Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Everything.exe

Overview

General Information

Sample Name:Everything.exe
Analysis ID:533988
MD5:b2e26b3562562d5c2647eb466fd17eb6
SHA1:52aacfe08a0d514ebcc1a6340659145145cfa400
SHA256:66b9610e94d003a2b44abe976524c0181d808b8b8e663a26378204a71165aecd
Infos:

Most interesting Screenshot:

Detection

Thanos
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Thanos ransomware
Tries to harvest and steal browser information (history, passwords, etc)
AV process strings found (often used to terminate AV products)
Queries the volume information (name, serial number etc) of a device
Installs a raw input device (often for capturing keystrokes)
PE file contains strange resources
Checks for available system drives (often done to infect USB drives)

Classification

Process Tree

  • System is w10x64
  • Everything.exe (PID: 5704 cmdline: "C:\Users\user\Desktop\Everything.exe" MD5: B2E26B3562562D5C2647EB466FD17EB6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: Everything.exe PID: 5704JoeSecurity_ThanosYara detected Thanos ransomwareJoe Security

    Sigma Overview

    No Sigma rule has matched

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results
    Source: Everything.exeStatic PE information: certificate valid
    Source: Everything.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
    Source: C:\Users\user\Desktop\Everything.exeFile opened: z:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: x:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: v:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: t:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: r:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: p:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: n:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: l:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: j:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: h:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: f:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: b:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: y:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: w:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: u:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: s:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: q:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: o:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: m:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: k:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: i:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: g:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: e:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: c:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: a:Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ACJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbweJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\user\AppData\Local\PackagesJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
    Source: Everything.exe, 00000000.00000003.378255903.0000000002F40000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uN
    Source: Everything.exe, 00000000.00000003.378235516.0000000002F40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.376092631.0000000002F40000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/donate/
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/donate/Help
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/downloads/
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/downloads/#language
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/downloads/http://www.voidtools.com/downloads/#languagehttp://www.voidtools.
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/everything/beta-update.ini
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/everything/beta-update.iniupdate:
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/everything/update.ini
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/support/everything/
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/support/everything/http://www.voidtools.com/everything/update.iniwww.voidto
    Source: Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpString found in binary or memory: http://www.voidtools.com/update.php)
    Source: Everything.exe, 00000000.00000003.438742803.00000000007D0000.00000004.00000010.sdmp, Everything.exe, 00000000.00000003.436639506.00000000007D0000.00000004.00000010.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4CJ3f?ver=d8e5
    Source: Everything.exe, 00000000.00000003.441046491.00000000007D0000.00000004.00000010.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4CQjJ?ver=f5d7
    Source: Everything.exe, 00000000.00000003.424598976.00000000007D0000.00000004.00000010.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4CSO9?ver=d3ac
    Source: Everything.exe, 00000000.00000003.424698578.00000000007D0000.00000004.00000010.sdmp, Everything.exe, 00000000.00000003.404921247.00000000007D0000.00000004.00000010.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4D0Nw?ver=7e07
    Source: Everything.exe, 00000000.00000003.436523685.00000000007D0000.00000004.00000010.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWzFJS?ver=b46e
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmpBinary or memory string: #_WinAPI_RegisterRawInputDevices.au3

    Spam, unwanted Advertisements and Ransom Demands:

    barindex
    Yara detected Thanos ransomwareShow sources
    Source: Yara matchFile source: Process Memory Space: Everything.exe PID: 5704, type: MEMORYSTR
    Source: Everything.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: Everything.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: Everything.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: Everything.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Everything.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4657278A-411B-11d2-839A-00C04FD918D0}\InProcServer32Jump to behavior
    Source: C:\Users\user\Desktop\Everything.exeMutant created: \Sessions\1\BaseNamedObjects\EVERYTHING_MUTEX
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296736953.0000000005C11000.00000004.00000001.sdmpBinary or memory string: AutoItX.slnx
    Source: classification engineClassification label: mal52.rans.spyw.winEXE@1/0@0/0
    Source: C:\Users\user\Desktop\Everything.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: Everything.exeStatic file information: File size 2260560 > 1048576
    Source: Everything.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
    Source: Everything.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: Everything.exeStatic PE information: certificate valid
    Source: Everything.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1aec00
    Source: Everything.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
    Source: C:\Users\user\Desktop\Everything.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ACJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbweJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\user\AppData\Local\PackagesJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Zamd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.17134.1_en-us_461210c45e54cb44
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ZHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.17134.1_none_7338804b0eb50c17
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: \amd64_microsoft-hyper-v-storvsp_31bf3856ad364e35_10.0.17134.1_none_fabc5147bcc71691.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.17134.1_en-us_bdfc93ec7698eb64.manifesti
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-windows-hyper-v-dmvsc_31bf3856ad364e35_10.0.17134.1_none_8c46edec6c2bc4c5.manifestY
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: UMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.17134.1_en-us_02a473bf02f2a824
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: `amd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.17134.1_none_3ce1277763a2249bb
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.17134.1_none_51d671baba10f2e8.manifestC
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_3c5b1e1b1b3e66b3K
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-k..erformance-counters_31bf3856ad364e35_10.0.17134.1_none_0fa1f97fe68f5a84.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: Zamd64_microsoft-hyper-v-vpmem_31bf3856ad364e35_10.0.17134.1_none_c277eb1734798565.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: iamd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.17134.1_none_d23c603739df2f63.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-o..ommon-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_f5e4ea96fd9fee6d.manifesty
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: UMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Vamd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.17134.1_none_d74ad2482ffdcb42
    Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmpBinary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: `amd64_microsoft-hyper-v-vstack-vmsp_31bf3856ad364e35_10.0.17134.1_none_1ac175bdc8f2a7d7.manifestS
    Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmpBinary or memory string: H#MSFT_NetEventVmNetworkAdatper.cdxml4
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: `amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.17134.1_none_d23c603739df2f63
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.17134.1_en-us_2b9c39681a7206ff.manifest`
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: eamd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_bd1bad59835abed8.manifestt
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.17134.1_none_80458ecfde93ef21.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: _amd64_microsoft-hyper-v-vstack-tpm_31bf3856ad364e35_10.0.17134.1_none_604b83348a0c5e92.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-o..group-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_88bd3c16c482b637.manifest*
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: \amd64_microsoft-hyper-v-vpmem.resources_31bf3856ad364e35_10.0.17134.1_en-us_83c966966d5f8cf2
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Wamd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.17134.1_none_6efae9ae437759d8v".
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Vamd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.17134.1_none_6447f639abdaab84
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-p..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_d91519867fe67212.manifest
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Yamd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.17134.1_none_dacb8dcdbfa5382f
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: [Microsoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: RMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: Zamd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.17134.1_none_b7de7159233ab503.manifest
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: R$$_syswow64_windowspowershell_v1.0_modules_hyper-v_2.0.0.0_e405d34891a93e8b.cdf-ms`
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.17134.1_none_51d671baba10f2e8-
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Vamd64_microsoft-hyper-v-vstack-tpm_31bf3856ad364e35_10.0.17134.1_none_604b83348a0c5e92s
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: jamd64_microsoft-hyper-v-vstack-tpm.resources_31bf3856ad364e35_10.0.17134.1_en-us_259560ef1632af7b.manifestb
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: eamd64_microsoft-hyper-v-vpmem.resources_31bf3856ad364e35_10.0.17134.1_en-us_83c966966d5f8cf2.manifestG
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-o..vices-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_d43b74ba5db8d712.manifest
    Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmpBinary or memory string: gMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: RMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: RMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: jamd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_8051bd2040ebffa9.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: [Microsoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat-7
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Wamd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.17134.1_none_1ac11a9dc8f30e5b
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-bpa.resources_31bf3856ad364e35_10.0.17134.1_en-us_461210c45e54cb44.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-h..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_31bb998e7ce8dbdd.manifest{h
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: _amd64_microsoft-hyper-v-vstack-rdv_31bf3856ad364e35_10.0.17134.1_none_6054528c8a07dd45.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: RMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.Types.ps1xmlF
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: gamd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.17134.1_none_2457e84548829177.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.psd1
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: gMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_705250041d8b5452.manifest
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.17134.1_en-us_a86f4344ed926804|k
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.Format.ps1xmlV
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.17134.1_en-us_d370585015d204f5.manifest:
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: UMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum\
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: PMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: N$$_syswow64_windowspowershell_v1.0_modules_hyper-v_1.1_274139982b49eac9.cdf-msT
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: [amd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.17134.1_none_2becad3b77bb3580.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: Xamd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.17134.1_none_8ce33edadf477e7a.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: damd64_microsoft-hyper-v-socket-provider_31bf3856ad364e35_10.0.17134.1_none_f5d736b78ec0a239.manifest
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: WMicrosoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: damd64_microsoft-hyper-v-vstack-vpcivdev_31bf3856ad364e35_10.0.17134.1_none_7873076add237d80.manifest
    Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmpBinary or memory string: H+MSFT_NetEventVmNetworkAdatper.format.ps1xml
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.Format.ps1xmlb
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Oamd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.17134.1_none_84e0eedae46f7b9b
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-f..wallrules.resources_31bf3856ad364e35_10.0.17134.1_en-us_7d008f07cc0acfbc.manifest]
    Source: Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmpBinary or memory string: TMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.catx
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: Xamd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.17134.1_none_84e0eedae46f7b9b.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: KMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: KMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-f..wallrules.resources_31bf3856ad364e35_10.0.17134.1_en-us_7d008f07cc0acfbc.manifest]"
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: TMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Vamd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.17134.1_none_602fae5e8a21fe6a
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.548577182.0000000006160000.00000004.00000001.sdmpBinary or memory string: Hyper-V"
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.17134.1_en-us_0d3e2a9bd4020545.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: MMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-o..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_ca9236a4769cd0cd.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: PMicrosoft-Hyper-V-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-h..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_31bb998e7ce8dbdd.manifest{
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.17134.1_en-us_9c3432f847f5f8f0.manifestj
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Xamd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.17134.1_none_e99c08352e0bfafa1
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: `amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.17134.1_none_1c1693f7c8171ba6.manifest6
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-p..ru-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_d16dce7672841ddd
    Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.17134.1_none_55327e6a748f524c
    Source: Everything.exe, 00000000.00000003.290418941.0000000005781000.00000004.00000001.sdmpBinary or memory string: #MSFT_NetEventVmNetworkAdatper.cdxml4
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.Types.ps1xml24
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-m..wallrules.resources_31bf3856ad364e35_10.0.17134.1_en-us_c011eec82bd47853.manifestl
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: gamd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.17134.1_en-us_49c786157c795a73.manifestd
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: ]amd64_microsoft-hyper-v-vstack-computelib_31bf3856ad364e35_10.0.17134.1_none_9321c5b124bca3df
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-h..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_c8885d1044f785b1.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ^Microsoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmpBinary or memory string: -+MSFT_NetEventVmNetworkAdatper.format.ps1xml
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: famd64_microsoft-hyper-v-vstack-computelib_31bf3856ad364e35_10.0.17134.1_none_9321c5b124bca3df.manifest
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: ^amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.17134.1_none_d80c4ce4e8fa0144
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Wamd64_microsoft-hyper-v-vstack-vmsp_31bf3856ad364e35_10.0.17134.1_none_1ac175bdc8f2a7d7
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: YMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum}
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.17134.1_en-us_73034f3cf79a1975.manifest)
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: UMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum\
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.17134.1_en-us_f8bef40208ce4908.manifest_
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.psd1n
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.17134.1_none_55327e6a748f524c.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: MMicrosoft-Hyper-V-Hypervisor-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.catU4
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_6340c1c9612e407b.manifest
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: XHyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mume
    Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmpBinary or memory string: bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: TMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumY
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: ^amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.17134.1_none_15d1dfb8ceafada1-
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: \amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.17134.1_none_18c6a9392dd7eb3eC
    Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.545001435.00000000009AD000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300447599.00000000009AD000.00000004.00000001.sdmpBinary or memory string: Zamd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.17134.1_none_e636218254eba71f
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-o..ommon-vm-deployment_31bf3856ad364e35_10.0.17134.1_none_f5e4ea96fd9fee6d.manifesty:
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.17134.1_none_7743eea1a413bb8c.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ZMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mumF
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Vamd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.17134.1_none_e6683e9b0956ac05
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.17134.1_en-us_aea0b368e53cc261.manifestt
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.17134.1_en-us_e3616de0d25a48c4
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: \Microsoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-firewallrules_31bf3856ad364e35_10.0.17134.1_none_b9673992b104448b.manifest
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.17134.1_en-us_f27d2f48e22200a4
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.17134.1_none_e636218254eba71f.manifest
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: UHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: WMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-m..t-clients.resources_31bf3856ad364e35_10.0.17134.1_en-us_d370585015d204f5
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-v..edstorage.resources_31bf3856ad364e35_10.0.17134.1_en-us_bdfc93ec7698eb64-
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: QMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: \amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_bd1bad59835abed8b
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ZMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: UHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Qamd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.17134.1_none_c35bb6c84d5e4ad0b
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-v..omputelib.resources_31bf3856ad364e35_10.0.17134.1_en-us_a1cfee3fcfcbe4d8
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: YMicrosoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumh
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: jamd64_microsoft-hyper-v-lun-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_15c27a1250ea6310.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_9c1fa24ea8808bce.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: WMicrosoft-Hyper-V-Online-Services-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.17134.1_en-us_73034f3cf79a1975%
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.17134.1_en-us_8e782c7a46f14b49.manifestb
    Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmpBinary or memory string: ZMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: ZMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catF#
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: \amd64_microsoft-hyper-v-3dvideo_31bf3856ad364e35_10.0.17134.1_none_bb0455987cc9b004.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: QMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: jamd64_microsoft-hyper-v-vhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_0b749ee450213385.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumt
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: YMicrosoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Oamd64_microsoft-hyper-v-hgs_31bf3856ad364e35_10.0.17134.1_none_8ce33edadf477e7a
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.17134.1_none_80458ecfde93ef21
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: PHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.280291543.00000000055C1000.00000004.00000001.sdmpBinary or memory string: -#MSFT_NetEventVmNetworkAdatper.cdxml4
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: gamd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.17134.1_none_15d1dfb8ceafada1.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.17134.1_en-us_592a4468e416a24d.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: _amd64_microsoft-hyper-v-lun-parser_31bf3856ad364e35_10.0.17134.1_none_e6683e9b0956ac05.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_356d3b5898bc1c7d.manifest1
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: _amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.17134.1_none_d74ad2482ffdcb42.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: \amd64_microsoft-hyper-v-storflt_31bf3856ad364e35_10.0.17134.1_none_fc7308d7bbb0dfd6.manifest~
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.Format.ps1xml
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ]HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumt
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: Yamd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.17134.1_none_58d19a03c592a9cb.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-p..ru-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_d16dce7672841ddd.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: _amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.17134.1_none_6447f639abdaab84.manifest
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: ^amd64_microsoft-hyper-v-3dvideo.resources_31bf3856ad364e35_10.0.17134.1_en-us_49c786157c795a73
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: ^Microsoft-Hyper-V-Offline-Common-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmpBinary or memory string: ]Microsoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.17134.1_none_c0dbf3b2f0877a05.manifeste
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: PHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.17134.1_none_7743eea1a413bb8cu6"
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: ^amd64_microsoft-hyper-v-vstack-synthfcvdev_31bf3856ad364e35_10.0.17134.1_none_2457e84548829177
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_3c5b1e1b1b3e66b3.manifest
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.Types.ps1xml
    Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmpBinary or memory string: ]HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC)
    Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmpBinary or memory string: XHyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-o..-onecore-deployment_31bf3856ad364e35_10.0.17134.1_none_bae31ba10711fa29.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_170afe8321651ef9.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-v..rvcluster.resources_31bf3856ad364e35_10.0.17134.1_en-us_a86f4344ed926804.manifestr
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: _amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.17134.1_none_602fae5e8a21fe6a.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: TMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-vstack-vsmb.resources_31bf3856ad364e35_10.0.17134.1_en-us_f8bef40208ce4908
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: gamd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.17134.1_none_d80c4ce4e8fa0144.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ZMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: damd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.17134.1_none_076f3325872ef096.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-vstack-vmsp.resources_31bf3856ad364e35_10.0.17134.1_en-us_96681ed56ec765c6.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.17134.1_none_27198deddb7b50eb.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: famd64_microsoft-hyper-v-hypervisor-events_31bf3856ad364e35_10.0.17134.1_none_93bac8ae42b1f037.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-v..omputelib.resources_31bf3856ad364e35_10.0.17134.1_en-us_a1cfee3fcfcbe4d8.manifest
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-vstack-debug.resources_31bf3856ad364e35_10.0.17134.1_en-us_8e782c7a46f14b49
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: \Microsoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catF#
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-d..ypervisor.resources_31bf3856ad364e35_10.0.17134.1_en-us_f27d2f48e22200a4.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-o..ercommon-deployment_31bf3856ad364e35_10.0.17134.1_none_ffda9e2d3858e036.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: eamd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.17134.1_none_18c6a9392dd7eb3e.manifest
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-v..izationv2.resources_31bf3856ad364e35_10.0.17134.1_en-us_aea0b368e53cc261
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: VMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum)
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: ewow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_c77057abb7bb80d3.manifestz
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-h..t-service.resources_31bf3856ad364e35_10.0.17134.1_en-us_0d3e2a9bd4020545
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-vstack-vmsp.resources_31bf3856ad364e35_10.0.17134.1_en-us_96681ed56ec765c6
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat-7X_
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: [amd64_microsoft-hyper-v-vstack_31bf3856ad364e35_10.0.17134.1_none_4a3dff595d47ce04.manifest
    Source: Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmpBinary or memory string: ?]HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: [amd64_microsoft-hyper-v-vstack-vpcivdev_31bf3856ad364e35_10.0.17134.1_none_7873076add237d80/
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: bMicrosoft-Hyper-V-Offline-Core-Group-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000002.548577182.0000000006160000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283146568.00000000061D1000.00000004.00000001.sdmpBinary or memory string: \wow64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.17134.1_none_c77057abb7bb80d3
    Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmpBinary or memory string: \Microsoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Qamd64_microsoft-hyper-v-vpmem_31bf3856ad364e35_10.0.17134.1_none_c277eb1734798565
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.17134.1_none_c0dbf3b2f0877a05
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Wamd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.17134.1_none_1c1693f7c8171ba6
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: ZMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: Zamd64_microsoft-hyper-v-vmbus_31bf3856ad364e35_10.0.17134.1_none_bcf0637138185dcf.manifestr
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.17134.1_none_69e85823c476b806>7
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.17134.1_en-us_02a473bf02f2a824.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: VMicrosoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: `amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.17134.1_none_14929ba5ccea66b9.manifest
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Samd64_microsoft-hyper-v-3dvideo_31bf3856ad364e35_10.0.17134.1_none_bb0455987cc9b004
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-k..erformance-counters_31bf3856ad364e35_10.0.17134.1_none_611f8a7fa810774a.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: hamd64_microsoft-hyper-v-vstack-vdev-offline_31bf3856ad364e35_10.0.17134.1_none_c190bdf9d967faea.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: OMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.Types.ps1xmlX
    Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmpBinary or memory string: ZMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282527472.000000000097E000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.282579550.00000000009BE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.300081027.00000000009CD000.00000004.00000001.sdmpBinary or memory string: ]HyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: UMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum@
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.17134.1_en-us_592a4468e416a24dl
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: aamd64_microsoft-hyper-v-lun-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_15c27a1250ea6310
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.17134.1_en-us_662e0a371a2edd22.manifest`
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: UMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: VMicrosoft-Hyper-V-ClientEdition-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-drivers-hypervisor-bcd_31bf3856ad364e35_10.0.17134.1_none_fb42759451b23f2f.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-d..ers-vmswitch-common_31bf3856ad364e35_10.0.17134.1_none_156e07c0687fe777.manifest
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Wamd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.17134.1_none_14929ba5ccea66b9
    Source: Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ]HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: `amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.17134.1_none_6efae9ae437759d8.manifest
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: aamd64_microsoft-hyper-v-vstack-tpm.resources_31bf3856ad364e35_10.0.17134.1_en-us_259560ef1632af7b
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Ramd64_microsoft-hyper-v-winhvr_31bf3856ad364e35_10.0.17134.1_none_2becad3b77bb3580-
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ]HyperV-Compute-System-VirtualMachine-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-p..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_7fb4b9d31b9d09e8.manifest
    Source: Everything.exe, 00000000.00000003.290418941.0000000005781000.00000004.00000001.sdmpBinary or memory string: +MSFT_NetEventVmNetworkAdatper.format.ps1xml
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: TMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: [amd64_microsoft-hyper-v-socket-provider_31bf3856ad364e35_10.0.17134.1_none_f5d736b78ec0a239b
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.psd1
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: UHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: iamd64_microsoft-hyper-v-integration-rdv-core_31bf3856ad364e35_10.0.17134.1_none_3ce1277763a2249b.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-o..oyment-languagepack_31bf3856ad364e35_10.0.17134.1_en-us_d4bc3c4a770c0641.manifest
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: UMicrosoft-Hyper-V-Hypervisor-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: VMicrosoft-Hyper-V-Offline-Common-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: camd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.17134.1_en-us_9c3432f847f5f8f0
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: WMicrosoft-Hyper-V-Package-base-onecore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mumb
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.Types.ps1xml24J
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.17134.1_en-us_662e0a371a2edd22
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: UHyperV-Primitive-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: jamd64_microsoft-hyper-v-guest-network-drivers_31bf3856ad364e35_10.0.17134.1_none_5c8a4254832126cf.manifestt
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: XMicrosoft-Hyper-V-Offline-Core-Group-vm-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mume
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: `amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.17134.1_none_1ac11a9dc8f30e5b.manifest
    Source: Everything.exe, 00000000.00000003.295329479.0000000005A40000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmpBinary or memory string: Hyper-V.Format.ps1xmlB#
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: lamd64_microsoft-hyper-v-i..nents-rdv.resources_31bf3856ad364e35_10.0.17134.1_en-us_e3616de0d25a48c4.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.17134.1_none_69e85823c476b806.manifest?
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.17134.1_en-us_2b9c39681a7206ff
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: UMicrosoft-Hyper-V-Offline-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Vamd64_microsoft-hyper-v-vstack-rdv_31bf3856ad364e35_10.0.17134.1_none_6054528c8a07dd455
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: Zamd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.17134.1_none_c35bb6c84d5e4ad0.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: aamd64_microsoft-hyper-v-vstack-debug_31bf3856ad364e35_10.0.17134.1_none_e99c08352e0bfafa.manifest
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-m..ients-firewallrules_31bf3856ad364e35_10.0.17134.1_none_d07683518a4c2ec2.manifestr
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: kamd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.17134.1_none_7338804b0eb50c17.manifestz
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: gMicrosoft-Hyper-V-Offline-Core-Group-servercommon-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-i..ationcomponents-rdv_31bf3856ad364e35_10.0.17134.1_none_27198deddb7b50eb?#
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Pamd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.17134.1_none_58d19a03c592a9cbb
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: [amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.17134.1_none_076f3325872ef096
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: PMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.299975246.0000000005DD1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296866425.0000000005D10000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.299843706.0000000005D70000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.279459155.0000000005571000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.296515310.0000000005D10000.00000004.00000001.sdmpBinary or memory string: YMicrosoft-Hyper-V-Offline-Common-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: Qamd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.17134.1_none_b7de7159233ab503
    Source: Everything.exe, 00000000.00000003.279821255.00000000009AE000.00000004.00000001.sdmpBinary or memory string: \bHyperV-Compute-System-VirtualMachine-onecore-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.catC#
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: aamd64_microsoft-hyper-v-ram-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_8051bd2040ebffa9-
    Source: Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ZHyperV-Compute-System-VirtualMachine-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: ^amd64_microsoft-hyper-v-licensing_31bf3856ad364e35_10.0.17134.1_none_369c533be4c3e496.manifestL
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: bamd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.17134.1_none_dacb8dcdbfa5382f.manifest
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: PMicrosoft-Hyper-V-ClientEdition-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.282401164.0000000005173000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.287901091.0000000005491000.00000004.00000001.sdmp, Everything.exe, 00000000.00000002.547987863.00000000054B0000.00000004.00000001.sdmpBinary or memory string: aamd64_microsoft-hyper-v-vhd-parser.resources_31bf3856ad364e35_10.0.17134.1_en-us_0b749ee450213385
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: ZMicrosoft-Hyper-V-Online-Services-vm-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.mum
    Source: Everything.exe, 00000000.00000003.288212923.0000000005541000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280227376.0000000005531000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.286912396.00000000054E1000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.280127263.00000000054B1000.00000004.00000001.sdmpBinary or memory string: OMicrosoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat
    Source: Everything.exe, 00000000.00000003.290672619.0000000005891000.00000004.00000001.sdmp, Everything.exe, 00000000.00000003.283396057.000000000637A000.00000004.00000001.sdmpBinary or memory string: Xamd64_microsoft-hyper-v-vid_31bf3856ad364e35_10.0.17134.1_none_864a29a4e381d095.manifest
    Source: C:\Users\user\Desktop\Everything.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Everything.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: Everything.exe, 00000000.00000003.285386975.00000000052F1000.00000004.00000001.sdmpBinary or memory string: MSASCui.exe
    Source: Everything.exe, 00000000.00000002.544541632.00000000008EB000.00000004.00000020.sdmpBinary or memory string: \\192.168.2.1\all\procexp.exe
    Source: Everything.exe, 00000000.00000002.544541632.00000000008EB000.00000004.00000020.sdmpBinary or memory string: "c:\users\user\desktop\procexp.exe
    Source: Everything.exe, 00000000.00000003.285386975.00000000052F1000.00000004.00000001.sdmpBinary or memory string: MsMpEng.exe

    Stealing of Sensitive Information:

    barindex
    Tries to harvest and steal browser information (history, passwords, etc)Show sources
    Source: C:\Users\user\Desktop\Everything.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Replication Through Removable Media1Windows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping1Security Software Discovery11Replication Through Removable Media1Input Capture11Exfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitInput Capture11Peripheral Device Discovery11Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery11Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Everything.exe0%VirustotalBrowse
    Everything.exe0%MetadefenderBrowse
    Everything.exe0%ReversingLabs

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.voidtools.com/Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
      		high
      http://www.voidtools.com/downloads/#languageEverything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
        		high
        http://www.voidtools.com/downloads/http://www.voidtools.com/downloads/#languagehttp://www.voidtools.Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
          		high
          http://www.voidtools.com/donate/Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
            		high
            http://www.voidtools.com/update.php)Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
              		high
              http://www.voidtools.com/support/everything/http://www.voidtools.com/everything/update.iniwww.voidtoEverything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
                		high
                http://www.voidtools.com/everything/beta-update.iniupdate:Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
                  		high
                  http://www.voidtools.com/support/everything/Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
                    		high
                    http://www.voidtools.com/downloads/Everything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
                      		high
                      http://www.voidtools.com/donate/HelpEverything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
                        		high
                        http://www.voidtools.com/everything/beta-update.iniEverything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
                          		high
                          http://www.voidtools.com/everything/update.iniEverything.exe, 00000000.00000000.274187749.00007FF6F8B70000.00000002.00020000.sdmpfalse
                            		high

                            Contacted IPs

                            No contacted IP infos

                            General Information

                            Joe Sandbox Version:34.0.0 Boulder Opal
                            Analysis ID:533988
                            Start date:04.12.2021
                            Start time:22:10:38
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 5m 14s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:Everything.exe
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:23
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal52.rans.spyw.winEXE@1/0@0/0
                            EGA Information:Failed
                            HDC Information:Failed
                            HCA Information:Failed
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI
                            • Found application associated with file extension: .exe
                            Warnings:
                            Show All
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, GameBar.exe, svchost.exe, wuapihost.exe
                            • Excluded IPs from analysis (whitelisted): 23.35.236.56
                            • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASN

                            No context

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            No created / dropped files found

                            Static File Info

                            General

                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                            Entropy (8bit):6.5538245305677245
                            TrID:
                            • Win64 Executable GUI (202006/5) 92.65%
                            • Win64 Executable (generic) (12005/4) 5.51%
                            • Generic Win/DOS Executable (2004/3) 0.92%
                            • DOS Executable Generic (2002/1) 0.92%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:Everything.exe
                            File size:2260560
                            MD5:b2e26b3562562d5c2647eb466fd17eb6
                            SHA1:52aacfe08a0d514ebcc1a6340659145145cfa400
                            SHA256:66b9610e94d003a2b44abe976524c0181d808b8b8e663a26378204a71165aecd
                            SHA512:040c9fecd0c97904943fb24371c9c8a3f0962b5917c9782b2441778dc002b0112e937a2c83995ab9ec95a1ec802aa41a08ef782ca7b0a96f648145621cb9fbf7
                            SSDEEP:49152:GoJjoQNXnzFDyh07AVWFOl2B3Pqv1tFqOay6Ji4OOV4ckrx:GoZzYhErBo9D/Urk9
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E.u.$.&.$.&.$.&...&.$.&...&.$.&...&.$.&...&.$.&.$.&.%.&...&u$.&...&.$.&...&.$.&Rich.$.&........................PE..d....e.`...

                            File Icon

                            Icon Hash:e1d89c8c98e46683

                            Static PE Info

                            General

                            Entrypoint:0x1401a9d10
                            Entrypoint Section:.text
                            Digitally signed:true
                            Imagebase:0x140000000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                            DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                            Time Stamp:0x600E6583 [Mon Jan 25 06:30:27 2021 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:e396317e0c41e0f27509668e8b94edb7

                            Authenticode Signature

                            Signature Valid:true
                            Signature Issuer:CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
                            Signature Validation Error:The operation completed successfully
                            Error Number:0
                            Not Before, Not After
                            • 11/15/2020 4:00:00 PM 3/17/2022 4:59:59 PM
                            Subject Chain
                            • CN=voidtools, O=voidtools, L=Wilmington, S=South Australia, C=AU
                            Version:3
                            Thumbprint MD5:3A87B1969EBF5AE3902466A24594F034
                            Thumbprint SHA-1:B5B6468C781744765A590C0FE13AA418FC3335D1
                            Thumbprint SHA-256:4305C18985398C70E97EBC77CA324F10285782FD81577BA047B3BB55301C4F54
                            Serial:0EAE3BA49CF8C17C1257CDDF597DA847

                            Entrypoint Preview

                            Instruction
                            dec eax
                            sub esp, 28h
                            call 00007FDC9CAEFEACh
                            dec eax
                            add esp, 28h
                            jmp 00007FDC9CAEC6A3h
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            int3
                            dec eax
                            mov dword ptr [esp+08h], ecx
                            dec eax
                            sub esp, 00000088h
                            dec eax
                            lea ecx, dword ptr [0006489Dh]
                            call dword ptr [00006797h]
                            dec eax
                            mov eax, dword ptr [00064988h]
                            dec eax
                            mov dword ptr [esp+58h], eax
                            inc ebp
                            xor eax, eax
                            dec eax
                            lea edx, dword ptr [esp+60h]
                            dec eax
                            mov ecx, dword ptr [esp+58h]
                            call 00007FDC9CAF2720h
                            dec eax
                            mov dword ptr [esp+50h], eax
                            dec eax
                            cmp dword ptr [esp+50h], 00000000h
                            je 00007FDC9CAEC9D3h
                            dec eax
                            mov dword ptr [esp+38h], 00000000h
                            dec eax
                            lea eax, dword ptr [esp+48h]
                            dec eax
                            mov dword ptr [esp+30h], eax
                            dec eax
                            lea eax, dword ptr [esp+40h]
                            dec eax
                            mov dword ptr [esp+28h], eax
                            dec eax
                            lea eax, dword ptr [00064848h]
                            dec eax
                            mov dword ptr [esp+20h], eax
                            dec esp
                            mov ecx, dword ptr [esp+50h]
                            dec esp
                            mov eax, dword ptr [esp+58h]
                            dec eax
                            mov edx, dword ptr [esp+60h]
                            xor ecx, ecx
                            call 00007FDC9CAF26CEh
                            jmp 00007FDC9CAEC9B4h
                            dec eax
                            mov eax, dword ptr [esp+00000088h]
                            dec eax
                            mov dword ptr [00064914h], eax
                            dec eax
                            lea eax, dword ptr [esp+00000088h]
                            dec eax
                            add eax, 08h
                            dec eax
                            mov dword ptr [000648A1h], eax

                            Rich Headers

                            Programming Language:
                            • [RES] VS2005 build 50727
                            • [ C ] VS2005 build 50727
                            • [LNK] VS2005 build 50727
                            • [C++] VS2005 build 50727
                            • [ASM] VS2005 build 50727

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1f89c40xdc.rdata
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x21d0000xa1e4.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x2100000xc9cc.pdata
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x2264000x1a50
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x2280000x1be0.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x1b00000xdf0.rdata
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000x1aeb5e0x1aec00False0.411908734765data6.46175691631IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                            .rdata0x1b00000x4b6860x4b800False0.290957419288data5.78852274837IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .data0x1fc0000x135e80x11e00False0.358623798077data5.73557878982IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                            .pdata0x2100000xc9cc0xca00False0.48497447401data6.18084382443IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .rsrc0x21d0000xa1e40xa200False0.332296489198data4.58887803299IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0x2280000x31ae0x3200False0.161796875GLS_BINARY_LSB_FIRST3.93155021834IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountry
                            RT_BITMAP0x21d4f00x111edataEnglishUnited States
                            RT_ICON0x21e6100x2e8dataEnglishUnited States
                            RT_ICON0x21e8f80x1e8dataEnglishUnited States
                            RT_ICON0x21eae00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                            RT_ICON0x21ec080x8a8dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"EnglishUnited States
                            RT_ICON0x21f4b00x6c8dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"EnglishUnited States
                            RT_ICON0x21fb780x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                            RT_ICON0x2200e00x1015PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                            RT_ICON0x2210f80x25a8dBase III DBT, version number 0, next free block index 40EnglishUnited States
                            RT_ICON0x2236a00x10a8dBase III DBT, version number 0, next free block index 40EnglishUnited States
                            RT_ICON0x2247480x988dBase III DBT, version number 0, next free block index 40EnglishUnited States
                            RT_ICON0x2250d00x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                            RT_RCDATA0x2255380x63dASCII text, with CRLF line terminatorsEnglishUnited States
                            RT_RCDATA0x225b780x2c4GIF image data, version 89a, 170 x 32EnglishUnited States
                            RT_RCDATA0x225e3c0x83GIF image data, version 89a, 16 x 16EnglishUnited States
                            RT_RCDATA0x225ec00x7dGIF image data, version 89a, 16 x 16EnglishUnited States
                            RT_RCDATA0x225f400x333GIF image data, version 89a, 7 x 4EnglishUnited States
                            RT_RCDATA0x2262740x336GIF image data, version 89a, 7 x 4EnglishUnited States
                            RT_RCDATA0x2265ac0x91GIF image data, version 89a, 16 x 16EnglishUnited States
                            RT_RCDATA0x2266400x47eMS Windows icon resource - 1 icon, 16x16, 32 bits/pixelEnglishUnited States
                            RT_GROUP_ICON0x226ac00xa0dataEnglishUnited States
                            RT_VERSION0x226b600x2d8dataEnglishUnited States
                            RT_MANIFEST0x226e380x3abASCII text, with very long lines, with CRLF line terminatorsEnglishUnited States

                            Imports

                            DLLImport
                            COMCTL32.dllImageList_GetIconSize, ImageList_DrawEx, _TrackMouseEvent, InitCommonControlsEx
                            WS2_32.dllgethostbyname, WSAGetLastError, WSACleanup, closesocket, send, recv, connect, WSAAsyncSelect, setsockopt, socket, WSAStartup, shutdown, listen, bind, ntohs, getsockname, accept, inet_addr, htons, getpeername
                            SHLWAPI.dllPathRemoveFileSpecW, SHRegGetUSValueW, PathIsRootW, PathCombineW
                            KERNEL32.dllFileTimeToSystemTime, GetSystemTime, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceW, GetSystemDefaultLangID, LoadLibraryA, CopyFileW, TerminateProcess, OpenProcess, CreateMutexW, SetLastError, GetStartupInfoW, HeapAlloc, GetProcessHeap, HeapFree, VirtualAlloc, VirtualFree, QueryDosDeviceW, SetErrorMode, DeleteFileW, RemoveDirectoryW, MoveFileW, MoveFileExW, CreateDirectoryW, GetFileAttributesW, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, GetComputerNameW, GetVolumeInformationW, GetDiskFreeSpaceW, GetFullPathNameW, GetFileSize, FindFirstFileW, FindNextFileW, GetDriveTypeW, GetThreadPriority, CreateEventW, GetProcAddress, FreeLibrary, SetFilePointer, GetWindowsDirectoryW, GetCurrentDirectoryW, GetFileAttributesExW, LocalFileTimeToFileTime, SystemTimeToFileTime, FileTimeToLocalFileTime, SystemTimeToTzSpecificLocalTime, __C_specific_handler, WaitForMultipleObjects, GetSystemDirectoryW, LoadLibraryW, ExpandEnvironmentStringsW, GetSystemInfo, GetVersionExA, LocalFree, LocalAlloc, ConnectNamedPipe, CreateNamedPipeW, GetTimeZoneInformation, MulDiv, GetTimeFormatW, GetNumberFormatW, GetDateFormatW, MultiByteToWideChar, HeapCreate, HeapSetInformation, GetModuleFileNameA, FlsAlloc, TlsSetValue, FlsFree, TlsFree, FlsSetValue, FlsGetValue, GetModuleHandleA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetStartupInfoA, GetCommandLineA, CreateThread, ExitThread, GetTempPathW, CreateFileW, FreeConsole, AllocConsole, SetStdHandle, SetConsoleScreenBufferSize, ExitProcess, QueryPerformanceFrequency, QueryPerformanceCounter, WriteFile, FlushFileBuffers, GetStdHandle, GetFileType, GetConsoleScreenBufferInfo, SetConsoleTextAttribute, WriteConsoleW, GetLocaleInfoW, GetCalendarInfoW, DeviceIoControl, GetOverlappedResult, ResetEvent, Sleep, FindNextChangeNotification, FindFirstChangeNotificationW, GetFileInformationByHandle, GetLocalTime, FindCloseChangeNotification, FindClose, GetSystemTimeAsFileTime, GetCurrentThread, SetThreadPriority, InitializeCriticalSection, WaitForSingleObject, DeleteCriticalSection, EnterCriticalSection, GetTickCount, LeaveCriticalSection, SetEvent, GetCommandLineW, GetCurrentThreadId, GetModuleHandleW, ReadFile, GetLastError, CloseHandle, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetCurrentProcessId, HeapReAlloc, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapSize, GetModuleFileNameW
                            USER32.dllIsClipboardFormatAvailable, IsWindowVisible, SetCursor, SetCapture, ChangeClipboardChain, DrawEdge, DrawFrameControl, EqualRect, GetSubMenu, GetMenu, SetClipboardViewer, EnumWindows, ActivateKeyboardLayout, LoadIconW, IsDlgButtonChecked, SetScrollInfo, UpdateWindow, ScrollWindowEx, SetDlgItemInt, GetMenuState, RemoveMenu, GetMenuItemID, GetMenuDefaultItem, EnableMenuItem, AdjustWindowRect, GetSysColorBrush, OffsetRect, InvalidateRgn, MessageBeep, SetCursorPos, GetDlgItemInt, GetDlgCtrlID, SendDlgItemMessageW, GetDesktopWindow, ValidateRect, CharLowerW, CharUpperW, CreateIconIndirect, PostQuitMessage, GetLastActivePopup, OpenIcon, GetForegroundWindow, AttachThreadInput, SetActiveWindow, DrawTextW, BringWindowToTop, EnumChildWindows, CheckDlgButton, GetMenuItemInfoW, GetKeyboardLayoutList, LoadCursorW, CreateDialogIndirectParamW, InvalidateRect, ClientToScreen, GetAsyncKeyState, GetKeyState, IsIconic, GetWindowPlacement, IsZoomed, GetWindowTextLengthW, GetWindowTextW, GetParent, CopyRect, EmptyClipboard, SetClipboardData, GetWindowLongPtrW, SetWindowLongPtrW, SetFocus, PtInRect, FindWindowW, InsertMenuW, SetDlgItemTextW, SetForegroundWindow, BeginPaint, EndPaint, OpenClipboard, GetClipboardData, CloseClipboard, FillRect, CreateWindowExW, GetClassInfoExW, RegisterClassExW, GetClientRect, GetCapture, ReleaseCapture, ShowWindow, GetScrollInfo, IsWindowEnabled, GetFocus, GetNextDlgTabItem, EnableWindow, SetWindowPos, SetWindowTextW, SetWindowLongW, MessageBoxW, DialogBoxIndirectParamW, GetMenuItemCount, CreatePopupMenu, AppendMenuW, DeleteMenu, SetMenuItemInfoW, GetWindowLongW, AdjustWindowRectEx, CallWindowProcW, GetDlgItem, GetWindowRect, MapWindowPoints, IntersectRect, GetMonitorInfoW, SystemParametersInfoW, GetDC, ReleaseDC, SetWindowsHookExW, PeekMessageW, WaitMessage, SetMenu, RegisterClipboardFormatW, RedrawWindow, GetMessagePos, RegisterWindowMessageA, ReplyMessage, GetCursorPos, CreateMenu, SetMenuDefaultItem, TrackPopupMenu, DestroyMenu, KillTimer, GetDoubleClickTime, RegisterHotKey, ScreenToClient, UnregisterHotKey, PostThreadMessageW, GetSysColor, EndDialog, PostMessageW, DestroyIcon, SetTimer, DestroyWindow, DefWindowProcW, SendMessageTimeoutW, GetWindowThreadProcessId, IsWindow, GetKeyNameTextW, MapVirtualKeyExW, UnhookWindowsHookEx, CallNextHookEx, GetClassNameW, SendMessageW, GetMessageW, TranslateMessage, DispatchMessageW, GetSystemMetrics, LoadImageW, GetKeyboardLayout
                            GDI32.dllGetTextAlign, SetStretchBltMode, GetDeviceCaps, GetDIBits, SelectClipRgn, CreateCompatibleDC, SetTextAlign, CreateCompatibleBitmap, OffsetClipRgn, OffsetRgn, CombineRgn, GetDCOrgEx, GetRandomRgn, EnumFontFamiliesExW, BitBlt, StretchDIBits, GetRegionData, ExtCreateRegion, GetObjectW, CreateFontIndirectW, GetStockObject, GetNearestColor, CreateSolidBrush, CreateRectRgn, CreateDIBSection, TextOutW, GetCurrentObject, ExcludeClipRect, RectVisible, GetTextExtentExPointW, GetTextExtentPoint32W, DeleteDC, SetBkMode, CreateBitmapIndirect, CreatePatternBrush, SetBrushOrgEx, SetBkColor, SetTextColor, PatBlt, SelectObject, GetTextMetricsW, StretchBlt, DeleteObject
                            comdlg32.dllGetOpenFileNameW, GetSaveFileNameW, ChooseColorW, CommDlgExtendedError
                            ADVAPI32.dllRegisterServiceCtrlHandlerW, StartServiceCtrlDispatcherW, DeleteService, CloseServiceHandle, RegOpenKeyA, RegQueryValueW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, QueryServiceConfigW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, RegOpenKeyExW, RegEnumKeyW, RegCloseKey, RegDeleteKeyW, GetUserNameW, RegisterEventSourceW, ReportEventW, DeregisterEventSource, CreateServiceW, StartServiceW, OpenSCManagerW, OpenServiceW, ControlService, SetServiceStatus
                            SHELL32.dllDragQueryPoint, DragFinish, DragAcceptFiles, Shell_NotifyIconW, SHBrowseForFolderW, SHGetFileInfoW, DragQueryFileW, SHGetSpecialFolderLocation, SHFileOperationW, ShellExecuteExW, SHGetDesktopFolder, SHGetPathFromIDListW, SHChangeNotify
                            ole32.dllCoTaskMemFree, OleUninitialize, OleInitialize, CoCreateInstance, CoInitializeEx, CoUninitialize, CLSIDFromString, CreateStreamOnHGlobal, CoTaskMemAlloc, RevokeDragDrop, DoDragDrop, RegisterDragDrop, ReleaseStgMedium

                            Version Infos

                            DescriptionData
                            LegalCopyrightCopyright 2021 voidtools
                            InternalNameEverything
                            FileVersion1.4.1.1005
                            CompanyNamevoidtools
                            ProductNameEverything
                            ProductVersion1.4.1.1005
                            FileDescriptionEverything
                            OriginalFilenameEverything.exe
                            Translation0x0409 0x04b0

                            Possible Origin

                            Language of compilation systemCountry where language is spokenMap
                            EnglishUnited States

                            Network Behavior

                            No network behavior found

                            Code Manipulations

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            System Behavior

                            Analysis Process: Everything.exe PID: 5704 Parent PID: 5820

                            General

                            Start time:22:11:27
                            Start date:04/12/2021
                            Path:C:\Users\user\Desktop\Everything.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\Everything.exe"
                            Imagebase:0x7ff6f89c0000
                            File size:2260560 bytes
                            MD5 hash:B2E26B3562562D5C2647EB466FD17EB6
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Disassembly

                            Code Analysis

                            Reset < >