Analysis Overview
SHA256
351ee7b7018edee0177827346114717370a35b1ed902929769ebbbdaf2c2fd68
Threat Level: Shows suspicious behavior
The file 2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Reads user/profile data of web browsers
Adds Run key to start application
Drops autorun.inf file
Drops file in System32 directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 12:05
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 12:05
Reported
2025-07-04 12:08
Platform
win10v2004-20250610-en
Max time kernel
118s
Max time network
145s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WinFirewall = "C:\\905c0769f9a06c95a24ddf945\\patcher.exe" | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WinFirewall = "C:\\905c0769f9a06c95a24ddf945\\patcher.exe" | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\:\autorun.inf | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\:\autorun.inf | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jps.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\idlj.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE$ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\elevation_service.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\iediagcmd.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\unpack200.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ktab.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoasb.exe$ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateComRegisterShell64.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\extcheck.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jstack.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_helper.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe$ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\orbd.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_helper.exe$ | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\codecpacks.webp.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedgewebview2.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoia.exe$ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe$ | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe$ | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\chrome_proxy.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Client\AppVLP.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe$ | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe$ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleApp.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\notification_click_helper.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\orbd.exe$ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe$ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\notification_helper.exe$ | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\133.0.6943.60\notification_helper.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jjs.exe$ | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ktab.exe$ | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\:\autorun.inf | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe | N/A |
| N/A | N/A | C:\905c0769f9a06c95a24ddf945\patcher.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4356 wrote to memory of 6020 | N/A | C:\Windows\system32\cmd.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe |
| PID 4356 wrote to memory of 6020 | N/A | C:\Windows\system32\cmd.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe |
| PID 4356 wrote to memory of 6020 | N/A | C:\Windows\system32\cmd.exe | C:\905c0769f9a06c95a24ddf945\patcher.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe
"C:\Users\Admin\AppData\Local\Temp\2025-07-04_9e7f916c159d0a85c41129d08a442d24_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\905c0769f9a06c95a24ddf945\patcher.exe
C:\905c0769f9a06c95a24ddf945\patcher.exe
C:\905c0769f9a06c95a24ddf945\patcher.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
Files
memory/5316-0-0x0000000000400000-0x000000000040D000-memory.dmp
C:\905c0769f9a06c95a24ddf945\patcher.exe
| MD5 | 9e7f916c159d0a85c41129d08a442d24 |
| SHA1 | 78fc30891444fb99bfc13180132436b28cc0494a |
| SHA256 | 351ee7b7018edee0177827346114717370a35b1ed902929769ebbbdaf2c2fd68 |
| SHA512 | 2116a4901a919b5c266362d00cfb8337abd62fc97a2042dec525cbfeb558d51bd7cc4bb27548efd61730ed5ab95be66479d0db5c7c0f31220e83195dfce4ed79 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 47304b6fa7ce38754b30dea86d780b11 |
| SHA1 | 23c1a26d935e68435c6e632e658c368e5038588f |
| SHA256 | 60fb81d1359e89fec7e24dfe35d4fe62d637dc00dbff7e4d89f16fd16a8dc5d7 |
| SHA512 | 014513828bebc27550dde3df25234b8fa849f4e59f799ee6b37bd6af5fc1e9b3415ee29ff05430d8e1552c1169878ad4e9cbc0dc22a5e87a5805dba32b74d467 |
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\createdump.exe
| MD5 | 0f8ff30c7ebab6a992d2a07e179d0f17 |
| SHA1 | d2b4054be602f2c1c685faab44a09e20c3238b07 |
| SHA256 | 4e6d3a4133459213ff8bc332aaa823df4db0e9bf2a50f0c6ff65b006ad2fe125 |
| SHA512 | 9f04993bc505844b7d98eda9d532911c2ae1bfb1379d465b94aad741ae5b2327da5b609770562368c8f5ae0dd53e2a86bd4dc2e9dbd31992cdafdbd501b08cce |
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe$
| MD5 | dee122d8556918f659b744b54b95f046 |
| SHA1 | 805ef35253afb6af63fd5c27f7a74f9b012c7564 |
| SHA256 | 6982c9c23637b5259beff25eb9daeecf290f1e6d205bb21f42a2a389f9c85694 |
| SHA512 | 36843838c2e56f20b4ba14e76008eb5743a0ed9556c43ff3debfa36e3beb106d38884714c1d152de249f76aefb887e3d2d4464adb591f75af17f8f189129b4cd |
memory/5316-1562-0x0000000000400000-0x000000000040D000-memory.dmp
memory/6020-1563-0x0000000000400000-0x000000000040D000-memory.dmp
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe$
| MD5 | a584dda1d6e939d410c9c34afc57143f |
| SHA1 | e8f1934033b97688b85fa3e5620af23110d86a0c |
| SHA256 | a6a3b19cb9096de146f2dad391b730acbf5c9d53e80976fb7127925719813696 |
| SHA512 | 594dec378e352643da11e8c5cb9cacce30be568395e030ab0bd658cb1eac2e02f18ca578ba87f6f37a8b6cd196cdc36f3ca7a704706130b7c83acd79d2d1b4a7 |
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe$
| MD5 | 6d80e5cd9a84ff6de81f8fae4a5aadfa |
| SHA1 | 4935b77678350caeb042dd1fb25e101773da59ea |
| SHA256 | a8f2be640b77a1961b0453e517d48647c751366cf578d8068fc73a0384a636b4 |
| SHA512 | 40c34cbfbdbff112b3f098b62f2808bfcc4cc348f1f60981b2ab0f2e27ed5cede6c24d23764fd6a4b8761e1d31096ddcdc8bb069a0d75eb34b4f6797e2d6f790 |