Windows Analysis Report Everything.exe

Overview

General Information

Sample Name:	Everything.exe
Analysis ID:	533988
MD5:	b2e26b3562562d5c2647eb466fd17eb6
SHA1:	52aacfe08a0d514ebcc1a6340659145145cfa400
SHA256:	66b9610e94d003a2b44abe976524c0181d808b8b8e663a26378204a71165aecd
Infos:
Most interesting Screenshot:

Detection

Thanos

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Thanos ransomware

Tries to harvest and steal browser information (history, passwords, etc)

AV process strings found (often used to terminate AV products)

Queries the volume information (name, serial number etc) of a device

Installs a raw input device (often for capturing keystrokes)

PE file contains strange resources

Checks for available system drives (often done to infect USB drives)

Classification

Signatures

Source: Everything.exe

Static PE information: certificate valid

Source: Everything.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Spreading:

Checks for available system drives (often done to infect USB drives)

Source: C:\Users\user\Desktop\Everything.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: c:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: Everything.exe, 00000000.00000003.378255903.0000000002F40000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uN
Source: Everything.exe, 00000000.00000003.378235516.0000000002F40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.376092631.0000000002F40000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/donate/
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/donate/Help
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/downloads/
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/downloads/#language
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/downloads/http://www.voidtools.com/downloads/#languagehttp://www.voidtools.
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/everything/beta-update.ini
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/everything/beta-update.iniupdate:
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/everything/update.ini
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/support/everything/
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/support/everything/http://www.voidtools.com/everything/update.iniwww.voidto
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/update.php)
Source: Everything.exe, 00000000.00000003.438742803.00000000007D0000.00000004.00000010.sdmp, Everything.exe, 00000000.00000003.436639506.00000000007D0000.00000004.00000010.sdmp	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4CJ3f?ver=d8e5
Source: Everything.exe, 00000000.00000003.441046491.00000000007D0000.00000004.00000010.sdmp	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4CQjJ?ver=f5d7
Source: Everything.exe, 00000000.00000003.424598976.00000000007D0000.00000004.00000010.sdmp	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4CSO9?ver=d3ac
Source: Everything.exe, 00000000.00000003.424698578.00000000007D0000.00000004.00000010.sdmp, Everything.exe, 00000000.00000003.404921247.00000000007D0000.00000004.00000010.sdmp	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4D0Nw?ver=7e07
Source: Everything.exe, 00000000.00000003.436523685.00000000007D0000.00000004.00000010.sdmp	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWzFJS?ver=b46e

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Installs a raw input device (often for capturing keystrokes)

Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp

Binary or memory string: #_WinAPI_RegisterRawInputDevices.au3

Spam, unwanted Advertisements and Ransom Demands:

Yara detected Thanos ransomware

Source: Yara match

File source: Process Memory Space: Everything.exe PID: 5704, type: MEMORYSTR

System Summary:

PE file contains strange resources

Source: Everything.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Everything.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Everything.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: Everything.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Everything.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Everything.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4657278A-411B-11d2-839A-00C04FD918D0}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Everything.exe

Mutant created: \Sessions\1\BaseNamedObjects\EVERYTHING_MUTEX

Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296736953.0000000005C11000.00000004.00000001.sdmp

Binary or memory string: AutoItX.slnx

Source: classification engine

Classification label: mal52.rans.spyw.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\Everything.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: Everything.exe

Static file information: File size 2260560 > 1048576

Source: Everything.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Everything.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: Everything.exe

Static PE information: certificate valid

Source: Everything.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1aec00

Source: Everything.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: C:\Users\user\Desktop\Everything.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.17134.1_en-us_461210c45e54cb44
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.17134.1_none_7338804b0eb50c17
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-storvsp_31bf3856ad364e35_10.0.17134.1_none_fabc5147bcc71691.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.17134.1_en-us_bdfc93ec7698eb64.manifesti
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-windows-hyper-v-dmvsc_31bf3856ad364e35_10.0.17134.1_none_8c46edec6c2bc4c5.manifestY
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.17134.1_en-us_02a473bf02f2a824
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.17134.1_none_3ce1277763a2249bb
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.17134.1_none_51d671baba10f2e8.manifestC
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_3c5b1e1b1b3e66b3K
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-k..erformance-counters_31bf3856ad364e35_10.0.17134.1_none_0fa1f97fe68f5a84.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-hyper-v-vpmem_31bf3856ad364e35_10.0.17134.1_none_c277eb1734798565.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: iamd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.17134.1_none_d23c603739df2f63.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..ommon-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_f5e4ea96fd9fee6d.manifesty
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.17134.1_none_d74ad2482ffdcb42
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-vstack-vmsp_31bf3856ad364e35_10.0.17134.1_none_1ac175bdc8f2a7d7.manifestS
Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmp	Binary or memory string: H#MSFT_NetEventVmNetworkAdatper.cdxml4
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.17134.1_none_d23c603739df2f63
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.17134.1_en-us_2b9c39681a7206ff.manifest`
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: eamd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_bd1bad59835abed8.manifestt
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.17134.1_none_80458ecfde93ef21.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-vstack-tpm_31bf3856ad364e35_10.0.17134.1_none_604b83348a0c5e92.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..group-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_88bd3c16c482b637.manifest*
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-vpmem.resources_31bf3856ad364e35_10.0.17134.1_en-us_83c966966d5f8cf2
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Wamd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.17134.1_none_6efae9ae437759d8v".
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.17134.1_none_6447f639abdaab84
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-p..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_d91519867fe67212.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Yamd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.17134.1_none_dacb8dcdbfa5382f
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: [Microsoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: RMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.17134.1_none_b7de7159233ab503.manifest
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: R$$_syswow64_windowspowershell_v1.0_modules_hyper-v_2.0.0.0_e405d34891a93e8b.cdf-ms`
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.17134.1_none_51d671baba10f2e8-
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-vstack-tpm_31bf3856ad364e35_10.0.17134.1_none_604b83348a0c5e92s
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: jamd64_microsoft-hyper-v-vstack-tpm.resources_31bf3856ad364e35_10.0.17134.1_en-us_259560ef1632af7b.manifestb
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: eamd64_microsoft-hyper-v-vpmem.resources_31bf3856ad364e35_10.0.17134.1_en-us_83c966966d5f8cf2.manifestG
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..vices-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_d43b74ba5db8d712.manifest
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: gMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: RMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: RMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: jamd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_8051bd2040ebffa9.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: [Microsoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat-7
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Wamd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.17134.1_none_1ac11a9dc8f30e5b
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.17134.1_en-us_461210c45e54cb44.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-h..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_31bb998e7ce8dbdd.manifest{h
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-vstack-rdv_31bf3856ad364e35_10.0.17134.1_none_6054528c8a07dd45.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: RMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Types.ps1xmlF
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: gamd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.17134.1_none_2457e84548829177.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.psd1
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: gMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_705250041d8b5452.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.17134.1_en-us_a86f4344ed926804\|k
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Format.ps1xmlV
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.17134.1_en-us_d370585015d204f5.manifest:
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum\
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: N$$_syswow64_windowspowershell_v1.0_modules_hyper-v_1.1_274139982b49eac9.cdf-msT
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: [amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.17134.1_none_2becad3b77bb3580.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Xamd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.17134.1_none_8ce33edadf477e7a.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: damd64_microsoft-hyper-v-socket-provider_31bf3856ad364e35_10.0.17134.1_none_f5d736b78ec0a239.manifest
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: WMicrosoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: damd64_microsoft-hyper-v-vstack-vpcivdev_31bf3856ad364e35_10.0.17134.1_none_7873076add237d80.manifest
Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmp	Binary or memory string: H+MSFT_NetEventVmNetworkAdatper.format.ps1xml
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Format.ps1xmlb
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Oamd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.17134.1_none_84e0eedae46f7b9b
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-f..wallrules.resources_31bf3856ad364e35_10.0.17134.1_en-us_7d008f07cc0acfbc.manifest]
Source: Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: TMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.catx
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Xamd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.17134.1_none_84e0eedae46f7b9b.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: KMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: KMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-f..wallrules.resources_31bf3856ad364e35_10.0.17134.1_en-us_7d008f07cc0acfbc.manifest]"
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: TMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.17134.1_none_602fae5e8a21fe6a
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.548577182.0000000006160000.00000004.00000001.sdmp	Binary or memory string: Hyper-V"
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.17134.1_en-us_0d3e2a9bd4020545.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: MMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_ca9236a4769cd0cd.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-h..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_31bb998e7ce8dbdd.manifest{
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.17134.1_en-us_9c3432f847f5f8f0.manifestj
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Xamd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.17134.1_none_e99c08352e0bfafa1
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.17134.1_none_1c1693f7c8171ba6.manifest6
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-p..ru-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_d16dce7672841ddd
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.17134.1_none_55327e6a748f524c
Source: Everything.exe, 00000000.00000003.290418941.0000000005781000.00000004.00000001.sdmp	Binary or memory string: #MSFT_NetEventVmNetworkAdatper.cdxml4
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Types.ps1xml24
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-m..wallrules.resources_31bf3856ad364e35_10.0.17134.1_en-us_c011eec82bd47853.manifestl
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: gamd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.17134.1_en-us_49c786157c795a73.manifestd
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: ]amd64_microsoft-hyper-v-vstack-computelib_31bf3856ad364e35_10.0.17134.1_none_9321c5b124bca3df
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-h..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_c8885d1044f785b1.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ^Microsoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmp	Binary or memory string: -+MSFT_NetEventVmNetworkAdatper.format.ps1xml
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: famd64_microsoft-hyper-v-vstack-computelib_31bf3856ad364e35_10.0.17134.1_none_9321c5b124bca3df.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: ^amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.17134.1_none_d80c4ce4e8fa0144
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Wamd64_microsoft-hyper-v-vstack-vmsp_31bf3856ad364e35_10.0.17134.1_none_1ac175bdc8f2a7d7
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: YMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum}
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.17134.1_en-us_73034f3cf79a1975.manifest)
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum\
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.17134.1_en-us_f8bef40208ce4908.manifest_
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.psd1n
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.17134.1_none_55327e6a748f524c.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: MMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.catU4
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_6340c1c9612e407b.manifest
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: XHyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mume
Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmp	Binary or memory string: bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: TMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumY
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: ^amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.17134.1_none_15d1dfb8ceafada1-
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.17134.1_none_18c6a9392dd7eb3eC
Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.545001435.00000000009AD000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300447599.00000000009AD000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.17134.1_none_e636218254eba71f
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..ommon-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_f5e4ea96fd9fee6d.manifesty:
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.17134.1_none_7743eea1a413bb8c.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mumF
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.17134.1_none_e6683e9b0956ac05
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.17134.1_en-us_aea0b368e53cc261.manifestt
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.17134.1_en-us_e3616de0d25a48c4
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: \Microsoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-firewallrules_31bf3856ad364e35_10.0.17134.1_none_b9673992b104448b.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.17134.1_en-us_f27d2f48e22200a4
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.17134.1_none_e636218254eba71f.manifest
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: WMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.17134.1_en-us_d370585015d204f5
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.17134.1_en-us_bdfc93ec7698eb64-
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: QMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_bd1bad59835abed8b
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Qamd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.17134.1_none_c35bb6c84d5e4ad0b
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-v..omputelib.resources_31bf3856ad364e35_10.0.17134.1_en-us_a1cfee3fcfcbe4d8
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: YMicrosoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumh
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: jamd64_microsoft-hyper-v-lun-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_15c27a1250ea6310.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_9c1fa24ea8808bce.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: WMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.17134.1_en-us_73034f3cf79a1975%
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.17134.1_en-us_8e782c7a46f14b49.manifestb
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catF#
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-3dvideo_31bf3856ad364e35_10.0.17134.1_none_bb0455987cc9b004.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: QMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: jamd64_microsoft-hyper-v-vhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_0b749ee450213385.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumt
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: YMicrosoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Oamd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.17134.1_none_8ce33edadf477e7a
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.17134.1_none_80458ecfde93ef21
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmp	Binary or memory string: -#MSFT_NetEventVmNetworkAdatper.cdxml4
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: gamd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.17134.1_none_15d1dfb8ceafada1.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.17134.1_en-us_592a4468e416a24d.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.17134.1_none_e6683e9b0956ac05.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_356d3b5898bc1c7d.manifest1
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.17134.1_none_d74ad2482ffdcb42.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-storflt_31bf3856ad364e35_10.0.17134.1_none_fc7308d7bbb0dfd6.manifest~
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Format.ps1xml
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ]HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumt
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Yamd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.17134.1_none_58d19a03c592a9cb.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-p..ru-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_d16dce7672841ddd.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.17134.1_none_6447f639abdaab84.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: ^amd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.17134.1_en-us_49c786157c795a73
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: ^Microsoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.17134.1_none_c0dbf3b2f0877a05.manifeste
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.17134.1_none_7743eea1a413bb8cu6"
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: ^amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.17134.1_none_2457e84548829177
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_3c5b1e1b1b3e66b3.manifest
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Types.ps1xml
Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmp	Binary or memory string: ]HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC)
Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmp	Binary or memory string: XHyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_bae31ba10711fa29.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_170afe8321651ef9.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.17134.1_en-us_a86f4344ed926804.manifestr
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.17134.1_none_602fae5e8a21fe6a.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: TMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.17134.1_en-us_f8bef40208ce4908
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: gamd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.17134.1_none_d80c4ce4e8fa0144.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: damd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.17134.1_none_076f3325872ef096.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-vstack-vmsp.resources_31bf3856ad364e35_10.0.17134.1_en-us_96681ed56ec765c6.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.17134.1_none_27198deddb7b50eb.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: famd64_microsoft-hyper-v-hypervisor-events_31bf3856ad364e35_10.0.17134.1_none_93bac8ae42b1f037.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-v..omputelib.resources_31bf3856ad364e35_10.0.17134.1_en-us_a1cfee3fcfcbe4d8.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.17134.1_en-us_8e782c7a46f14b49
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: \Microsoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catF#
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.17134.1_en-us_f27d2f48e22200a4.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..ercommon-deployment_31bf3856ad364e35_10.0.17134.1_none_ffda9e2d3858e036.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: eamd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.17134.1_none_18c6a9392dd7eb3e.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.17134.1_en-us_aea0b368e53cc261
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: VMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum)
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: ewow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_c77057abb7bb80d3.manifestz
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.17134.1_en-us_0d3e2a9bd4020545
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-vmsp.resources_31bf3856ad364e35_10.0.17134.1_en-us_96681ed56ec765c6
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat-7X_
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: [amd64_microsoft-hyper-v-vstack_31bf3856ad364e35_10.0.17134.1_none_4a3dff595d47ce04.manifest
Source: Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp	Binary or memory string: ?]HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: [amd64_microsoft-hyper-v-vstack-vpcivdev_31bf3856ad364e35_10.0.17134.1_none_7873076add237d80/
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000002.548577182.0000000006160000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283146568.00000000061D1000.00000004.00000001.sdmp	Binary or memory string: \wow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_c77057abb7bb80d3
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: \Microsoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Qamd64_microsoft-hyper-v-vpmem_31bf3856ad364e35_10.0.17134.1_none_c277eb1734798565
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.17134.1_none_c0dbf3b2f0877a05
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Wamd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.17134.1_none_1c1693f7c8171ba6
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-hyper-v-vmbus_31bf3856ad364e35_10.0.17134.1_none_bcf0637138185dcf.manifestr
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.17134.1_none_69e85823c476b806>7
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.17134.1_en-us_02a473bf02f2a824.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: VMicrosoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.17134.1_none_14929ba5ccea66b9.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Samd64_microsoft-hyper-v-3dvideo_31bf3856ad364e35_10.0.17134.1_none_bb0455987cc9b004
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-k..erformance-counters_31bf3856ad364e35_10.0.17134.1_none_611f8a7fa810774a.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: hamd64_microsoft-hyper-v-vstack-vdev-offline_31bf3856ad364e35_10.0.17134.1_none_c190bdf9d967faea.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: OMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Types.ps1xmlX
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmp	Binary or memory string: ]HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum@
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.17134.1_en-us_592a4468e416a24dl
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: aamd64_microsoft-hyper-v-lun-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_15c27a1250ea6310
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.17134.1_en-us_662e0a371a2edd22.manifest`
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: VMicrosoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-drivers-hypervisor-bcd_31bf3856ad364e35_10.0.17134.1_none_fb42759451b23f2f.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-d..ers-vmswitch-common_31bf3856ad364e35_10.0.17134.1_none_156e07c0687fe777.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Wamd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.17134.1_none_14929ba5ccea66b9
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ]HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.17134.1_none_6efae9ae437759d8.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: aamd64_microsoft-hyper-v-vstack-tpm.resources_31bf3856ad364e35_10.0.17134.1_en-us_259560ef1632af7b
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Ramd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.17134.1_none_2becad3b77bb3580-
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ]HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-p..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_7fb4b9d31b9d09e8.manifest
Source: Everything.exe, 00000000.00000003.290418941.0000000005781000.00000004.00000001.sdmp	Binary or memory string: +MSFT_NetEventVmNetworkAdatper.format.ps1xml
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: TMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: [amd64_microsoft-hyper-v-socket-provider_31bf3856ad364e35_10.0.17134.1_none_f5d736b78ec0a239b
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.psd1
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: iamd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.17134.1_none_3ce1277763a2249b.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_d4bc3c4a770c0641.manifest
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: VMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.17134.1_en-us_9c3432f847f5f8f0
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: WMicrosoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumb
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Types.ps1xml24J
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.17134.1_en-us_662e0a371a2edd22
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: jamd64_microsoft-hyper-v-guest-network-drivers_31bf3856ad364e35_10.0.17134.1_none_5c8a4254832126cf.manifestt
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mume
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.17134.1_none_1ac11a9dc8f30e5b.manifest
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Format.ps1xmlB#
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.17134.1_en-us_e3616de0d25a48c4.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.17134.1_none_69e85823c476b806.manifest?
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.17134.1_en-us_2b9c39681a7206ff
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-vstack-rdv_31bf3856ad364e35_10.0.17134.1_none_6054528c8a07dd455
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.17134.1_none_c35bb6c84d5e4ad0.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: aamd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.17134.1_none_e99c08352e0bfafa.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-m..ients-firewallrules_31bf3856ad364e35_10.0.17134.1_none_d07683518a4c2ec2.manifestr
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.17134.1_none_7338804b0eb50c17.manifestz
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: gMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.17134.1_none_27198deddb7b50eb?#
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Pamd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.17134.1_none_58d19a03c592a9cbb
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: [amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.17134.1_none_076f3325872ef096
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: YMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Qamd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.17134.1_none_b7de7159233ab503
Source: Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp	Binary or memory string: \bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: aamd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_8051bd2040ebffa9-
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: ^amd64_microsoft-hyper-v-licensing_31bf3856ad364e35_10.0.17134.1_none_369c533be4c3e496.manifestL
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.17134.1_none_dacb8dcdbfa5382f.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: aamd64_microsoft-hyper-v-vhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_0b749ee450213385
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: OMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Xamd64_microsoft-hyper-v-vid_31bf3856ad364e35_10.0.17134.1_none_864a29a4e381d095.manifest

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Everything.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

AV process strings found (often used to terminate AV products)

Source: Everything.exe, 00000000.00000003.285386975.00000000052F1000.00000004.00000001.sdmp	Binary or memory string: MSASCui.exe
Source: Everything.exe, 00000000.00000002.544541632.00000000008EB000.00000004.00000020.sdmp	Binary or memory string: \\192.168.2.1\all\procexp.exe
Source: Everything.exe, 00000000.00000002.544541632.00000000008EB000.00000004.00000020.sdmp	Binary or memory string: "c:\users\user\desktop\procexp.exe
Source: Everything.exe, 00000000.00000003.285386975.00000000052F1000.00000004.00000001.sdmp	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information:

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Everything.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

Source: Everything.exe

Static PE information: certificate valid

Source: Everything.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Spreading:

Checks for available system drives (often done to infect USB drives)

Source: C:\Users\user\Desktop\Everything.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: c:	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: Everything.exe, 00000000.00000003.378255903.0000000002F40000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uN
Source: Everything.exe, 00000000.00000003.378235516.0000000002F40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.376092631.0000000002F40000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/donate/
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/donate/Help
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/downloads/
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/downloads/#language
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/downloads/http://www.voidtools.com/downloads/#languagehttp://www.voidtools.
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/everything/beta-update.ini
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/everything/beta-update.iniupdate:
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/everything/update.ini
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/support/everything/
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/support/everything/http://www.voidtools.com/everything/update.iniwww.voidto
Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmp	String found in binary or memory: http://www.voidtools.com/update.php)
Source: Everything.exe, 00000000.00000003.438742803.00000000007D0000.00000004.00000010.sdmp, Everything.exe, 00000000.00000003.436639506.00000000007D0000.00000004.00000010.sdmp	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4CJ3f?ver=d8e5
Source: Everything.exe, 00000000.00000003.441046491.00000000007D0000.00000004.00000010.sdmp	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4CQjJ?ver=f5d7
Source: Everything.exe, 00000000.00000003.424598976.00000000007D0000.00000004.00000010.sdmp	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4CSO9?ver=d3ac
Source: Everything.exe, 00000000.00000003.424698578.00000000007D0000.00000004.00000010.sdmp, Everything.exe, 00000000.00000003.404921247.00000000007D0000.00000004.00000010.sdmp	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4D0Nw?ver=7e07
Source: Everything.exe, 00000000.00000003.436523685.00000000007D0000.00000004.00000010.sdmp	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWzFJS?ver=b46e

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Installs a raw input device (often for capturing keystrokes)

Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp

Binary or memory string: #_WinAPI_RegisterRawInputDevices.au3

Spam, unwanted Advertisements and Ransom Demands:

Yara detected Thanos ransomware

Source: Yara match

File source: Process Memory Space: Everything.exe PID: 5704, type: MEMORYSTR

System Summary:

PE file contains strange resources

Source: Everything.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Everything.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Everything.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: Everything.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Everything.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Everything.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4657278A-411B-11d2-839A-00C04FD918D0}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Everything.exe

Mutant created: \Sessions\1\BaseNamedObjects\EVERYTHING_MUTEX

Binary or memory string: AutoItX.slnx

Source: classification engine

Classification label: mal52.rans.spyw.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\Everything.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: Everything.exe

Static file information: File size 2260560 > 1048576

Source: Everything.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Everything.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: Everything.exe

Static PE information: certificate valid

Source: Everything.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1aec00

Source: Everything.exe

Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: C:\Users\user\Desktop\Everything.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local\Packages	Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.17134.1_en-us_461210c45e54cb44
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.17134.1_none_7338804b0eb50c17
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-storvsp_31bf3856ad364e35_10.0.17134.1_none_fabc5147bcc71691.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.17134.1_en-us_bdfc93ec7698eb64.manifesti
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-windows-hyper-v-dmvsc_31bf3856ad364e35_10.0.17134.1_none_8c46edec6c2bc4c5.manifestY
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.17134.1_en-us_02a473bf02f2a824
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.17134.1_none_3ce1277763a2249bb
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.17134.1_none_51d671baba10f2e8.manifestC
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_3c5b1e1b1b3e66b3K
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-k..erformance-counters_31bf3856ad364e35_10.0.17134.1_none_0fa1f97fe68f5a84.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-hyper-v-vpmem_31bf3856ad364e35_10.0.17134.1_none_c277eb1734798565.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: iamd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.17134.1_none_d23c603739df2f63.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..ommon-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_f5e4ea96fd9fee6d.manifesty
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.17134.1_none_d74ad2482ffdcb42
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-vstack-vmsp_31bf3856ad364e35_10.0.17134.1_none_1ac175bdc8f2a7d7.manifestS
Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmp	Binary or memory string: H#MSFT_NetEventVmNetworkAdatper.cdxml4
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.17134.1_none_d23c603739df2f63
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.17134.1_en-us_2b9c39681a7206ff.manifest`
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: eamd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_bd1bad59835abed8.manifestt
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.17134.1_none_80458ecfde93ef21.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-vstack-tpm_31bf3856ad364e35_10.0.17134.1_none_604b83348a0c5e92.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..group-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_88bd3c16c482b637.manifest*
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-vpmem.resources_31bf3856ad364e35_10.0.17134.1_en-us_83c966966d5f8cf2
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Wamd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.17134.1_none_6efae9ae437759d8v".
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.17134.1_none_6447f639abdaab84
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-p..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_d91519867fe67212.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Yamd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.17134.1_none_dacb8dcdbfa5382f
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: [Microsoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: RMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.17134.1_none_b7de7159233ab503.manifest
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: R$$_syswow64_windowspowershell_v1.0_modules_hyper-v_2.0.0.0_e405d34891a93e8b.cdf-ms`
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.17134.1_none_51d671baba10f2e8-
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-vstack-tpm_31bf3856ad364e35_10.0.17134.1_none_604b83348a0c5e92s
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: jamd64_microsoft-hyper-v-vstack-tpm.resources_31bf3856ad364e35_10.0.17134.1_en-us_259560ef1632af7b.manifestb
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: eamd64_microsoft-hyper-v-vpmem.resources_31bf3856ad364e35_10.0.17134.1_en-us_83c966966d5f8cf2.manifestG
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..vices-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_d43b74ba5db8d712.manifest
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: gMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: RMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: RMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: jamd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_8051bd2040ebffa9.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: [Microsoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat-7
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Wamd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.17134.1_none_1ac11a9dc8f30e5b
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.17134.1_en-us_461210c45e54cb44.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-h..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_31bb998e7ce8dbdd.manifest{h
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-vstack-rdv_31bf3856ad364e35_10.0.17134.1_none_6054528c8a07dd45.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: RMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Types.ps1xmlF
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: gamd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.17134.1_none_2457e84548829177.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.psd1
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: gMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_705250041d8b5452.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.17134.1_en-us_a86f4344ed926804\|k
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Format.ps1xmlV
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.17134.1_en-us_d370585015d204f5.manifest:
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum\
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: N$$_syswow64_windowspowershell_v1.0_modules_hyper-v_1.1_274139982b49eac9.cdf-msT
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: [amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.17134.1_none_2becad3b77bb3580.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Xamd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.17134.1_none_8ce33edadf477e7a.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: damd64_microsoft-hyper-v-socket-provider_31bf3856ad364e35_10.0.17134.1_none_f5d736b78ec0a239.manifest
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: WMicrosoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: damd64_microsoft-hyper-v-vstack-vpcivdev_31bf3856ad364e35_10.0.17134.1_none_7873076add237d80.manifest
Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmp	Binary or memory string: H+MSFT_NetEventVmNetworkAdatper.format.ps1xml
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Format.ps1xmlb
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Oamd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.17134.1_none_84e0eedae46f7b9b
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-f..wallrules.resources_31bf3856ad364e35_10.0.17134.1_en-us_7d008f07cc0acfbc.manifest]
Source: Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: TMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.catx
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Xamd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.17134.1_none_84e0eedae46f7b9b.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: KMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: KMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-f..wallrules.resources_31bf3856ad364e35_10.0.17134.1_en-us_7d008f07cc0acfbc.manifest]"
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: TMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.17134.1_none_602fae5e8a21fe6a
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.548577182.0000000006160000.00000004.00000001.sdmp	Binary or memory string: Hyper-V"
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.17134.1_en-us_0d3e2a9bd4020545.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: MMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_ca9236a4769cd0cd.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-h..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_31bb998e7ce8dbdd.manifest{
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.17134.1_en-us_9c3432f847f5f8f0.manifestj
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Xamd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.17134.1_none_e99c08352e0bfafa1
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.17134.1_none_1c1693f7c8171ba6.manifest6
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-p..ru-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_d16dce7672841ddd
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.17134.1_none_55327e6a748f524c
Source: Everything.exe, 00000000.00000003.290418941.0000000005781000.00000004.00000001.sdmp	Binary or memory string: #MSFT_NetEventVmNetworkAdatper.cdxml4
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Types.ps1xml24
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-m..wallrules.resources_31bf3856ad364e35_10.0.17134.1_en-us_c011eec82bd47853.manifestl
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: gamd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.17134.1_en-us_49c786157c795a73.manifestd
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: ]amd64_microsoft-hyper-v-vstack-computelib_31bf3856ad364e35_10.0.17134.1_none_9321c5b124bca3df
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-h..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_c8885d1044f785b1.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ^Microsoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmp	Binary or memory string: -+MSFT_NetEventVmNetworkAdatper.format.ps1xml
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: famd64_microsoft-hyper-v-vstack-computelib_31bf3856ad364e35_10.0.17134.1_none_9321c5b124bca3df.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: ^amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.17134.1_none_d80c4ce4e8fa0144
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Wamd64_microsoft-hyper-v-vstack-vmsp_31bf3856ad364e35_10.0.17134.1_none_1ac175bdc8f2a7d7
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: YMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum}
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.17134.1_en-us_73034f3cf79a1975.manifest)
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum\
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.17134.1_en-us_f8bef40208ce4908.manifest_
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.psd1n
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.17134.1_none_55327e6a748f524c.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: MMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.catU4
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_6340c1c9612e407b.manifest
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: XHyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mume
Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmp	Binary or memory string: bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: TMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumY
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: ^amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.17134.1_none_15d1dfb8ceafada1-
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.17134.1_none_18c6a9392dd7eb3eC
Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.545001435.00000000009AD000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300447599.00000000009AD000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.17134.1_none_e636218254eba71f
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..ommon-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_f5e4ea96fd9fee6d.manifesty:
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.17134.1_none_7743eea1a413bb8c.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mumF
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.17134.1_none_e6683e9b0956ac05
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.17134.1_en-us_aea0b368e53cc261.manifestt
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.17134.1_en-us_e3616de0d25a48c4
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: \Microsoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-firewallrules_31bf3856ad364e35_10.0.17134.1_none_b9673992b104448b.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.17134.1_en-us_f27d2f48e22200a4
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.17134.1_none_e636218254eba71f.manifest
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: WMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.17134.1_en-us_d370585015d204f5
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.17134.1_en-us_bdfc93ec7698eb64-
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: QMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_bd1bad59835abed8b
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Qamd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.17134.1_none_c35bb6c84d5e4ad0b
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-v..omputelib.resources_31bf3856ad364e35_10.0.17134.1_en-us_a1cfee3fcfcbe4d8
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: YMicrosoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumh
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: jamd64_microsoft-hyper-v-lun-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_15c27a1250ea6310.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_9c1fa24ea8808bce.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: WMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.17134.1_en-us_73034f3cf79a1975%
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.17134.1_en-us_8e782c7a46f14b49.manifestb
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catF#
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-3dvideo_31bf3856ad364e35_10.0.17134.1_none_bb0455987cc9b004.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: QMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: jamd64_microsoft-hyper-v-vhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_0b749ee450213385.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumt
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: YMicrosoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Oamd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.17134.1_none_8ce33edadf477e7a
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.17134.1_none_80458ecfde93ef21
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmp	Binary or memory string: -#MSFT_NetEventVmNetworkAdatper.cdxml4
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: gamd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.17134.1_none_15d1dfb8ceafada1.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.17134.1_en-us_592a4468e416a24d.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.17134.1_none_e6683e9b0956ac05.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_356d3b5898bc1c7d.manifest1
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.17134.1_none_d74ad2482ffdcb42.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: \amd64_microsoft-hyper-v-storflt_31bf3856ad364e35_10.0.17134.1_none_fc7308d7bbb0dfd6.manifest~
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Format.ps1xml
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ]HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumt
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Yamd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.17134.1_none_58d19a03c592a9cb.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-p..ru-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_d16dce7672841ddd.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.17134.1_none_6447f639abdaab84.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: ^amd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.17134.1_en-us_49c786157c795a73
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: ^Microsoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.17134.1_none_c0dbf3b2f0877a05.manifeste
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.17134.1_none_7743eea1a413bb8cu6"
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: ^amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.17134.1_none_2457e84548829177
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_3c5b1e1b1b3e66b3.manifest
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Types.ps1xml
Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmp	Binary or memory string: ]HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC)
Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmp	Binary or memory string: XHyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_bae31ba10711fa29.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_170afe8321651ef9.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.17134.1_en-us_a86f4344ed926804.manifestr
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: _amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.17134.1_none_602fae5e8a21fe6a.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: TMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.17134.1_en-us_f8bef40208ce4908
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: gamd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.17134.1_none_d80c4ce4e8fa0144.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: damd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.17134.1_none_076f3325872ef096.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-vstack-vmsp.resources_31bf3856ad364e35_10.0.17134.1_en-us_96681ed56ec765c6.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.17134.1_none_27198deddb7b50eb.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: famd64_microsoft-hyper-v-hypervisor-events_31bf3856ad364e35_10.0.17134.1_none_93bac8ae42b1f037.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-v..omputelib.resources_31bf3856ad364e35_10.0.17134.1_en-us_a1cfee3fcfcbe4d8.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.17134.1_en-us_8e782c7a46f14b49
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: \Microsoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catF#
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.17134.1_en-us_f27d2f48e22200a4.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-o..ercommon-deployment_31bf3856ad364e35_10.0.17134.1_none_ffda9e2d3858e036.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: eamd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.17134.1_none_18c6a9392dd7eb3e.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.17134.1_en-us_aea0b368e53cc261
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: VMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum)
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: ewow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_c77057abb7bb80d3.manifestz
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.17134.1_en-us_0d3e2a9bd4020545
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-vmsp.resources_31bf3856ad364e35_10.0.17134.1_en-us_96681ed56ec765c6
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat-7X_
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: [amd64_microsoft-hyper-v-vstack_31bf3856ad364e35_10.0.17134.1_none_4a3dff595d47ce04.manifest
Source: Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp	Binary or memory string: ?]HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: [amd64_microsoft-hyper-v-vstack-vpcivdev_31bf3856ad364e35_10.0.17134.1_none_7873076add237d80/
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000002.548577182.0000000006160000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283146568.00000000061D1000.00000004.00000001.sdmp	Binary or memory string: \wow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_c77057abb7bb80d3
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: \Microsoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Qamd64_microsoft-hyper-v-vpmem_31bf3856ad364e35_10.0.17134.1_none_c277eb1734798565
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.17134.1_none_c0dbf3b2f0877a05
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Wamd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.17134.1_none_1c1693f7c8171ba6
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-hyper-v-vmbus_31bf3856ad364e35_10.0.17134.1_none_bcf0637138185dcf.manifestr
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.17134.1_none_69e85823c476b806>7
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.17134.1_en-us_02a473bf02f2a824.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: VMicrosoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.17134.1_none_14929ba5ccea66b9.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Samd64_microsoft-hyper-v-3dvideo_31bf3856ad364e35_10.0.17134.1_none_bb0455987cc9b004
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-k..erformance-counters_31bf3856ad364e35_10.0.17134.1_none_611f8a7fa810774a.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: hamd64_microsoft-hyper-v-vstack-vdev-offline_31bf3856ad364e35_10.0.17134.1_none_c190bdf9d967faea.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: OMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Types.ps1xmlX
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmp	Binary or memory string: ]HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum@
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.17134.1_en-us_592a4468e416a24dl
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: aamd64_microsoft-hyper-v-lun-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_15c27a1250ea6310
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.17134.1_en-us_662e0a371a2edd22.manifest`
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: VMicrosoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-drivers-hypervisor-bcd_31bf3856ad364e35_10.0.17134.1_none_fb42759451b23f2f.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-d..ers-vmswitch-common_31bf3856ad364e35_10.0.17134.1_none_156e07c0687fe777.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Wamd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.17134.1_none_14929ba5ccea66b9
Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ]HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.17134.1_none_6efae9ae437759d8.manifest
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: aamd64_microsoft-hyper-v-vstack-tpm.resources_31bf3856ad364e35_10.0.17134.1_en-us_259560ef1632af7b
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Ramd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.17134.1_none_2becad3b77bb3580-
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ]HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-p..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_7fb4b9d31b9d09e8.manifest
Source: Everything.exe, 00000000.00000003.290418941.0000000005781000.00000004.00000001.sdmp	Binary or memory string: +MSFT_NetEventVmNetworkAdatper.format.ps1xml
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: TMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: [amd64_microsoft-hyper-v-socket-provider_31bf3856ad364e35_10.0.17134.1_none_f5d736b78ec0a239b
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.psd1
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: iamd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.17134.1_none_3ce1277763a2249b.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_d4bc3c4a770c0641.manifest
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: VMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: camd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.17134.1_en-us_9c3432f847f5f8f0
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: WMicrosoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumb
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Types.ps1xml24J
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.17134.1_en-us_662e0a371a2edd22
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: jamd64_microsoft-hyper-v-guest-network-drivers_31bf3856ad364e35_10.0.17134.1_none_5c8a4254832126cf.manifestt
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mume
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: `amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.17134.1_none_1ac11a9dc8f30e5b.manifest
Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp	Binary or memory string: Hyper-V.Format.ps1xmlB#
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: lamd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.17134.1_en-us_e3616de0d25a48c4.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.17134.1_none_69e85823c476b806.manifest?
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.17134.1_en-us_2b9c39681a7206ff
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: UMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Vamd64_microsoft-hyper-v-vstack-rdv_31bf3856ad364e35_10.0.17134.1_none_6054528c8a07dd455
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Zamd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.17134.1_none_c35bb6c84d5e4ad0.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: aamd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.17134.1_none_e99c08352e0bfafa.manifest
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-m..ients-firewallrules_31bf3856ad364e35_10.0.17134.1_none_d07683518a4c2ec2.manifestr
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: kamd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.17134.1_none_7338804b0eb50c17.manifestz
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: gMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.17134.1_none_27198deddb7b50eb?#
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Pamd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.17134.1_none_58d19a03c592a9cbb
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: [amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.17134.1_none_076f3325872ef096
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmp	Binary or memory string: YMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: Qamd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.17134.1_none_b7de7159233ab503
Source: Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp	Binary or memory string: \bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: aamd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_8051bd2040ebffa9-
Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: ^amd64_microsoft-hyper-v-licensing_31bf3856ad364e35_10.0.17134.1_none_369c533be4c3e496.manifestL
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: bamd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.17134.1_none_dacb8dcdbfa5382f.manifest
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: PMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmp	Binary or memory string: aamd64_microsoft-hyper-v-vhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_0b749ee450213385
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: ZMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp	Binary or memory string: OMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmp	Binary or memory string: Xamd64_microsoft-hyper-v-vid_31bf3856ad364e35_10.0.17134.1_none_864a29a4e381d095.manifest

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Everything.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Everything.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

AV process strings found (often used to terminate AV products)

Source: Everything.exe, 00000000.00000003.285386975.00000000052F1000.00000004.00000001.sdmp	Binary or memory string: MSASCui.exe
Source: Everything.exe, 00000000.00000002.544541632.00000000008EB000.00000004.00000020.sdmp	Binary or memory string: \\192.168.2.1\all\procexp.exe
Source: Everything.exe, 00000000.00000002.544541632.00000000008EB000.00000004.00000020.sdmp	Binary or memory string: "c:\users\user\desktop\procexp.exe
Source: Everything.exe, 00000000.00000003.285386975.00000000052F1000.00000004.00000001.sdmp	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information:

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Everything.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default

Jump to behavior

ID:	533988
Product:	CloudBasic
Start time:	22:10:38
Start date:	04.12.2021
Sample:	Everything.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	b2e26b3562562d5c2647eb466fd17eb6
SHA1:	52aacfe08a0d514ebcc1a6340659145145cfa400
SHA256:	66b9610e94d003a2b44abe976524c0181d808b8b8e663a26378204a71165aecd
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Windows Analysis Report Everything.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Spam, unwanted Advertisements and Ransom Demands:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Screenshots

Behavior Graph

Network Map