Malware Analysis Report

2025-08-10 20:04

Sample ID 250704-pa9gpshk4y
Target 2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar
SHA256 b11725a9ee2bb3c5710551f5421918a57b953ceb683c17c2717d315d2bee2b7f
Tags
discovery ransomware spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b11725a9ee2bb3c5710551f5421918a57b953ceb683c17c2717d315d2bee2b7f

Threat Level: Shows suspicious behavior

The file 2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery ransomware spyware stealer

Reads user/profile data of web browsers

Executes dropped EXE

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious behavior: LoadsDriver

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 12:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 12:08

Reported

2025-07-04 12:11

Platform

win10v2004-20250619-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\SgrmBroker.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\SgrmBroker.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\spectrum.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\wbem\WmiApSrv.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\System32\OpenSSH\ssh-agent.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\msiexec.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\System32\SensorDataService.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Windows\system32\AgentService.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\System32\snmptrap.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\System32\vds.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\155acb56819a9cf.bin C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\wbengine.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\System32\alg.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\SysWow64\perfhost.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\locator.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\System32\SensorDataService.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\vssvc.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\System32\msdtc.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\TieringEngineService.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\SearchIndexer.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\AppVClient.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\dllhost.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\fxssvc.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\SgrmBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\MSDtc\MSDTC.LOG C:\Windows\System32\msdtc.exe N/A
File opened for modification C:\Windows\system32\AgentService.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\system32\AgentService.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\system32\msiexec.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk-1.8\bin\rmid.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\os_update_handler.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\wsimport.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\setup.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\policytool.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javaws.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\orbd.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\xjc.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\updater.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_99421\javaws.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
File opened for modification C:\Windows\DtcInstall.log C:\Windows\System32\msdtc.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
File opened for modification C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWow64\perfhost.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\System32\SensorDataService.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\System32\SensorDataService.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\FriendlyName C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\System32\SensorDataService.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\system32\spectrum.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\spectrum.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\system32\spectrum.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\System32\SensorDataService.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\FriendlyName C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\System32\SensorDataService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\spectrum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\spectrum.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\TieringEngineService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\TieringEngineService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000056ab8368dcecdb01 C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\regedit.exe,-309 = "Registration Entries" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@fxsresm.dll,-1133 = "Print" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-102 = "Microsoft Excel Template" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f532ac68dcecdb01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000cf22c69dcecdb01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000041d1a968dcecdb01 C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@windows.storage.dll,-21825 = "3D Objects" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SBE C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d4403b69dcecdb01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension" C:\Windows\system32\fxssvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{80009818-F38F-4AF1-87B5-EADAB9433E58} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000de968f68dcecdb01 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder" C:\Windows\system32\fxssvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007fac6468dcecdb01 C:\Windows\system32\SearchProtocolHost.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\fxssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\TieringEngineService.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\TieringEngineService.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\AgentService.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: 33 N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe"

C:\Program Files\Java\jre-1.8\bin\javaws.exe

C:\Users\Admin\AppData\Local\Temp\2025-07-04_da7a1033ad53107dabf87d2e3acbbe3c_black-basta_cobalt-strike_satacom_vidar.exe

C:\Windows\System32\alg.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\fxssvc.exe

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Windows\System32\msdtc.exe

C:\Windows\System32\msdtc.exe

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe

C:\Windows\SysWow64\perfhost.exe

C:\Windows\SysWow64\perfhost.exe

C:\Windows\system32\locator.exe

C:\Windows\system32\locator.exe

C:\Windows\System32\SensorDataService.exe

C:\Windows\System32\SensorDataService.exe

C:\Windows\System32\snmptrap.exe

C:\Windows\System32\snmptrap.exe

C:\Windows\system32\spectrum.exe

C:\Windows\system32\spectrum.exe

C:\Windows\System32\OpenSSH\ssh-agent.exe

C:\Windows\System32\OpenSSH\ssh-agent.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc

C:\Windows\system32\TieringEngineService.exe

C:\Windows\system32\TieringEngineService.exe

C:\Windows\system32\AgentService.exe

C:\Windows\system32\AgentService.exe

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\wbengine.exe

"C:\Windows\system32\wbengine.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\system32\SearchProtocolHost.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784

Network

Country Destination Domain Proto
US 8.8.8.8:53 pywolwnvd.biz udp
US 44.244.22.128:80 pywolwnvd.biz tcp
US 8.8.8.8:53 pywolwnvd.biz udp
US 44.244.22.128:80 pywolwnvd.biz tcp
US 8.8.8.8:53 ssbzmoy.biz udp
US 50.16.27.236:80 ssbzmoy.biz tcp
US 8.8.8.8:53 ssbzmoy.biz udp
US 50.16.27.236:80 ssbzmoy.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 44.244.22.128:80 cvgrf.biz tcp
US 8.8.8.8:53 cvgrf.biz udp
US 44.244.22.128:80 cvgrf.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 3.229.117.57:80 npukfztj.biz tcp
US 8.8.8.8:53 npukfztj.biz udp
US 3.229.117.57:80 npukfztj.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 172.233.219.123:80 przvgke.biz tcp
US 8.8.8.8:53 przvgke.biz udp
US 172.237.146.18:80 przvgke.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 knjghuig.biz udp
US 172.237.146.18:80 przvgke.biz tcp
US 50.16.27.236:80 knjghuig.biz tcp
US 8.8.8.8:53 zlenh.biz udp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 knjghuig.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 50.16.27.236:80 knjghuig.biz tcp
US 192.64.119.165:80 anpmnmxo.biz tcp
US 8.8.8.8:53 uhxqin.biz udp
US 8.8.8.8:53 anpmnmxo.biz udp
US 8.8.8.8:53 www.anpmnmxo.biz udp
DE 91.195.240.19:80 www.anpmnmxo.biz tcp
US 192.64.119.165:80 anpmnmxo.biz tcp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 www.anpmnmxo.biz udp
DE 91.195.240.19:80 www.anpmnmxo.biz tcp
US 8.8.8.8:53 lpuegx.biz udp
RU 82.112.184.197:80 lpuegx.biz tcp
RU 82.112.184.197:80 lpuegx.biz tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 vjaxhpbji.biz udp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
RU 82.112.184.197:80 vjaxhpbji.biz tcp
US 8.8.8.8:53 xlfhhhm.biz udp
US 54.146.6.253:80 xlfhhhm.biz tcp
US 8.8.8.8:53 ifsaia.biz udp
US 3.238.30.69:80 ifsaia.biz tcp
US 3.238.30.69:80 ifsaia.biz tcp
US 8.8.8.8:53 saytjshyf.biz udp
US 3.229.117.57:80 saytjshyf.biz tcp
US 8.8.8.8:53 vcddkls.biz udp
US 50.16.27.236:80 vcddkls.biz tcp
US 8.8.8.8:53 fwiwk.biz udp
US 172.237.146.8:80 fwiwk.biz tcp
US 8.8.8.8:53 tbjrpv.biz udp
IE 3.250.92.156:80 tbjrpv.biz tcp
US 8.8.8.8:53 deoci.biz udp
US 34.229.166.50:80 deoci.biz tcp
US 8.8.8.8:53 gytujflc.biz udp
US 104.156.155.94:80 gytujflc.biz tcp
US 8.8.8.8:53 qaynky.biz udp
US 3.238.30.69:80 qaynky.biz tcp

Files

memory/4712-0-0x0000000140000000-0x0000000140119000-memory.dmp

memory/4712-1-0x0000000002090000-0x00000000020F0000-memory.dmp

memory/4712-9-0x0000000002090000-0x00000000020F0000-memory.dmp

C:\Windows\System32\alg.exe

MD5 aad9a4668404ea0694c8c267de3196d7
SHA1 8aa12e4698d9aa9a8a9f6458df1b83c6dc88373d
SHA256 049432f21c0267ca7761d2ddbc8d91c8b5b6a0a0abdde6777f4c125aaf8c16e9
SHA512 64439533691c15c604ae10b40d3ee10a8a3e9c55a55ae167846ce07fb9982b92c760ef5ac4ed5e005cce3f68aa2c4037dc370e9ee40bb0b695b47b42767123f3

memory/4224-13-0x0000000140000000-0x00000001400AA000-memory.dmp

C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

MD5 5e62d79f7de3c76a622882643007ed84
SHA1 863b6d2487bc0d8a26574a04c546004e3800bc3b
SHA256 e6c3eb819801449ba8d8497ebbdaaf67ccb71f2cb0c1edc2a3ae8d61161f91ac
SHA512 0b623aec95f534bf07d21497f2804d38eb28ad5b6e39113c2afac14be50f6c704ac15815cf54964ce68c8dbbe98f45d441a52c72178811493e79a37e15942345

memory/4736-26-0x00000000004C0000-0x0000000000520000-memory.dmp

memory/4736-25-0x0000000140000000-0x00000001400A9000-memory.dmp

memory/4736-17-0x00000000004C0000-0x0000000000520000-memory.dmp

memory/3604-30-0x0000000140000000-0x0000000140135000-memory.dmp

C:\Windows\System32\FXSSVC.exe

MD5 22149656f3517043b63c56eecbdcf283
SHA1 d8ecd6e1645a49a8fd6723529a83a0facf41aa41
SHA256 693cce707a4199b607cc03d66fec1e1b564893f1820edbf0c0f54c51787933c4
SHA512 2d278d3c9ac71e9228a24ad838ea0885fb746254568fea2cccf9a568abee968bb94df5ddaae85bab1f85caab1672ed81537b21624bd3717cfd406fe53626eccc

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

MD5 1683c0aac1c5b267f4ac3ea247aa6b8e
SHA1 b23cca3ae109f4cb1bf77cdc2955d6b14e6ff17a
SHA256 38b8ac4ca48b1445be49866a021265416ab5b06e57a69e224eff4ea0be13fd84
SHA512 96ff34ed9cbd7d7f9d150647241810e252cbfdf4d4b2528db8f6a8a60f7a5e21d9b22c522e44cbe114ea1379d1b8c0d265285e8ab044ef150498c0e75d988c99

memory/4924-34-0x0000000140000000-0x000000014025F000-memory.dmp

memory/3604-33-0x0000000140000000-0x0000000140135000-memory.dmp

memory/4924-41-0x0000000000D60000-0x0000000000DC0000-memory.dmp

memory/928-52-0x0000000000990000-0x00000000009F0000-memory.dmp

memory/928-46-0x0000000000990000-0x00000000009F0000-memory.dmp

memory/1100-63-0x0000000002280000-0x00000000022E0000-memory.dmp

C:\Windows\System32\msdtc.exe

MD5 dd3a29ca3a4fe4215edb4c86fc9478ee
SHA1 91b3bb9fe55c234f8cf0574b9e091b55dccf84e0
SHA256 8aac8440a2c054de23fde698b2861c0008629c75a01b227d619da0104bac9e79
SHA512 fcbd9dbb95949b3bdd04b9091ffe465707c0682b92689cc33aa4d3ea887ed99b63880d929a04e176c175aab07de89d43d955bb0696ab141615685f0fa3c3fe40

memory/1300-71-0x0000000140000000-0x00000001400B9000-memory.dmp

memory/1100-69-0x0000000140000000-0x00000001400D5000-memory.dmp

memory/1100-66-0x0000000002280000-0x00000000022E0000-memory.dmp

memory/1100-57-0x0000000002280000-0x00000000022E0000-memory.dmp

memory/1100-56-0x0000000140000000-0x00000001400D5000-memory.dmp

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 5996bdb8fd41d2cc658236a6e2a9dba0
SHA1 554be6af43535c4938a4b7fbc407565999e6ec00
SHA256 1192162374b7ba55979e8d27b91cb99cd5d564153362f3bb3116a877832e91c9
SHA512 76515dcfa332aa9877c26f80c3eb474ff6a0db00204146591ea32d5367a1e546a9b34c2970195f46394e096226419e067f86398ad50f6a1ffae3bdb0bba3def4

memory/928-45-0x0000000140000000-0x0000000140266000-memory.dmp

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

MD5 dc870662798796ef6c6d60d15128981b
SHA1 430a59bcaa7848d43b7fa57aa2fcfad56f37f2b4
SHA256 c7e75a41dfb7c0cefd575094b264bf1ade2680e0f32c2dbd680c7d1c0688b721
SHA512 60e204fbf7e63c11dd558fa6c88326e05597a81df892539a53b16941a3c2eb4e2a6290fd7e9a9b16cec29b530a348f0a5d4c27f29f6f6574855d6147b1c20d37

memory/4924-35-0x0000000000D60000-0x0000000000DC0000-memory.dmp

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 27a0effd0d712830743d9eb6c37b0f55
SHA1 85b433f1c43601a17690e18ae685ebbcf4418716
SHA256 7f0e67e88183c51d332c21e86dcaa1ae26dffdf5a3dcdc1fbc99b5f76eba568a
SHA512 de995987bddca42b09a109ed2e48f4256afdea69ff36b9a8fbee8b1c5f81479a6e67553f3b389b4c1f303616964d730e06f5da7d4674c05080cb46e239f00fac

memory/3860-78-0x00000000004E0000-0x0000000000540000-memory.dmp

memory/4876-90-0x0000000140000000-0x00000001400AB000-memory.dmp

C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

MD5 dc34693f9538acdbef1f3c0a46f75fe9
SHA1 e345c884e52fb1611fde407b1b0ee02a3f246005
SHA256 22111a5a1fc5fb37e1bd4fe72c7f29c11fff6fd8cff45344661b766a919baec7
SHA512 81d42ddad3f47c215af9c442d2bc4b85a93bd4540ee667de0e573d6ea403d4bdd3ab676fb9ea7e9a90631729843ab29b782790bade825123b7153493df3ab1a8

memory/4876-97-0x0000000000BE0000-0x0000000000C40000-memory.dmp

memory/4876-92-0x0000000000BE0000-0x0000000000C40000-memory.dmp

memory/2372-102-0x0000000000400000-0x0000000000497000-memory.dmp

memory/4224-101-0x0000000140000000-0x00000001400AA000-memory.dmp

C:\Windows\SysWOW64\perfhost.exe

MD5 188adb8d98ed4da361005aa73201e1a2
SHA1 2d5d876f9db4d31ff7a25f428f273011f04b0e07
SHA256 1b058aa7c35a112d8d0dad039678d6886c6f52b07e444e50308e31d1d5c779d1
SHA512 b991b565558a8d326130aa23f491711a6d2d80ea4a9d6ce7089a7275c627aef89cb626723dd8c4b041ab884eb3556b534c5817f5b861c3b6d1ae22f5797f40ac

memory/2372-103-0x00000000007A0000-0x0000000000807000-memory.dmp

memory/2372-109-0x00000000007A0000-0x0000000000807000-memory.dmp

memory/3860-85-0x00000000004E0000-0x0000000000540000-memory.dmp

memory/3860-76-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/4984-113-0x0000000140000000-0x0000000140095000-memory.dmp

C:\Windows\System32\SensorDataService.exe

MD5 9ecd8089f97b9abbea33865e56fcfa5a
SHA1 642438b554d22e8b9478f3a69f308b36a24d27d4
SHA256 bb3fc8d2f7a1871d3ea5d74e242a01346ca1bba7cbdc3dcf8d2c5c206d20033e
SHA512 053543123878649b9476bfe9f7fd66508aaec77bf03f2d4496a5563bf6f6c4518674629e64f72e0971559485f754bd4ff7f4497dd0cf1bca3c19ad53e25b46a3

memory/3244-116-0x0000000140000000-0x00000001401D7000-memory.dmp

C:\Windows\System32\snmptrap.exe

MD5 385c17053a8efefcb403a1bcf7e3af8f
SHA1 8ca211471c4f04fc6ecc720b3afec5864d8ecc61
SHA256 a04469ad72afef8fc7a2edc9525e4c97befee7a73ee5a1fda5e20fe0ead5c873
SHA512 f2a2c238e99ab0bc34e0aaac177e6850e883504c7c677d5bc8aeff2252abac53a701ea2a463571c8eec08d2e236c7ee9129130f9fd09e9884d8847b96fabf486

memory/4248-120-0x0000000140000000-0x0000000140096000-memory.dmp

memory/4924-123-0x0000000140000000-0x000000014025F000-memory.dmp

memory/4052-124-0x0000000140000000-0x0000000140169000-memory.dmp

memory/4052-131-0x0000000000770000-0x00000000007D0000-memory.dmp

C:\Windows\System32\OpenSSH\ssh-agent.exe

MD5 60d7f7a41e57530bb99b56698a5d0603
SHA1 20a956882e9f8ed09329f4e6a46436d98b88ca72
SHA256 d00ae7fbcef9c76fc843c6c94c66bde54dc1d6861a11ba85b910b6ec9b87931e
SHA512 5f8eccd2af43f0784afdcb792a6ebd642ecb15bb1175ac80f39a931326a838581b3f85e18b5c13bc10dbb468ab9682f3db132abd6e651ff5e6c9669c31457550

memory/1996-137-0x0000000140000000-0x0000000140102000-memory.dmp

memory/1996-144-0x0000000000900000-0x0000000000960000-memory.dmp

memory/1996-138-0x0000000000900000-0x0000000000960000-memory.dmp

C:\Windows\System32\TieringEngineService.exe

MD5 9a15e9dd2fda901cb5bff78a15c96867
SHA1 c3e44edebb8abff5481aefb454a56f50169422ae
SHA256 e6e36c34112903ed1c497b9139ad8292ff004a8bbfa5a74d2000521994a09951
SHA512 b690bfc00646bd96cc92b423f625590be25453f56556fdc6b903bbaf3b287483aab484aaa4c4515f3910fef23e4fb460106cd2b9856c5b410f2a8be7878cfa0f

memory/1300-151-0x0000000140000000-0x00000001400B9000-memory.dmp

C:\Windows\System32\AgentService.exe

MD5 065ffb4c112215b05be630cf410aeaac
SHA1 47a8ac0b6717e96336619202ff391313ba359d9e
SHA256 3e09b9a5f9752018b04c4471fa52a11242e7aa549e9f419cfc86f8ac46c85ad9
SHA512 556c58220bf8f56dd46c3f65aa4d5721bd9ba0caa20385ebe9efaeee32466ec8969821a13e9af96f36e1f129dfe640bc61efaff206e4e212004f7eb1c65f7e86

memory/2764-153-0x0000000140000000-0x00000001401C0000-memory.dmp

C:\Windows\System32\vds.exe

MD5 64c112b4f8a9fa8b0ebe127ebb0a09cc
SHA1 575bf433983a7d0580e721fe862bac013ce5134f
SHA256 18bb9903fc55aa8ad6c358bb0457ad697fa30a8ba498d2eb41bdd022e8d65910
SHA512 0eb4ecef8c92025eb548958ae391ffb4dc94176bc9d593c8e62d408964c093535c469500aeae52542126761489f427baf532d07872154a916c8c54810325e879

memory/4916-160-0x0000000140000000-0x00000001401FC000-memory.dmp

memory/4876-159-0x0000000140000000-0x00000001400AB000-memory.dmp

C:\Windows\System32\VSSVC.exe

MD5 5cea09b9eb735d5f466d7ec9bcf6a7ad
SHA1 028281d0a9e48c03487893148df8c5a874500290
SHA256 c04c47a010e3b4ede762726d7bbe924416b11bf2652a41a68a7ed039c287a1cf
SHA512 fe3cb7c4c489fbc8d5e5c5c2a05be8744ebd15b1a2dfe91cab412eeefdbfd71059545a32fbf13de61bbccc330bf3d3ed686f1b3b90f677d8b21622e137829b6c

memory/2372-163-0x0000000000400000-0x0000000000497000-memory.dmp

memory/1712-167-0x0000000140000000-0x00000001400C6000-memory.dmp

memory/3244-171-0x0000000140000000-0x00000001401D7000-memory.dmp

memory/2008-172-0x0000000140000000-0x0000000140179000-memory.dmp

C:\Windows\System32\SearchIndexer.exe

MD5 3eaa18ee7defa339efcb4b200f64c1bb
SHA1 7185aad11f734c93c24d187761bed59ce6d113a0
SHA256 bce3b794290059a23333a41fbcf6758d7effd79c3289f724fa159d0317b8a8dd
SHA512 135c4d4096a30f886ce75ac0e321d87b836f2486324f153705386920e48bc19ef6af32ad577ad896f8852f255a746988cbbe4dcd3d7a920bad9c4e11539b3c98

memory/2008-195-0x0000000001A20000-0x0000000001A30000-memory.dmp

memory/2008-179-0x0000000001770000-0x0000000001780000-memory.dmp

memory/2008-211-0x0000000009E60000-0x0000000009E68000-memory.dmp

C:\Windows\System32\wbem\WmiApSrv.exe

MD5 a82866416ddd08b6b1be18d709d5d07d
SHA1 b91b8fffd5b06f8b583d77525347419f6f4943d3
SHA256 6877d3f5b510b08897cfa4e73142f4ddb34fe39d8178cfafc6f5b90e3e157f9c
SHA512 6460346678e3589a0432768078aceb36eabddbd46382f21bf2cdd8eead2aadb13108f655af049ede2557f1a94ceb5a931456f2f36275c4a433bd3ef3eee7740f

memory/3352-164-0x0000000140000000-0x0000000140216000-memory.dmp

C:\Windows\System32\wbengine.exe

MD5 a734ba949912b515f49a6427141bdca2
SHA1 686cb8f2df1d7001e4e228b5ed4a5cc4e9a59070
SHA256 983c2c33ce7f8b67674ee6490a3614337233ff96ff6dd8b4378f6c3f09e6692f
SHA512 b32079a5feb017af63592171dd968512a7d8c1156bc24621f7210073b426defb7e29d0e370cd9f11dd1f5d5e8b4117e814e84ddafbc9ffb40f860f6d9367ccc7

memory/1692-156-0x0000000140000000-0x0000000140147000-memory.dmp

memory/3860-155-0x0000000140000000-0x00000001400CF000-memory.dmp

memory/932-148-0x0000000140000000-0x00000001400E2000-memory.dmp

memory/928-136-0x0000000140000000-0x0000000140266000-memory.dmp

memory/4052-125-0x0000000000770000-0x00000000007D0000-memory.dmp

C:\Windows\System32\Spectrum.exe

MD5 d314e5a1d08e06d39a7ff4734f3d55ed
SHA1 13f067e75310c2714eede9317d624aab2f7ad06e
SHA256 2dc298b96166b3fbba5fa5b8d4a2228569a2034b9c1f69dc89148bbb2b5b6486
SHA512 1ef7fdbf64279a1f432e8722a5fbb3a2133229cbe116d2515aa69d7ad58f51111ae0cbd937a5710853285479d599a24392dea2e8f1f57bd1193f9aaa05c0e337

memory/4736-112-0x0000000140000000-0x00000001400A9000-memory.dmp

C:\Windows\System32\Locator.exe

MD5 e344cf6050db9f04ae0ee63a2a811ffa
SHA1 a79c8369d050cff6cf307fcf2f9c2be3ad05d8fa
SHA256 1125db6967df68f4e84db471aa994bc206a972b5c4396402c674e0445c8a8df2
SHA512 ac8241c90a01e1fcf74fbf3dffb08d5e510e970d38acb0c0b70f1e87b6408b4f9fe2559d707ac8d85feede6a56d46044e8c25c8db62fdc4fa03d7abca1189379

memory/4712-75-0x0000000140000000-0x0000000140119000-memory.dmp

memory/4248-224-0x0000000140000000-0x0000000140096000-memory.dmp

memory/2008-329-0x000000000BA20000-0x000000000BA28000-memory.dmp

memory/4052-334-0x0000000140000000-0x0000000140169000-memory.dmp

memory/1996-361-0x0000000140000000-0x0000000140102000-memory.dmp

memory/2272-362-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-377-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-376-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-375-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-374-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-373-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-372-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-371-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-370-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-369-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-368-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-367-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-366-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-365-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-364-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-363-0x000001D812830000-0x000001D812840000-memory.dmp

memory/932-378-0x0000000140000000-0x00000001400E2000-memory.dmp

memory/2272-379-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-380-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-381-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-384-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-383-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-382-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-385-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-402-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-401-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-403-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-400-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-399-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-398-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-397-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-396-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-395-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-394-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-393-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-392-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-391-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-390-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-389-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-388-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-387-0x000001D812830000-0x000001D812840000-memory.dmp

memory/2272-386-0x000001D812830000-0x000001D812840000-memory.dmp

memory/1692-443-0x0000000140000000-0x0000000140147000-memory.dmp

memory/4916-445-0x0000000140000000-0x00000001401FC000-memory.dmp

memory/4712-450-0x0000000002090000-0x00000000020F0000-memory.dmp

memory/4712-449-0x0000000140000000-0x0000000140119000-memory.dmp

C:\Windows\system32\AppVClient.exe

MD5 7543187e92b9808527074530b1e17143
SHA1 2fb41f6de460f4a6b440185235a7c73db77e73c8
SHA256 16f846feb77df506d07eb7b4b6576a6958a548b07d14924f3d49e64e16d2e05e
SHA512 1059887d3b576f62ba1968d0df19db2a776e9f5ed6bcc1bab1254b1d92beff27c96d52dffe97b6de949bdb026a7d2dff39edacfb3768202eb4ee8aeb67db16ec

C:\Windows\system32\msiexec.exe

MD5 7aa3abbc7f33a5ddaf2f27b732eb3d8f
SHA1 834f8bfc8f0475cf6362637ee834d0eeb447bd18
SHA256 aa7e8bdad280b4cda56417297ac5cfb1591069469939ab63a1a55fbcf96c4b9f
SHA512 7ec8184b71d33effee1e9bcbe02ac1c306d85ccc14f9578442486e8391793c7e52251a834b91b4b591d4d68ad032362b458137c165888dcab5e5448d587f3576

C:\Windows\system32\SgrmBroker.exe

MD5 bed25be0d90e48b9bd70a3d3744fb3bf
SHA1 45ada8fe621fdf5950adea759c14107f167dab4f
SHA256 e04ef7595ac59951333bcecfcafce00cc2157f36551924620e48bcdb9a5f5a5f
SHA512 d856415fc875e4247b5174210286513e067a60b7c5243576d0d7a6c8df387277d91a17f3ef7038a8ca30177eb244ece0f65fc2ae0023845e643d8fa8df4ca92c

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

MD5 d7bfd587e0f50557b6f9387beb0943c9
SHA1 26c99c421ab491e027b55c1dc2136f87dd467d0e
SHA256 d3010ecb67674c8aca13e3b198e96b691418dd6255e549a6a90c70b4fd5c5298
SHA512 eb9c5db1024d3d4b75aa4741e4073f5b52a5f82258997f4a6832fd9ce5fafc38477b310b30019c6e64d0157d41ce4f2b7ad42a149b594cd243617ada0784a35f

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

MD5 d1662c2bb9c25feb345b26d41cd16680
SHA1 ad919a89d241dda9c8ddefb65c6927a9150964e3
SHA256 4fe78e8d576609d401a98fff33db91d2e90e72847b44cc9c05ea4129de839cc4
SHA512 577e67b691a469942d31c5a72b855da0bad081aa2f3d8b5d104c7c9911a7bd3232f0383bbf8b7e8642e9e795729619265779a1875f6cdfd24e2c60bb72b93310

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

MD5 c65bafbe8a924f89405dcc674706d03d
SHA1 5cf98780e18d955522b969d3e4697d09267cbb6f
SHA256 ad115e74040323e03284c3efdb39ff845dcc4080cd4e1af2451f926be89ad7ec
SHA512 09d2f5f6c7b0d6e31b89265779aa582ba1c6d044dcbea8591842640a7f064dc830aa527416dc9a62a1bf4608a095f0e9c940091ff68dd0ccaaacf2d4b2c9b22d

C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

MD5 ed3ee8b394060da38dfe12824df78b25
SHA1 c17191d8113efb2e17eff2f36642dcda007625d6
SHA256 462f924294f29e73cfe7c0bcd47f126e087d9eae576d95536af578ff6049cfdf
SHA512 78757c8f676bf73334367e758dc027f046d404b6533ab476fb2f45e74158060b6e34f663270d844266c7a388aa9a06d2f11f110afb0445250adf215c80fd501e

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

MD5 898b3a2c36d38c1430e471c2fe255b3c
SHA1 a892f9bc4aca37decea7ee5e4a5201b67ea0085b
SHA256 7c1000fa459a8f8439de8f9ca1b86e120bda981a20cbd39ac376020f2b310b4b
SHA512 27e4c0821a1c0a3e32e4595cbb38df202a6c4ccbea4989f6c30b359f2ac101a944bba0d418929718190ab3c34289047c0da0036434ade4b4dad31683e0a9ac86

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

MD5 7a1a14142f6575bc4a72fb89663f47a8
SHA1 4d3976310625aec62e9194375e198c3bcaf7d73d
SHA256 9215964ad3893c7a3b2c333732bab76afe7d77b432bc2d26b94d62fb7c43af78
SHA512 8cc3b3c043d3fc7895714a4b5866ac14639c813e9d0e519808c787c9d50ff8b83ceadb3a7e0a339bbfcc5ce91c851c19de6314427e3abb3649bc45ec4b359bec

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

MD5 acb0735b92671bf92c6db24b7d1d3570
SHA1 0f5fe6da93521c80d5387cceb7cb8816297f29e7
SHA256 b7b2b6937834665d9daba098097e572e0f602482123d8df63c135ca1bdf78a4b
SHA512 a9d0ac82db03deaf6dd10f62f455bfb06e69416b0aa40b72a9e22c8c89b9fc81141ebf4f1da9ded3ef989c2baa36ae89400a9a4c5d3f70cd44922e4bde2700b1

C:\Program Files\7-Zip\Uninstall.exe

MD5 55e6e29a1e067bd4c0d5952432f2880e
SHA1 019ccad41ab12ef9f3b77dcbbf7b2bbed60bd4e2
SHA256 9fba30778dbf9de0a30023d66fd0375e136b00d1e2825ec29f5df9655dff790c
SHA512 4134bdd479a30d0c62213ea9912c372fb38945927056448f9559d3bdf25b951b077833cbcf93c46d916d8786cb2aca97c49d49e8d156eb9cdd013f80834d4e5e

C:\Program Files\7-Zip\7zG.exe

MD5 fd1535b27af47dc65f56173a6777bc71
SHA1 904a317c9b251b6a7dc8f8b79140b415e4c6ecd3
SHA256 8790942714c6d94f22c71e5e28e325a1e40d3842822f1490cd2d3aaa5291bdf3
SHA512 5af9d87ab87c7d993d1f9600407463a44c031718e684695ba96a53b65229290e7303946794b652e5359dded67eac185871e6fd0b4f610dc6e7c3434cf3bccfec

C:\Program Files\7-Zip\7zFM.exe

MD5 f9cd51aa0f0ba7cbddc30ec043b317dc
SHA1 e3660b6afcf7496f9ec1361a5ee7597bf3bdba8b
SHA256 8411d6fb74dd1193d331efe9c0a6c8ffe55d845438369ba9becc76374ba24d46
SHA512 48062e5982a59b40b76784f8a9c359edf5dfa9df87d7643742245bfac9a791bbfc500d0084371ad2194e9b3ac4ae5083c06d3afc3aa68d858024b3d78fa8ae8a

C:\Program Files\7-Zip\7z.exe

MD5 9d507364b3392e060fe09054de45e375
SHA1 bdfb517891ad54b0bdc4baaeb72335f24faf83c1
SHA256 4a98a0f3ab60797eba4f128a104cfff68e8f079d6647f7d2d5cbb32b7441674a
SHA512 faf9c716e58331d0650c5fb16775c801fc4a5913bc94e8239d9a774f36d841d7ea2e85742a90b6d0e9b13b5bb036e60b450715c750cea19f578b87fdb8a47646

C:\Program Files\Windows Media Player\wmpnetwk.exe

MD5 c496c45e4d2ec9a0edba5cdd3dc1b146
SHA1 154d47f6514b491ebff68eefc8ddb2589b300a07
SHA256 5706a3a4410cb9854d404a670cd7dba12d2e2b94085375b9154dea97080b8ba4
SHA512 792a475af48a6aa7b9cb79a1a9d5cb7d7c8955ed65be33c42a98914801520489b667253d9c9a3fc70457bb9c3de198c5c8f902144d32c50195b0edb2605f8534

C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\setup.exe

MD5 9f8a3f2ea5f4bb6477079e9b3ccad00e
SHA1 a2d3e840fb7d2cc3573d68c429d347815aac47c1
SHA256 40be44ead68916baa6b72dc0086bbd1d28b451ad0c4e76fa6f2c69fb161531fe
SHA512 11a5114b8ea1f962ed4ba1148d6f1efa33cb5b3e0b3a826f478a7c91d924fcaeaf8895f19acdcbf54f415e61d3ae1548e67ca6adfe6e59567a9605ff376c72d8

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

MD5 7ce753f66e220ec775fa264dc84e5df5
SHA1 418a34ea9d75b497d9aff2d47dec16b1d64c9bdb
SHA256 d73303e5b8d77e1be17dc23fce5c332103e97a0a5ebbd98a4124b66baa71ee1d
SHA512 3ee41c18c9c02d975266595d9c1ece8d0239a645441934fcd9a5841b3a922dc728f5eb3e3e67909d76d8aa61a336c14ae36bfdf4872663dae73f32e1c5861abb

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

MD5 557dbaa19e5307d8a48f5d3a7c79c56a
SHA1 5ca188b973c59a1502e7c05408ecb4cf2a40d46e
SHA256 6b54d93d3da93f296156bba3d8e3cb8d639b0adcb3e406061032696542ca412e
SHA512 d33d7fe8defabad7e17bb9ecc61e314b6615823256509d174dd8a6f60e977ec468ba29ded09b12ee7b622f9dd0c1dc89f1c4bfb3ecaccad4a46238d16ec925c3

C:\Program Files\Java\jdk-1.8\bin\javap.exe

MD5 dda60b465864a9102c0b35775c37e512
SHA1 5467074707a0b47bdbc7f50057b8ede133e32ba3
SHA256 710f4bdc7eedd6dc1aa3f5dd968b1693e6c44da6ade01f2f85c29a777b4c32c7
SHA512 c23f850205da292f2728dd4983bc37ebe8956f00ec5cb924fe9da993d907885aa9175c9e737c279e288df499b1e443fb3cd51a7572a25e2d75ba1b61d6edb926

C:\Program Files\Java\jdk-1.8\bin\javah.exe

MD5 4db5cb2537f0987c0d845afa972ea9cb
SHA1 1a0741717b6e0229f05cb9a5b35b187fec58b753
SHA256 102d1b06f758c87d3819bd0a40d9556b6b3fbf0e400029fcaa06815776c8fa06
SHA512 68cd858e4118db2991493ea59f347562cdf0dc23792463edf03efdcbff8d42c947651a0fbf04024e38e5df1daf70491a61b7145d7c662128a48cbf686684807a

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

MD5 1cccfbc986ea53df81a4e70cd6597173
SHA1 6c8daaee7effdae8e9040212ab681756fd6304d2
SHA256 e88445c6e1b36f1283d39c10b5f54d76bec92c9fc6f46fd6bfc2c9bf7fb5f92e
SHA512 d123e84724f5795509f3af53f840c822357f4b5370c6885ed6229f97e0ec374eeaf7ad251b9706d6c345c243becde19bc87c4e98d12a8807a11332249d961744

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

MD5 4c6ce5dd5205507b87946586266a9f5e
SHA1 f51e934e609b055ad40383b163ea65bc84d9ddf5
SHA256 78cb1f05885c17e7ebacdaf510477dd0a8c58288d204011537a48f3321147260
SHA512 a075bb735ceb279f7f8816bc7b735453e1b42057d44f8f59de1f603e64caad2df619d68a6b61e54460e2642eb82904bc265f2cb299ee9ef1506dedbf1db4a4ce

C:\Program Files\Java\jdk-1.8\bin\javac.exe

MD5 b34e745e0988b0ffdef89f77ff21a7ba
SHA1 4c60ac4ef0ccda6d6a1095f9a8c596197c052248
SHA256 8f29355d9158028ebf974a67504cedfc9b49624584047d200560cc909c42ecad
SHA512 557cce240b93b5e680cdb5b288c3d78e4b23dc6ba761dccc4c6ac6c864e00f90c60992e85170f2f942c804a00f7be0f2a68253d9a2d5adc6b880391bea6e4246

C:\Program Files\Java\jdk-1.8\bin\java.exe

MD5 89af3405fc6de51b798861488bf14def
SHA1 153c7a305cb63e09648819e8542537c9d5bea1a6
SHA256 f4805db4f7809908bd4ddf74c18313142d3b77ddd7a84fc8239adce5af11b5aa
SHA512 c3413243269128ff0fa83106f066ab4550422d79602907546da1af6121ac777437020bc80aa1f318320def27298a2ec94f99ca4c4b8ecf39119797369445a13a

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

MD5 d115d959f9f32ff45f4426ebf58f064d
SHA1 0e7b1e9680e25bf956f669edd22a8d12349da799
SHA256 2832d14a2bbbdf87cdd90a467fdc1b7b3a700333a593545c45b3e900bcbe4299
SHA512 ce7a4f5e07c0c5e30aecb0188ae3be21147d37107d8aba32c61d4733e16417a103eb939837964d27cbbcbd4b6cfe294e3426680802fd6bd327fa5e2c0d40b897

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

MD5 799779502ce6ecb770066d5504d41313
SHA1 c7a6bf58c1d72a0bdda1013e254b023748a7ba98
SHA256 65c12b6523807edec2c15e6a1a56b6dd6fa97c8ae22ed481eb85dfb4d500a90f
SHA512 50822720811805be34cefbb776e8314d30c7facadac532972ca568188d8ca8ef7f6ac4252c85960876c04520e94c616076b924caa22d9b06e3621e900ec6188a

C:\Program Files\Java\jdk-1.8\bin\jar.exe

MD5 ed7bd4358ca2f8408a0f51bb2d64ac01
SHA1 38d028ff1c6c295fabf71082b20b775e5c4d442b
SHA256 b20521339025e75307b2c7dc5457463c134aaa8f8f54ef003e0f094436406f22
SHA512 53dc936ce991889295c138581f0a876b7498d1a9d3f188d65eb2996d02f68cd776b0b3330445f98a3c183230f8d6bf77d9cff733cd98202cc08b4c3e79ccf552

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

MD5 e298b2fccecb1d86c024490d53c046bc
SHA1 902fb1b93b498143f8189bfc78ad34bb1f3f434a
SHA256 68f87ac7edf21c379eb186a8f5755876db9fe08e94f554352b6a7fb76877550d
SHA512 621b322a1a3dfede485e4210ea4322ef9c5aa6dce409e51c4cd9f582554c1239b22252e1aaa381ee8630183088d8c5dd82ad0cec35ffd196cd62d32d6261ccb2

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

MD5 49e1fbe96184f0c4a6182d261327ae87
SHA1 ca59bf779e7637a65d4d38590b9c13baf5d2d378
SHA256 db69a9ccea5a31f16c8126e8818b287bde958e171f8b061ed78e99eecb02846e
SHA512 b34098dcede55eb023025df8c0ad18b003aaddf445e4c30613d00343ebf0bb7bfe6fd0a07b7791ca1a5c7d3c825a6ab539e1ae5ef4ad3fb05c91fc32b2c4a822

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

MD5 ac7861dc7f634723c17d0a562cddc456
SHA1 0a5f712132f268e00f120cf3b9c5712817d2166c
SHA256 af606831d8b703d33f6264913dae9880d8c0974406af422de0788663bca2124d
SHA512 46aabdd0420e1ce2d3cbca37badf49af3dca381483ff61e67b1446f84b37717f7d51a9fad763a644bfe1dca7fef6c27cb9223837811023e865384b90df6d8f59

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

MD5 fc50272e2625c87e3e9640acb9f91cbe
SHA1 81e20b4dd437e8d449df2df97b6a7de03ff267fd
SHA256 07fd54b7d0c1694937d9172ae9d8e4822c50f270ccd8d039253e1016ca63dd1c
SHA512 68cf9c07de7079941492259db442c58fa1e31a903a4851dba9cb20906cd7182780575b3a90bea2db4d27ebf4b18780bfbf6a7f0e7e3040fab80726a657872695

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

MD5 d5340e990e3b4889092c683463f19089
SHA1 7e23ea9badf482e586f953d6a904f72184594d70
SHA256 d0e4f7a628ef847f0d63417bdc7e6b5697c8f82b9e6c723fb47c03d028b2ad7f
SHA512 344daa351bc1c570dbb4e17ece398422e11f0125940a6aedc33e03b55d37101c800d1744abf6d17552ee3c398f1a59f969e2ace556e7b25216599aa8ad488f00

C:\Program Files\Google\Chrome\Application\133.0.6943.60\os_update_handler.exe

MD5 27f7d4609d1060f974825c164ba7830e
SHA1 ea70528583b8621f79b7740f4c1b6edae288213f
SHA256 c2d9edee305f7e2ea225f9d2b5db243252219b74d8a909e634c548a02b8080b2
SHA512 ae8a879fa4084f88e8f55254be9ddbb909710094d6542bc1a317ea26dff1374be6e7ae60028fd15a2db5337a80a006f72748ef798dcda31c44000dde7e2f3d0e

C:\Program Files\Google\Chrome\Application\133.0.6943.60\notification_helper.exe

MD5 69405daa2c9452b28620b093929db3aa
SHA1 dc41a27789571b2128154f91d56bc62ac16aa960
SHA256 4adb21b24010ce577a1eea9b51f25f1b1db33f6e7949830d3ea203efe832c835
SHA512 2885aa24af9a8a0d5742fa5039fd759978fad5a04dcb11b256a8c9ee1a5c65d8cd92e96d9831b8e2b1127d4cbc2c39391996497b5512572de94b4ffa007f68a2

memory/3352-472-0x0000000140000000-0x0000000140216000-memory.dmp

C:\Program Files\Google\Chrome\Application\133.0.6943.60\Installer\chrmstp.exe

MD5 6ab75dee88ad69d3a52347cb7f6d5f88
SHA1 a382db8df83a21cbfe98e86487ca8cdb8c5938cd
SHA256 674cfe6f1c6b562448e6bff59496a43ad6cc89d3a2a4acedb48c0f5882641987
SHA512 7e656287a3474e490eebaeb6e39749c504671a5329b1f9c651b9fcd0f9a7ffec55cfc1739d5d606ac01dd8783aa750ba137fef69b1018e2caed584ae1d05083d

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevated_tracing_service.exe

MD5 6bd944de06bdaae01d47eecb29802a9e
SHA1 bc08b5d79e52f1525f38aed58589fab259364201
SHA256 f0ab2b29e0db908c137ce13f5e7c273ac46faeb18c5fb1fdb03084825a7deee5
SHA512 f6ae86f408f752eb4e20c04351ba28f733e6a39bbce636bbb3c4b913150323e32c8ebc6345b21f4d75ebf5f30cc83e3f7ba0cc5391cfb7878f13b6e94c1ac05c

C:\Program Files\Google\Chrome\Application\133.0.6943.60\chrome_pwa_launcher.exe

MD5 4be9ef89193b4325f5dfbcf6934d8768
SHA1 377f5167f5641497a2beee749f543b18790da79b
SHA256 577ae98fe22b37a75ec1a6e6e8b1d63a41fa96a5284d52033bccce20682c59e7
SHA512 c35afd69e4afb97acbc9bb1086bfaf3b2688d936946df3620b60236e0a441f1a492439842f57edb801e67be72a7ade25e2175d90c9ec7cf67787d492ed5edc40

memory/3244-493-0x0000000140000000-0x00000001401D7000-memory.dmp

memory/1712-492-0x0000000140000000-0x00000001400C6000-memory.dmp

C:\Program Files\dotnet\dotnet.exe

MD5 8279023a3a063e0da593a96f7c273d40
SHA1 1fd2e05defdbaf9c8432b8bc98579211c1490ef8
SHA256 613a1dceaaf77e15c6293b9f0fc4a420892c616464b5e4f3237e578e143e8b61
SHA512 a575ee538bf17ecce03ec58357db64d1099c88e775d7e6b61ab2fd49775ef8a1b4e67bcfd354a7e66428e34ea3b8f9581637961097e696e5ed3c670545ab863f

memory/2008-495-0x0000000140000000-0x0000000140179000-memory.dmp