SHA256
AppContainer
C:\Windows\System32\conhost.exe
C:\Program Files (x86)\BigFix Enterprise\BES Client\x64environment.exe
C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
C:\Windows\System32\wbem\WmiApSrv.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe
C:\Windows\System32\MusNotification.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wermgr.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\backgroundTaskHost.exe
C:\Windows\System32\BackgroundTransferHost.exe
C:\Windows\System32\dllhost.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Windows\System32\conhost.exe
C:\Windows\System32\SearchProtocolHost.exe
C:\Windows\SysWOW64\SearchProtocolHost.exe
C:\Windows\System32\msiexec.exe
C:\Windows\System32\consent.exe
C:\Windows\System32\taskhostw.exe
C:\Windows\System32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
C:\Users
Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\ServerManager.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7369.6900.105\Bin\ccSvcHst.exe
C:\Users
C:\ProgramData
C:\Windows\Temp
C:\Temp
SyncAppvPublishingServer.exe
Mavinject.exe
certutil.exe
net.exe
auditpol.exe
at.exe
mshta.exe
notepad.exe
reg.exe
sc.exe
powershell.exe
cmd.exe
wmic.exe
cscript.exe
wscript.exe
rundll32.exe
regsvr32.exe
dsquery.exe
qwinsta.exe
psexe
80
8080
443
53
135
22
23
25
3389
445
3389
5985
5986
1913
81
8081
8282
8083
995
6868
7777
8888
13000
8088
1723
4500
9001
microsoft.com
microsoft.com.akadns.net
microsoft.com.nsatc.net
Microsoft\OneDrive\OneDrive.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
\AppData\Local\WhatsApp\app-0.2.9229\WhatsApp.exe
C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe
C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe
C:\WindowsAzure\GuestAgent_2.7.41491.875\Telemetry\WindowsAzureTelemetryService.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Users
Sysmon.exe
Microsoft Windows
Microsoft Corporation
NVIDIA Corporation
Intel
\Temp\
C:\Users
mimilib.dll
WinSCard.dll
samlib.dll
System.Management.Automation
C:\Windows\System32\backgroundTaskHost.exe
C:\Windows\System32\mmc.exe
C:\Windows\System32\backgroundTaskHost.exe
C:\Windows\assembly\NativeImages
C:\Program Files\WindowsApps
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\rdpclip.exe
c:\Program Files\Windows Defender\MsMpEng.exe
psexec.exe
psexesvc.exe
powershell.exe
cmd.exe
wmic.exe
cscript.exe
wscript.exe
rundll32.exe
regsvr32.exe
winword.exe
excel.exe
mspub.exe
msbuild.exe
powerpnt.exe
powershell.exe
VBE7.dll
VBE6.dll
C:\Windows\System32\lsass.exe
C:\Windows\System32\winlogon.exe
C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe
C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7369.6900.105\Bin\ccSvcHst.exe
C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Resources\133\pmfexe.exe
C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe
C:\Program Files (x86)\PowerPlug\Agent\p3comsvc.exe
C:\Packages\Plugins\Microsoft.Azure.Diagnostics.IaaSDiagnostics\1.11.3.9\Monitor\x64\MonAgentCore.exe
C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\PerfWatson2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\perfmon.exe
C:\WINDOWS\system32\LogonUI.exe
C:\WINDOWS\system32\MRT.exe
C:\Windows\System32\MsiExec.exe
C:\windows\CCM\CcmExec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\wininit.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\smss.exe
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
\Startup\
\Start Menu
\Content.Outlook\
\Downloads\
C:\Windows\System32\Tasks
C:\Windows\System32\WindowsPowerShell
C:\Windows\SysWOW64\WindowsPowerShell
ntuser.dat
C:\Windows\system32\Drivers
C:\Windows\SysWOW64\Drivers
C:\Windows\system32\Wbem
C:\Windows\SysWOW64\Wbem
.cmd
.dll
.ps1
.bat
.exe
.sys
.hta
.ps1
.vbs
.lnk
.pif
.url
.reg
.cer
.crt
.rsp
C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe
C:\Program Files\Microsoft Azure AD Sync\Bin\miiserver.exe
C:\windows\system32\cleanmgr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7369.6900.105\Bin\ccSvcHst.exe
CurrentVersion\Run
CurrentVersion\Windows\Run
CurrentVersion\Windows\Shell
CurrentVersion\Windows\Load
Policies\Explorer\Run
Policies\System\Shell
Group Policy\Scripts
Windows\System\Scripts
Control\Session Manager\BootExecute
CurrentVersion\Windows\AppInit_DLLs
Windows NT\CurrentVersion\Winlogon\UserInit
Windows NT\CurrentVersion\Winlogon\Notify
CurrentVersion\Explorer\Browser Helper Objects
Control\Session Manager\KnownDLLs
SOFTWARE\Microsoft\Security Center
CurrentVersion\AppCompatFlags
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy
HKLM\SOFTWARE\Microsoft\Security Center\UacDisableNotify
HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiVirus
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\
CurrentVersion\Image File Execution Options
CurrentControlSet\Control\Safeboot\
CurrentControlSet\Control\Winlogon\
ServiceDll
ImagePath
EulaAccepted
CurrentVersion\AppCompatFlags\CIT\Module\Microsoft
CreateKey
DeleteKey
DeleteValue
Content.Outlook
Downloads
Temp\7z
.bat
.exe
.cmd
.hta
.lnk
.ps1
.ps2
.reg
.vb
.vbe
.vbs
.scr