_9919f5cac21ac109d52310f6b86eb7a3_black-basta_mespinoza_ryuk.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 8.8.8.8:53 | pywolwnvd.biz | udp |
| US | 44.244.22.128:80 | pywolwnvd.biz | tcp |
| US | 44.244.22.128:80 | pywolwnvd.biz | tcp |
| US | 44.244.22.128:80 | pywolwnvd.biz | tcp |
| US | 44.244.22.128:80 | pywolwnvd.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| US | 50.16.27.236:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | ssbzmoy.biz | udp |
| US | 50.16.27.236:80 | ssbzmoy.biz | tcp |
| US | 50.16.27.236:80 | ssbzmoy.biz | tcp |
| US | 50.16.27.236:80 | ssbzmoy.biz | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 44.244.22.128:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | cvgrf.biz | udp |
| US | 44.244.22.128:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 44.244.22.128:80 | cvgrf.biz | tcp |
| US | 44.244.22.128:80 | cvgrf.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 3.229.117.57:80 | npukfztj.biz | tcp |
| US | 8.8.8.8:53 | npukfztj.biz | udp |
| US | 3.229.117.57:80 | npukfztj.biz | tcp |
| US | 3.229.117.57:80 | npukfztj.biz | tcp |
Files
memory/1416-0-0x0000000140000000-0x000000014019F000-memory.dmp
memory/1416-1-0x0000000000720000-0x0000000000780000-memory.dmp
memory/1416-9-0x0000000000720000-0x0000000000780000-memory.dmp
C:\Windows\System32\alg.exe
| MD5 | a0eec0a5da7a7b325fbea7fc63657bd4 |
| SHA1 | 7c2428f4c0378464fa9da6a5efa6a002f07d053a |
| SHA256 | 56a7e5cfdae28514340b79d381e2540b42457641c25b9cdd62f22751939868eb |
| SHA512 | 8291220e134c8278422ea654f3d1a4905eb4647004ef268c36fa0f5d8fc4381b8e709cd7963c27a7ee0001a92b47244ab36478eedc8da7c62ceae073c3396782 |
memory/1388-14-0x0000000140000000-0x0000000140148000-memory.dmp
memory/1580-18-0x00000000006D0000-0x0000000000730000-memory.dmp
memory/1580-26-0x00000000006D0000-0x0000000000730000-memory.dmp
memory/1580-17-0x0000000140000000-0x0000000140147000-memory.dmp
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
| MD5 | b9648ae6091b6f3265e12e3916dc45ec |
| SHA1 | c38a4f7fa84bdfcaf21db3d340859e06174bff9e |
| SHA256 | c16db618f623d49d535423e1df96a16d2be25b36a12a299537e2a8ab6b3a4749 |
| SHA512 | 55c3a54d9593ef980193979371a9bebfece9e35e9042513551fbb4d5f9769dd992fe7a5c97b10785e3d757a44d6a2b7b226c9139d11ae1f0c0be5096bb9be697 |
C:\Windows\System32\FXSSVC.exe
| MD5 | cf2ae184c02323b81da0c66f2fd9c28c |
| SHA1 | 524a7ae65376e82282cc9fed21c16580d6360dbe |
| SHA256 | f3febe63ea87c2841a32a69879840b131106b1134a5e35472f9153e72283e7ad |
| SHA512 | 8ac816ed275742cb1180cf9e4310b1a3dfa946c4fa63bf486d32d867f793a77734c7190650b64010860d0fbf1ed110640a2aba8056aafae7f6a3069ea256ac5f |
memory/4452-30-0x0000000140000000-0x0000000140135000-memory.dmp
memory/4452-32-0x0000000140000000-0x0000000140135000-memory.dmp
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
| MD5 | 5188f499355658b0abda03a1dcbd0405 |
| SHA1 | 008920a556ee08ca7501bce44edb2896c14b4e39 |
| SHA256 | 8d4b1c12917b9542f593e6b4e1e0151befe3c85e65a97fe6d85f5c9d292253f7 |
| SHA512 | 0a20fe90a77d8cc74a93c13fa311211c6cde746c882cae59548d67dc1f5594ea13e17a697135c90e26b5c9d7d4b4e0fa400a5f1b1d0752096809026bcef528e5 |
memory/4008-42-0x0000000140000000-0x000000014025F000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
| MD5 | 5b2ff31ecfda32d6bf5d9ca07ee3ad50 |
| SHA1 | 8eb72a1d74677130cf2b390eb58bc80b6d929945 |
| SHA256 | d0d936f4309e0aeace953c3361847883c6e4d18e3aa623432190a8b682033314 |
| SHA512 | c796ab2cd3c710c19b341a254f09081bd7efc8acbdbf4e3457858de0d7827e23417d124a4e104d431def72fd0595ba4c045ed8a7414f113b519d5ba54a42768b |
memory/3672-67-0x0000000140000000-0x0000000140174000-memory.dmp
memory/4788-88-0x0000000000B40000-0x0000000000BA0000-memory.dmp
C:\Windows\SysWOW64\perfhost.exe
| MD5 | 6e1a327b3b7297a48aa6f201e9d0020f |
| SHA1 | 1edcdf6646c5cb901be6ba1f70a3fc2e870cccb7 |
| SHA256 | 7e2739b0b9a2ce1254426f3f20a222ff9b64936c09913f2af8bf34c3dd10c6ca |
| SHA512 | 8c5affe6972181cf08deb5df7ccb978e979c78e33877e18aad1659957f19e01e3bf8762d027a39e0039af8786c592db86531d94421864b4e1d02093815e09854 |
C:\Windows\System32\snmptrap.exe
| MD5 | 66666fda6f3c5efe1d68a06336f03bd3 |
| SHA1 | 0e936d32405b3921c912dff3fb8a36ecf6a36633 |
| SHA256 | cf616e545cfda039d3eaa5126559098cf164e477c0d1026eba40dba083568d69 |
| SHA512 | 75d322831922d20fefc3bb4a58c6c489ba9a69e3d2ae635861508cd42969062626de6676a7772b2e4e1131adf753c983cf6ea7f14fac112bbcbbdded0bd4719c |
C:\Windows\System32\TieringEngineService.exe
| MD5 | 35fa65d6b5e145b491cb95536e30a7fe |
| SHA1 | 3e675587ec3aad18e134c45a88b2c74bdcac074d |
| SHA256 | d730fcfef3228a77eb71a3d798be658534b1e84dc93ace0dc77f147a78ee2264 |
| SHA512 | ed19604869e9d946c2982a210518193e7e938b7ca24625e453d8190f26540ff6f2bbb311d2be99cb17c480807e1f00faf86aa6211ef9a976413ea9de7f78a2ff |
C:\Windows\System32\AgentService.exe
| MD5 | e018206aae43f8196f34b50b0aefc8ce |
| SHA1 | e6fb123225ce1dca9ab799b7b20c2ecc53da43e2 |
| SHA256 | 7a8269da4d44e68e370cd8439c45d536e242db114701c597e5a84c91efda4091 |
| SHA512 | fd03fded8e84cd78916c560b38cd6d3b25dcde833adf40e54f1e038d5fe3a69de32232c7cdffb4a7f1f41f44097dcdc6ec3420120c1ecbeded0678b1b4aae21a |
C:\Windows\System32\vds.exe
| MD5 | ab5883c3a0588d4de63ef37870ecb764 |
| SHA1 | 1106377ae242b214fee329b1a5f1d2243aa7cc7d |
| SHA256 | d9e3225b65e42732e5d95560e96b7c52d50029b291ab2cbeee01cb88e3e968ef |
| SHA512 | 53d9c4faa5570d93c9b310c6544feb222c6e357e5857e7a8a59be0fcbd643336d36fcb25540f0419dc886738cbea430b7d78fde3823ca763edc586036934f2a1 |
memory/4116-138-0x0000000140000000-0x0000000140266000-memory.dmp
C:\Windows\System32\VSSVC.exe
| MD5 | 018cfa7f79043c1d64c2885521280766 |
| SHA1 | e38d636058fb3504ae0b96fe1439cf93be270f74 |
| SHA256 | 885f9225e4c40d03e3cb32f72d3583fbe358f157677c9294ec56b9bf56b81bb8 |
| SHA512 | b2accb0b0aacdba4e2db74517671f89dd2aa26a6756020a42c8fc8fb26463c9abc0bfd48caa973091609c3d41362dc95da8f7e2bdf45191a3c5883bb7ea1d77e |
C:\Windows\System32\wbengine.exe
| MD5 | 0f371479db2f2f54b1f035db88ca49f1 |
| SHA1 | e7a117f82647a217daa254d8cf60d4a0f709628b |
| SHA256 | 543a741f27906a5481b95ace0fc2aab27deaa4b832615bc940d087e9f94873e2 |
| SHA512 | 3101bc3eb11ad70426a6560913687660ada206767797941b40742b8942bd88742c5a0c89a2c52fd6077b78e183a9dc3b594646d00e4dd1b944e090837d48cced |
C:\Windows\System32\SearchIndexer.exe
| MD5 | 5ad3b1b29fc69526a448b47444aa7848 |
| SHA1 | bd533b8c92a8948b2e1083f6b978a4d4c065e18a |
| SHA256 | f9f58f3dc3ad08df175f0e9030cd5318424d764ffcb3dc54b662c792ac072451 |
| SHA512 | 9957def83a521480177b73803f8fbe58352fb9840442797b5ddd3b097e7fd6a6424e5a11714e8611ed70d4fdba13e88d853435b391adbafd92bb94a8a20e553e |
memory/4656-152-0x0000000140000000-0x000000014016E000-memory.dmp
memory/3144-161-0x0000000140000000-0x0000000140180000-memory.dmp
memory/4628-166-0x0000000140000000-0x0000000140157000-memory.dmp
memory/2644-167-0x0000000140000000-0x00000001401FC000-memory.dmp
memory/1748-165-0x0000000140000000-0x0000000140179000-memory.dmp
memory/4164-164-0x0000000140000000-0x0000000140164000-memory.dmp
memory/3956-163-0x0000000140000000-0x0000000140216000-memory.dmp
memory/656-162-0x0000000140000000-0x0000000140147000-memory.dmp
memory/2928-160-0x0000000140000000-0x00000001401A1000-memory.dmp
memory/4976-159-0x0000000140000000-0x0000000140169000-memory.dmp
memory/5004-158-0x0000000140000000-0x0000000140134000-memory.dmp
memory/4396-157-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/3156-156-0x0000000140000000-0x0000000140133000-memory.dmp
memory/4568-155-0x0000000000400000-0x0000000000535000-memory.dmp
memory/4788-154-0x0000000140000000-0x0000000140149000-memory.dmp
C:\Windows\System32\wbem\WmiApSrv.exe
| MD5 | 9345c25456dfefc6a7eca8f091f7003c |
| SHA1 | 0cf9c2d9b2fee5b324a33ee07b2cba2c7aed4c83 |
| SHA256 | 93d3e4acee866bb66ba3f8f8b9452686934fadb9137217d7d91157e3593cf6d0 |
| SHA512 | f7d4fe3752f0f647dae37802b949324a07fa72c6cd271268928c62e90c9000cb8a722f7c6e27a366b6665e8fc34bb030a46bd85c0c00c42e3c59aeab5e2e3ca2 |
memory/6096-135-0x0000000140000000-0x00000001401C0000-memory.dmp
C:\Windows\System32\OpenSSH\ssh-agent.exe
| MD5 | 17cbd7fbfd76f85711a30d2826064c6e |
| SHA1 | 96bbe5e51d55580b91154a878cc13e0473ea7f98 |
| SHA256 | 15d142021d5e848830e53c3bac37986e8fec401712530d7fd959e1b99a1b468b |
| SHA512 | 7c558fb1d90cb1757c9f1a53ee2be3e10b2bcdbdc2382d194b618b5b8567a2ac5df92362e5c7884af3ba52659e0fb10a8d7fd1c8335ecc1ee205b1cb9c94d32a |
C:\Windows\System32\Spectrum.exe
| MD5 | fd7986550ec8c317605558678153ecea |
| SHA1 | 45004900ead973a29699af68084353c52be448ba |
| SHA256 | 03918ec4ad8a31fc67c37e54890fa5bd8320f053cd952e3fc777e6690a86900b |
| SHA512 | 6bc80a53098cfc244416509f3d3f58bf8a5125e7458db239bb6ca0a6999cbae43dda57f605f07068e798341aca7f8f6a24eb5fd6086be75d41e3c19fec5fc426 |
C:\Windows\System32\SensorDataService.exe
| MD5 | f1684e759d1b905f6a8224ec38209101 |
| SHA1 | 5e0862538953dcb94e1e5438b8fb34d7cafc9baa |
| SHA256 | 0acb16e49b6cd6536cf63d6d366ff4019f9fe58fc020503f299c4552f415fdbe |
| SHA512 | a214f027c6ecd0eaa535134d1553c52241b3f55c5e36b4937982f5db60fdfde990976695bef2b5ab32460e6229e73f38e2b46cd381f46486103cd87981a4854f |
C:\Windows\System32\Locator.exe
| MD5 | 646b67fff58617819f90a13ca7b67b55 |
| SHA1 | b2aacb6cf93ff261782a9b10ff77a281ef9d3697 |
| SHA256 | 804c1117fa6a4af5ce44d3fdadeb86ed1beb91c487451f3e7e8a851e4116a07d |
| SHA512 | 68c7d53768eeb5e3df72ce44ec77c4e6940418c0ef87dd4a25b32af8d8686fa68b28eed78a8a60e5045bd9e2600ef1602d65a31f1fb773aa54c0faa5dd7fb136 |
memory/4568-100-0x0000000000800000-0x0000000000867000-memory.dmp
memory/4568-95-0x0000000000800000-0x0000000000867000-memory.dmp
memory/4788-82-0x0000000000B40000-0x0000000000BA0000-memory.dmp
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
| MD5 | 1e5360abbb92085e1ca3178e89fec51c |
| SHA1 | fd49e5c8f27cd3b5d990fba2a074000dd5d8d2e8 |
| SHA256 | fde8193e1d38bdc3bc3ef8bf6f88a17f8c77c92519bbfed908f00f956b308364 |
| SHA512 | cbc21a6b2dfc384a31458458232330f2f907512f4e9aeda7f5957e3d83ce02dff0c659a517a3a55be59d9ddde2f1864edacbc280c57d498ffb64f7454bb40d16 |
memory/4656-78-0x00000000004E0000-0x0000000000540000-memory.dmp
memory/4656-72-0x00000000004E0000-0x0000000000540000-memory.dmp
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
| MD5 | 6afdfb0c48193572990f575824c3b6fd |
| SHA1 | 092c8c4b41c62b469ac0fd3662e953704b02a2d6 |
| SHA256 | 3a7fe5947bafe38cbabf655c34d51013899b8b93350ffaf8a6ab814562cbc915 |
| SHA512 | de1bdeed1b01d81101b45d9c15fe5e8b17a13e4f950c425494147cdcef259469e6d6f177acdb6287777cdee07a1cfb58be11679b2edc0f4895a124af0464db54 |
C:\Windows\System32\msdtc.exe
| MD5 | 7d07e300f09072ad2790251852c89a1f |
| SHA1 | 2c6a3d89e28fa8dd48657bea6175d0d5ce4a7772 |
| SHA256 | 61d585bdf435a03cc3b6f4a4db7d7c74087fcee63896155217743f827c7ba78d |
| SHA512 | b3b5b96b238607c411d601b61a5a9cfe7770b5a563ec14b71e43200e31a0c6821100c39b4483ca67a807b08f146a61722b409a0c4b209c915567250defead890 |
memory/3672-65-0x0000000001A80000-0x0000000001AE0000-memory.dmp
memory/3672-61-0x0000000001A80000-0x0000000001AE0000-memory.dmp
memory/3672-55-0x0000000001A80000-0x0000000001AE0000-memory.dmp
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | 72a8fdcfdc74fbf6fc2ea4451805ab2d |
| SHA1 | 2a621028b2fed19511911b82cda64b89efec66bd |
| SHA256 | dfff8e0e255ad70ea2e8df3fdc0a13566d420172cfb33b5cd17636b1c638d100 |
| SHA512 | a72a58fe9b0bfa6b9b645447182f8f533e0a9357c1789dd75eeddc5920e5aff5aa0dc273c45457cbe90cb3018fd881c73d9a09a192d8e24b04fddc981215b229 |
memory/4116-51-0x0000000000890000-0x00000000008F0000-memory.dmp
memory/4116-45-0x0000000000890000-0x00000000008F0000-memory.dmp
memory/4008-40-0x0000000000CC0000-0x0000000000D20000-memory.dmp
memory/4008-34-0x0000000000CC0000-0x0000000000D20000-memory.dmp
memory/1416-248-0x0000000140000000-0x000000014019F000-memory.dmp
memory/1388-318-0x0000000140000000-0x0000000140148000-memory.dmp
memory/1580-351-0x0000000140000000-0x0000000140147000-memory.dmp
memory/4396-400-0x0000000140000000-0x00000001401D7000-memory.dmp
memory/4008-458-0x0000000140000000-0x000000014025F000-memory.dmp
memory/4116-498-0x0000000140000000-0x0000000140266000-memory.dmp
memory/1748-500-0x0000000140000000-0x0000000140179000-memory.dmp
memory/4164-499-0x0000000140000000-0x0000000140164000-memory.dmp
memory/2644-501-0x0000000140000000-0x00000001401FC000-memory.dmp
C:\Windows\system32\AppVClient.exe
| MD5 | e6a379497b06b7c0b6300e1f12f2fdc7 |
| SHA1 | bf3acb8c890587919fe99c5ecc83959f15a0d26d |
| SHA256 | d24e4d0af3109ff51ab8ff9bb55a8264609ab664aa2788d14387f6f6b046624b |
| SHA512 | b2f792ec688ff051408550dd0cceca8243482f505449660c186d341b421db75010cac381cc9e62405c05af9e73380a778db697b97fac047819316da1454e427b |
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
| MD5 | 7ed774b323e6ee480956142a5a7c7da3 |
| SHA1 | d4db7e8b690c74a8f65574f5d4332fb1e5a6ca83 |
| SHA256 | ce5c75275954f12b413a426ebd788c55d0c7deca85213525a0a80ea04079ea51 |
| SHA512 | 675a79f74172f50f4c5f3426c05873cadf6b0b627c14302e28f72377991d758c593ecc9498d39ab3c9afbfe21fd2f1af41fe0714142864c44a1da84df49bf1de |
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
| MD5 | 165f490194ce64bca7c717b1c1ba8f71 |
| SHA1 | 3e42269447ada1a5775b8b0b6e0dfe536e01bdd4 |
| SHA256 | 5dbb04ce5c5ceb4eeaee9da715cb9d6c19682e1fd03e4f96e25beb7c0c31db45 |
| SHA512 | 3d1cccf8083daa54d10ba42f2657680d1df58436ee84c85cef6de25548f288c6e9645baa3900bf7bf514d530d994140dba94e85a12ebc3fc25fbd7cc77139b39 |
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | c4aa8d5f6b05c4a4709cf300a9692be5 |
| SHA1 | 0369e1bab7377f84c45ab891fefdc9f020d58a2c |
| SHA256 | 79241b59b01c71ecac00d0828be465d065aa33dd5b1d4920786415d8bf25621d |
| SHA512 | e707e8e4d9468da9ea2e87c94bbd532b05fef461fdd10593ed50fb41c3613b492cef58e0e694f131ea34784d50e899c059e2fc0f8f07af2549b52eb88058ef2d |
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
| MD5 | 99413ce170dd77aab2385cfe59d4fc4e |
| SHA1 | 8d5f125992332fbbd159930f8a4f63950adce763 |
| SHA256 | b7c10f79599c20514f56311fbc5b46ee460748daa324705855657c3e741decd9 |
| SHA512 | 75112d20bc48c5eb31f5332ab257dcbbbb81ed6aa24b373f03998b5afc77867ff50e8aa49d3e6ebc393f46cea22d32da8cdb12529f243a503de9367f2a067095 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
| MD5 | 74a286f754d5d0978470e061150dbcf5 |
| SHA1 | f619f99de64c388549ddb151d5f26fcdad128b9d |
| SHA256 | 0942e5dcbbd15cd7950780ce38e9b3077dbd2491c5930a9c141cca16a973f07a |
| SHA512 | 45e4587176a1c1861c52aa6ed865f92781468799495b85af231b6e6287d0eadf4b9b7bc80ba7f118f90f1eed3441370d76a161fc59034e473d19ce8709584e67 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
| MD5 | 4f5a751576e31893bb7f0ce7a4a8c090 |
| SHA1 | 0a6e8703b0fd66a349a203d6c6eca86a02ebff42 |
| SHA256 | 5807be0547680a2d95e33f3dd7b2e2395f9357f23da69d9e1647ac0df17b3498 |
| SHA512 | 9b81ed4244f1cc103fb17dde990f87d7304db1ad2f791bf41451b90d0138ba42b3a58a45379f2119bd0d1f07e022486bda73b4e157b4ed03a984b7702ac72e03 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
| MD5 | 71e78d74db55f68a13a5748ad85160da |
| SHA1 | 000388479b575ed82dc0fa314444651a975b285e |
| SHA256 | 5d5df67d79cf95340030c5043ab5491978a1d2d91b8af3d375f27dc9aaeae6e3 |
| SHA512 | 3bebd4bc9481263a01085653ecfba932f17fbdc79c06d177dd24f6ac60dcf818839bdd60211dcfde38d3515f2c385890c21be61e006abaa1acb7620f7ef60be4 |
C:\Program Files\7-Zip\Uninstall.exe
| MD5 | 029f51db55861bb0f362cb656cf77e09 |
| SHA1 | 4f6fc14c46ea68a48d3b6a6514318d88ce610d22 |
| SHA256 | e38f6d73721e8f2370b608c1c64d2a4e8bcdd45f025afa3d8e0c489dd2b22d6c |
| SHA512 | f33588206b6662b44a1c42be4bd24f8effbbc62f9270708f80ec2ccc9bf73df093e794573369a5963111ffc55b38d740087bc3d388df44f35ca8eb62bdafd772 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 812b2940dd6bc0656531c02c04e28677 |
| SHA1 | 2a322fd117ebfdd389f5a43f98ff742903b59e7d |
| SHA256 | a63151ac43c1ac89a41ab3dc74dc95295c03227eee3e9ecba14bb291f79923c7 |
| SHA512 | 27568cb2dfbf8224e98efb4ed70ae366b5938002070c591ad4fd824261c750edcf052b952e28469d05f9f9e290bfb7345099aea66ef51c4a5c3a7c5df3f79f13 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 2bd7c5ee519ae2b660c5913208370183 |
| SHA1 | d602216785892bee12d4ca48e42773b50fb8b4fe |
| SHA256 | 486f4f3f1241ef8f6f4c542f20957ef4841301ae8c5cdb3c1d9a94b8bc936289 |
| SHA512 | e4a7e6bc364a279cb1bb5626f4fa27edeb6b8b361f73657b7b2d6e9b9114a652e8e39926ff6b8f60a36e62ad019b5c23be68e77f8460f3ce293d43cda72de2bf |
C:\Program Files\7-Zip\7z.exe
| MD5 | be20d36ea13b9826c4abf643d20ac3a1 |
| SHA1 | 702b796f92f4bf2453ebe082d5927b587d3b8093 |
| SHA256 | ec36a8b6e6d9e70da69349fe424a66fb5d2fdadee879d3db6f3ae6e8d0abfaf1 |
| SHA512 | 25dd3d7dc8da97f8c418cc38ba43384f9cf9f860d88c1d6ae0be0912410577f38f3759c679d5d3d6897b94b98e5c01530035aa8447212f1039e4aa2111d5cb54 |
C:\Program Files\Windows Media Player\wmpnetwk.exe
| MD5 | bf9b4f850670672ab1e48a29a372daf9 |
| SHA1 | 2b52f65ddc3ff25b8ba89c7a832c0e7b77f99a35 |
| SHA256 | 4376ea07cee1788c0b7bf162b3517af4c8667dd9569bc79a2e154a1766e75ec6 |
| SHA512 | 1a77716133211117b9a68aa857640f5eabb40f11f8c93203da664a3158d41671016f5e087daf9026eb62a7f1550de5a08d520ff000e99cd4fbf3eba6ecfe8a48 |
C:\Windows\system32\SgrmBroker.exe
| MD5 | c52f11ba2fe2dcc89add910e8363876c |
| SHA1 | 03a04af97544c7a3b6341d9a2816f2d5bc03f738 |
| SHA256 | 5b12a2a5561b6a7282ef90932b915870d3d33cafda1f899d80b0246fde6248d0 |
| SHA512 | 382b11b958492d0093670055a85fe9de748136449c5529d55bd7727b55e04d08a87c6e98b122c6676920a9f2a088000c257523d3bf4e6589aa28f8d276e21d16 |
C:\Windows\system32\msiexec.exe
| MD5 | 0cbded6a9bbb8777ea3cc8f628ad06a1 |
| SHA1 | 84ec2e596e3d57dc47a0e1addd10b9e6fde91eed |
| SHA256 | c933d84bfb37b199fbf504a7b4558d729f62efe97fcbfd1b4bbc76369246eb15 |
| SHA512 | 2b8063b4d1c0b82ef94fde68c90fd00dd98872b760511378023a019873339afa5d39decef9e287ecf9a88d37ff8291b209a7f2e682994eb2ccc995b053ccb4e7 |
C:\Program Files\dotnet\dotnet.exe
| MD5 | bdc2f7673eb796b1fa92e43e9d6d30f9 |
| SHA1 | 9b6351f6caf1429d26d7be1b5124105d7f3563ee |
| SHA256 | e18de804ee2f4f1c56b0ccd0831a2b8a298d3831d01ec669a2cc6240aea2c71a |
| SHA512 | b8eff382dec263a66e150c4730fb34d10a6b31ed5ce2f4f2e2d911c970fc2c7b3bf978b8aaa0e934d89334f5f39c1c3cf52a0774c1a41ee865febe59823dfeea |
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
| MD5 | 96d35501cbe7c72fa656ea51ce4dc812 |
| SHA1 | 8a216b76fadb6b1c9f287f6755072fabd0a7fcba |
| SHA256 | 0fb2dca1ceca5286c2b4123dacc7cc33f779dc3b2149a4a00a12a035250191e2 |
| SHA512 | 0d26f2e4406302c9c7bd91e812f228f88a91153e0a141a0c5969c295073ef144241e19081bc27a209c9fa06337b29b65eddcc404ddd59fadab9b17f34b801ffd |
C:\Program Files\Java\jdk-1.8\bin\javap.exe
| MD5 | 55fae27ac0425898df8a8371d8dffe00 |
| SHA1 | c32e62070edadd1b3593d82831b8a4c70253d59b |
| SHA256 | 9e5a8736d95847904684274a05f3dd9ef6534a2784164e77c4e40419a48e03be |
| SHA512 | 8ee0bb8613f2ece94a6f9246b327f36cdb1784672df35c3c8c2bb3474aae41577dddd5ab7fba1f8a18b8affc6c1601ff6a95a0f8d3a4553f8cde5408858534b5 |
C:\Program Files\Java\jdk-1.8\bin\javah.exe
| MD5 | 161982de9ef951e6b7fc9e5b155be885 |
| SHA1 | 6fa7da0c97fec2fb0581c053c0e406e9f1c1cd01 |
| SHA256 | 694e48d2c8cbb2e76a37843907d8784428cb2f98b15751fd4c8fb47cdeb002a6 |
| SHA512 | 8660fa5bda435d5909004b06d9332ab7f89952811d57941414756fc9835f95732afa0bb2aa3a146fe9749a7a10c3c8ed0589448d583169a76aea2cb67a6dbecd |
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
| MD5 | 77cc71899236e77e558fffa702e976a4 |
| SHA1 | 549fc0b11e321ef91482ea81b8b5292df0b3d0d9 |
| SHA256 | d0d8137223b5ae3dbf0c34bec0ce33d46a41589b3d6c42923fa9e8ad4d64522b |
| SHA512 | 713d3e63a57fbfcfd03e3ecea1b98d440b902f0b453c3a0777881459437eedbefcbba9972f151368d4cd7d92bd870ff24dd8826e4a83d5b0a8d5e1e2649ad979 |
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
| MD5 | 4497be5a59d4ed7d5d727e72dfbdf667 |
| SHA1 | 405d8d47631018091ef1889802497850787f7c06 |
| SHA256 | 56e1c9816018f9934815591ec99a30ffdd0cec5f212573da1e7095ee0fca6c0d |
| SHA512 | 65e7087494431c19746bb0d5914652cf6929ddec1af63de51f577455a986d8290f1df95cf2bfade6ef4ca0ca726eb087b6ade319946d396a56cd6fa3a5ae44a9 |
C:\Program Files\Java\jdk-1.8\bin\javac.exe
| MD5 | a6662853c1f1f34cf5bdde3ac717cb6e |
| SHA1 | bcf3819edd18bc08257590b5a8f59b64151fcc07 |
| SHA256 | c43c52de544b70fb490e06a1fc9e100d9e4668daa3e9fcd9751afd7df7706e1c |
| SHA512 | 1c78fd0fb2f54e6a5efc896faa10c88a7796f20794e4ffb71f9677bc45d63b3beb630cd7891f90cba7f8713cf1c62e85812bb62f3fb3eb01a73e7d9d450e40ae |
C:\Program Files\Java\jdk-1.8\bin\java.exe
| MD5 | 939bd36e9bdbe14967e35c7c189dd085 |
| SHA1 | b360dea793298925c34b1a80bd0c9f67389ead12 |
| SHA256 | 56266d4eacc57912e5ffe66467e2dc1c52abbbb64f38cc3f3fc572810779a741 |
| SHA512 | 5139915bef0b71f6bbffb6644e04c32c2dd4b266ffafee24ed65d18621c6698c207d47fd2504f8126101e4545d16a91d67f603f6d3cad4def9d5daa0ac7c9a11 |
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
| MD5 | b9c9014752bee044e774adbd45fa2f3f |
| SHA1 | e40f1d6ecffa72b814e319e54b500febb690fde8 |
| SHA256 | b5bd285f134d153297ea4ad27b3fda2e7bd5f969fa192308e5224b1592019254 |
| SHA512 | 2bd7db7987beb8ec94b7ff5f6c0e6ef917f985a95ef7eea3258b16600457ef7923f9c5fd1eb6f5a33e69c840e3ca168e9f6554145c559351841a0a0082deb4bd |
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
| MD5 | 358f3bf69cae19271680780110a6fb26 |
| SHA1 | 789b5bca46530c98395cf1a89429bb1ac970f4cd |
| SHA256 | a1dfba382f2d9c6e29487ce0031921bc2c92f3e74b3ea6f784ae040c583a04ae |
| SHA512 | 672d5c83224c59232d87fca8e3101192862ec38a8316c35efbe7bc5991aaf7d597ca7bf4ceb47855e22bc823b204fe4d599db46e30c6e22eb1e5e73d2cb04226 |
C:\Program Files\Java\jdk-1.8\bin\jar.exe
| MD5 | 9c7130953d5553f46840f15ce3207ca4 |
| SHA1 | a792da28383bfe80b70005a3820c0423e9d35e59 |
| SHA256 | f2a7d3c47112eff0c8e598804c7298b9a1f8449590497395b4ee1a36a3adf80d |
| SHA512 | 44c8a87831c7e694b6a61adbf1b76bb6c1ee6e4b3a461ae56f918d36a1db012e5be4f09055798625671a83ac0af6ea350f69e9f8ceb23e797b1caa34849ebabf |
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
| MD5 | a0258c9033e848a4b85a26ccad682414 |
| SHA1 | 0b43b066d54b3fdc1da61a646855087995bbd7a9 |
| SHA256 | 81f4121678dfbd70fe32c379abbe1db2e30ae13a6d7e9c41e160dd94b6b28319 |
| SHA512 | 10b2d50768da27fd4cf248e6e3cbca42d7ee328a12b7e00f0af6124e568be94afb1128bf2ddcdb976a49bae209014c0c4e0ddb1e637f8d5eeecb5bbf13d86528 |
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
| MD5 | 226d36f9e4f8463a3d1ca3882ff37c7b |
| SHA1 | cf162c252cc47756348e9d83f1ba45c20c648224 |
| SHA256 | b5125b938feb5cdbcc1bdc4246a45e2469d218426a2031f7c9b1dc5cfb0a9c96 |
| SHA512 | a494493f54419d057f4802fc76da592a68e4ae88739abfa90319c7b16a7e4e8f04d45735396edd4af18f16ca04d06f3b42a376399e9366b6a3ce2da1878eb18f |
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
| MD5 | 6e6f52b6d3c775c0fa98c7bb00068e2e |
| SHA1 | 8bd08531d6bbda19281d3d90abc22ec57520fa3a |
| SHA256 | 79e6b20b269fb42b28de251e4e2dc8d6cc973bf9d19577a0a56a6a7a656eb7d9 |
| SHA512 | 59b7a1514eaeabe4b2be968adc2892267cb8fc39cc02f4f4da5d910d737667c20fb5062c23d5aa145adce011768e0085a132f13e3cfc39937c95f367bcf0b060 |
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
| MD5 | e3ebd2cc227643343ba5d9d65385ee74 |
| SHA1 | 2c1f86ccbae3bbd31f06134567a280ab116cd8c0 |
| SHA256 | e4d665701abf7dea3b6ebc944664f5f97ea55f46b979a5a44a52dac7d2baa6f3 |
| SHA512 | 587ca6aa1ba04b36c43cb45d22f60a4c2a79475f8aa08f7a88cee64f6591ecfa8f6eb8202e581d4c0ef9c0d39e3daeb2516609550fddd7d47bf20cdd294b666b |
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
| MD5 | 65c79a697b6247331abfa801009cf1fd |
| SHA1 | fbdae286801edf1d97b82665f1b47ddd0d2155bf |
| SHA256 | a06283a72bf3f0f5dc07f93aef1756e6a6a0716d4af2eee9b66f4e139527e55b |
| SHA512 | efffb963ae385ef555c348a4efacf4ce5f3d214cc172ea74786c7deb373a56b9769354de2fc806d0d4f873f11ca67d11492644e41ff5c49922112ef6a759d076 |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\os_update_handler.exe
| MD5 | 6272c377b8be53b1e29b3d6f4baa408d |
| SHA1 | 336aa3eb400c664d38322511ceceeb3d1fe92aca |
| SHA256 | c3e2333f35d84e329e1d87356d3c98e3551a046b3c2dab2b89a2601f2505f461 |
| SHA512 | 7515c13f4dcae5c10ba77ac19cc7054e2620c664cd8fb1e7fca0e5147fc272eb04068dbae181da0a4aaf90c4168a872caffc0df38477085f01cfdd43f8c45c72 |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\notification_helper.exe
| MD5 | f4c5e780685dfd8e2e2e834a16d60edc |
| SHA1 | 1f0f019b11450bf0940fa9b299b6ff6d0da56731 |
| SHA256 | 07fa93843cac08298d1555a32d5d31738c41efa3289ddaa23ba64c234738282b |
| SHA512 | f6a450637f9b88cbca32f6e0bf391eb31db010bf241664f41079907ddf058ea742782b2e65f4853a587232ad997753bd0e349252533e11178d723c6fcdcc63ca |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\setup.exe
| MD5 | f7b0b7b818ecef337258c6e44f6d638f |
| SHA1 | b05d8cea8a79d6bb764e765b32970f16d71b1c1d |
| SHA256 | 35bc0f91ca2b0cb6103e3e39f7ed3d2b3c2f3536e9340c18afa4c0dc1250e59e |
| SHA512 | 4e16e2d294eca35b7483d89b960a711baaeaa4abe3f1499d41d103ff30909f30e5b13ef524ca21ad650e88535116c817925d03367a35f56cddf923b49a3142a8 |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\chrmstp.exe
| MD5 | 33ec870d960328ecb6126a03eb564c5e |
| SHA1 | 612f4db5b20aea73a8f4044fc37552a2e585994b |
| SHA256 | b1babb5e2feed22696e8396c1f1f7149041a8256d7628a756fd75bc52dc55b36 |
| SHA512 | a5651def36d45cb3db25d6e3eddbdcd4a0ecf99485dadc3050c12ba9e5927ea7e54d5c6d333863decf45e89001b04a1cab01e8e5419826e81371a99cb89172cb |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevated_tracing_service.exe
| MD5 | 9cfdf40eb172e5c181f25c1daed643f9 |
| SHA1 | d3ece9c9ba4b8cd600bb3aa92b829516c1d0c23c |
| SHA256 | cad59a067df8dcfd351858eac1725171d8d0b6226089535beef87ca4570ced18 |
| SHA512 | 1ecc833c75c8ca2fc1774a2b993101f1f51e3569ab1ddcc910dcfe9e2f2bc2e34a6e5bbf680f0bb3986ae7691a1970e7ccdb22fe30c22aed61794287f886befc |
C:\Program Files\Google\Chrome\Application\133.0.6943.60\chrome_pwa_launcher.exe
| MD5 | 896917fd38f820a42f43e48ce52f38c2 |
| SHA1 | 81d70f3f1156be90ba313fe3a0710cace7fe65c9 |
| SHA256 | 29cba1741c60b16c1c5b29b420e39fa63af5960f7390415d5ecfed4489413a17 |
| SHA512 | eb06a7fe18174ffdcd83f6625d56a103a879eeae0a27aae02e7203a29b3565b254c7cbc6b68309f96dda9151dce3d37ba3a8b4eec0c5ef9faa29ee8bb6df6890 |