Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2024 17:35

General

  • Target

    2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe

  • Size

    5.5MB

  • MD5

    ae7b34e264e11f50cea8e45395ea6f02

  • SHA1

    3f1aa1afb4573bba5e551dc082bd7292978c0096

  • SHA256

    0439a8f2751ae3b3a084ff8df14257c8337815670ba1d07931a2de2fd36cdfcd

  • SHA512

    e5c47e0a74552f69b3443afb501a36258b12293b503b09d3b0b5dd2a5545ed458ea99f1c80591fbba433cf9bf8c8426e15bc1af792570698e9e6f4abb62922e8

  • SSDEEP

    98304:cpEEYEKdrL/LGgB32V/sosbjy79tJRPNXwY2heuDiD93YC:cpEPyS36/sXbjyDFWeuDIG

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 22 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 31 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 45 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 44 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-25_ae7b34e264e11f50cea8e45395ea6f02_magniber.exe"
    1⤵
    • Checks computer location settings
    • Checks system information in the registry
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3984
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile "$package = Get-AppxPackage Microsoft.Office.Desktop -allUsers; if (!$package) { $Error.Add(\"Package is not installed\")}; if ($error.Count -eq 0) { Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '1' -Encoding ascii; } else { Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '0' -Encoding ascii; Out-File -FilePath 'C:\Users\Admin\AppData\Local\Temp\Office.ValidateError.scratch' -InputObject $error -Encoding ascii;} "
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:644
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:1496
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4292
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:440
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4788
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1508
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4552
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:3148
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:3208
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:2676
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:2888
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:3472
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4336
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:320
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4412
    • C:\Windows\system32\wbengine.exe
      "C:\Windows\system32\wbengine.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:4528
    • C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\SearchIndexer.exe /Embedding
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1636
      • C:\Windows\system32\SearchFilterHost.exe
        "C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
        2⤵
        • Modifies data under HKEY_USERS
        PID:4620
      • C:\Windows\system32\SearchProtocolHost.exe
        "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
        2⤵
        • Modifies data under HKEY_USERS
        PID:4432
    • C:\Windows\system32\wbem\WmiApSrv.exe
      C:\Windows\system32\wbem\WmiApSrv.exe
      1⤵
      • Executes dropped EXE
      PID:4504
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:4392
    • C:\Windows\System32\vds.exe
      C:\Windows\System32\vds.exe
      1⤵
      • Executes dropped EXE
      PID:2540
    • C:\Windows\system32\AgentService.exe
      C:\Windows\system32\AgentService.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1348
    • C:\Windows\system32\TieringEngineService.exe
      C:\Windows\system32\TieringEngineService.exe
      1⤵
      • Executes dropped EXE
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:1224
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:2768
      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        C:\Windows\System32\OpenSSH\ssh-agent.exe
        1⤵
        • Executes dropped EXE
        PID:3856
      • C:\Windows\SysWow64\perfhost.exe
        C:\Windows\SysWow64\perfhost.exe
        1⤵
        • Executes dropped EXE
        PID:3180

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

        Filesize

        659KB

        MD5

        f91102ecf113189dbf076aad48476e3f

        SHA1

        ce055cd980e7b7b07eea0dac4ec18d5caa8a7f41

        SHA256

        660d2e53310ff3ade73974fe8bd2a8bc30c883219a4a816ee5bf2c35a3f9d12f

        SHA512

        09e2063041ed7210a9e5ff1702aa6ac51b10c690c48c031690543dbce4a58c66ac82f8d47e1d414c2bfb459d9f108996d7c7d8eece22f015fe7f41c021ea7462

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

        Filesize

        57KB

        MD5

        cce5cf45ec57e5596cac624ee86ade23

        SHA1

        2f81eacba782018145ac07b9be85cdc051fbfb66

        SHA256

        da4eb2c2d2bbe44911e4063171f3f0859c3d4b9fd286eab12c592482b653cadd

        SHA512

        a517a20a8424947331c74233c2b0495fa994ea03359268ab28ef4638f74085e9997dc44557a84748f79222c17bc02a438ca12178a8c1c6fe918b26f3f88aff6d

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

        Filesize

        356KB

        MD5

        15ecf2ee3fb48d2bb8ecdae4e8b74fb1

        SHA1

        0e18f93c4670b3bb3bdaa2676fed8ad3e0a4babe

        SHA256

        01e92de9b47080524f7b5e3299260d3a2773ec778c636304e4ba57e1aa1e470d

        SHA512

        eee6b35cd8cc2f67cf76c88d43d00db8016032618a5bc0fbe3f6aa32eb886dfc23c4147a27e81eebbc65169377f9ed4dbae681440b6d108ced50c083a670cfab

      • C:\Program Files\7-Zip\7z.exe

        Filesize

        1.1MB

        MD5

        5a9d7fdf3168a07a2f93266a8db629ac

        SHA1

        f47d5af69a63820f5faaf7956ba9b5a0753ef4e2

        SHA256

        4ec79a54347718cd298fb37d8d7b41d965d8e530fea98a7559592c8aadd9a7aa

        SHA512

        d502e0fae821e81cbecf6799efab14d3908cf6583b6777a1533e11cfe7a262ca05a50418f10b213bde9467b6cc8e774a921742202fa28e48e15d32db8402647f

      • C:\Program Files\7-Zip\7zFM.exe

        Filesize

        1.5MB

        MD5

        c5f567699f15b387a78f17a1d48aaa37

        SHA1

        572a896bda5a4c710938ff624589d5674cc3338a

        SHA256

        79ee1a98d18c6ff6b3dfb4638ce347c47f9e142ecd221579bafbffb65154b1a4

        SHA512

        feb99208fb87c203c18001d985d5551842fc7cb29317be685ce59bc3b6dffa0316ad6cd568c6c80b180d1bfe5e8ff301c2e57916bf1e4bcd96dc378de8d0d4af

      • C:\Program Files\7-Zip\7zG.exe

        Filesize

        1.2MB

        MD5

        33da71ec239cd9b74c4ac99322263707

        SHA1

        9d7e70e2196780f6832e09765d634b95e45df5e4

        SHA256

        ed8e9204773c07e6058077256461996106e1992e83ab6becacdca2d83bed2350

        SHA512

        6249b6b579aff481175654d22dd81b01b0b2a718478058be22225b8490a3610988eb1b4ed1530ca60fe42b8dc30bacb94596e3ed624b475bf8667dbd09ddecd8

      • C:\Program Files\7-Zip\Uninstall.exe

        Filesize

        582KB

        MD5

        5fb61d641cae0309c29db5a5a089c100

        SHA1

        a198e05036891ba96acd46ef3e39de8bc607f538

        SHA256

        b1c8a9b44825ba18f76c473014330f0920c8415c8b5ad3d10e8c092072c64c10

        SHA512

        add43a5db82422016836370605d3d768528fdf953b75894e7469d1f76545443998b4dcfe7c632f499d731e1545b6226cccf773859462d4bde10096312e23f94d

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

        Filesize

        840KB

        MD5

        429a6d516b20829bb993a42f3269ea04

        SHA1

        781b9b8d9b61db2391cc5ae13e6842b11f50ee39

        SHA256

        a40d0ec53eeeaed52083e525588a82c0d3197e5e7aca9f3c1c189eb2f7b286ac

        SHA512

        51d428b753083383c054ace7e980015cbccb2650973d0b4014a335761e6b1e3695324e409eba7cc2f17073fa287df7512c1eb50f04ef22dcda99c6bf89249292

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

        Filesize

        1.7MB

        MD5

        09e5ba6a95525f0531bb4ff280773282

        SHA1

        de35d7daa3367f6e34733742d61c6fd80caa6b87

        SHA256

        87fde58811f00799287588bfc4e6c47295245227a179bd7c4f43fc0d66240043

        SHA512

        a5565e70ff71e7e9a61c7d60d03bb7fea339bb566f009eab2144e2638c84826069dd061405b423c992171cb59af03b612afc782897357677cabfe23483884abc

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

        Filesize

        910KB

        MD5

        3ea420ff704a4ad1b2975004f9889933

        SHA1

        36ce331483551c7daa92bb1c438b13ffaa8fd607

        SHA256

        16c41efe862af6ee4fda8fea5d9839ff7ca49f6e17c43d0fa898b49ea3502aff

        SHA512

        3765f451aaf53e895b44651885606066a62c180515374f343b6cffe7d6ea5d795628375efe1b3775ef90ac7a48f573e41fb274002ca2a5b8ac3b1abf508a0283

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

        Filesize

        1.1MB

        MD5

        214d20efc1b25f1518b490e01490a081

        SHA1

        68f0f27fbdaba29c3ec63752de7a0c12a890df90

        SHA256

        5a843b62106769da4c63105dea65a6ce6825ab918b749eb4ae27708b2381272e

        SHA512

        88e493b588c0071eab03f8827e232162130fac6871ad9c785d77a12ff55f236b0abe15c51d363bdbde905ac8c6eb31815856933ff5b497c59e628c7c37e15748

      • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

        Filesize

        1.4MB

        MD5

        237279c06832a256fbf6c3bc1b8e5a17

        SHA1

        9c9cd75355565a81bf03daae3d9ee280cf6ed909

        SHA256

        6b052beacdce530184e6243141f3d219b6ec3ddaf5d0defee25dea06f56d63db

        SHA512

        a19fd198de2181196e69ac1cdbd50bdc6c1bf7285c3db693c7a3c078135bdc38571317d6abf49695f3439c60ffe96e4c696d3d2421977af75af794e411e17a8c

      • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

        Filesize

        1.1MB

        MD5

        7e66cb9b2ecac0dea0e3baa18ae0de8d

        SHA1

        7dc3e194cab3b5a20b73e59433e4a70cbf4948a1

        SHA256

        d0eab74d46a3951b6be249fbc040fcd15f06168eae29fcdd6bfd6e810c0623df

        SHA512

        8334cba1bab06661715ef25fe273bdf7aca6c807a0b5a267a0cae29d5b1efa8dd5483283f58c9e05e50f33fa28af2d33ffadb2fe5158e6aedfc76e969061010c

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

        Filesize

        106KB

        MD5

        6c3edae814e6f5fd66d67b15cda10957

        SHA1

        e7335acef0c82543c9defe24a989012bd8348d03

        SHA256

        d4b9bbb5c95739963835bc7fbfb4657c2ac649af63337ebb4487f732f7965026

        SHA512

        eacdf1475ec36d1f18bdf8ba7759344e7ad28fc4c7b030e300cac62396e13ba85c4bdc45d6ef930dd06354c3516cf9a45c3973b3d097763a06c2f4c31bfbbcca

      • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

        Filesize

        576KB

        MD5

        d82876d584dead099889f9af92a14f5b

        SHA1

        d1034b9da66933a8b4673557edfa3948cebfc6f2

        SHA256

        e1a3bbe49990da443b36012290e29ebdf1f09479f80accc6670c95ae6679db96

        SHA512

        62c6eb6ba73f3bce03b2bba14e0c0cf1d0b617749d568ed40c7db9d344c9e2fd029d7f3c6ba118beae5a6f250735005dab1e123f44bdb88ee1d547a73051031b

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

        Filesize

        644KB

        MD5

        68da5299e2228a0b678a0a985ec05ac9

        SHA1

        c1bdca22a0bb08bc26e5ad9fecf588fe63e27886

        SHA256

        10d310b316fb1b1f29802a7f752aba9f224e3c9f6a08c55517a45c89db3498f5

        SHA512

        1a3dff35b0b586b2e2ffb0b3907f4da5a2797e9c184c8ccd751ad859a2b25dc5d487921f753a6248fbc9b1e965109cb3b012ac5eb3f1c36d92c051d3018311ce

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

        Filesize

        886KB

        MD5

        0a3f98d2a9cba257e66750254e12c824

        SHA1

        9212d8d2d077e407b1f551ee3c1e91abe6a6b71b

        SHA256

        f37fc4258e214cec83c8fe00f231851e7f74e58cebb1ea00d1a0038cb7cd7d08

        SHA512

        f27becfe743766ee98578b8306a9bf71864eff2e291e55021001f25840d626db1446b7f1e3e7e6635b6266b5495615c7dc02e08708d1021da82b0ee70dc15a97

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

        Filesize

        757KB

        MD5

        7cc21bcea9ec1cb5a704fbc9868d36a9

        SHA1

        534144febbd5a1b712da55e3d756b28023bf7da2

        SHA256

        05c151a3e38dbd832c67198ab0801895b93b5e497089b4252260f7dc5c4a1e63

        SHA512

        5688eca1cd2273db0a0934bb21fc9bbec62956b03865e6c081861a760804e450ff1baf77d9dee2ccc3d0988e4031effaedfdb25b3effce6b620e588518eca056

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

        Filesize

        313KB

        MD5

        d5afd2337c7b346068fa915ea6a04b12

        SHA1

        1a3cfce9a11e5a781761eb772e41629024e83ef0

        SHA256

        711fad98762cd2427d40716fa56f249b915b397b0d7f840d47d001a86b362b19

        SHA512

        5f7fc25d2c93e5aef4e5ae2dfe026b70d6e6e25a2c29fa549944d87ac69f8d00792a98f835dee82427d97ff6ddddb2fd5412801eb9339ddb62e1c21b1d1215de

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

        Filesize

        555KB

        MD5

        60b9bfc745416226c6f2073ef730f320

        SHA1

        ca663ed4480e24382e809d0396e9f2ff635ee18c

        SHA256

        b19a7fbffa4634db3f4dce6f8df06d113231a5b4578a2391de25b2fb87b878ac

        SHA512

        548bbfde20bdbad4bc375f555a0282b8cbcbd58ddeebc050c433d8997a7e2cc186a259af17deb18ded58510a7829b2caae11699e004529ceea2d62de8dba7c35

      • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

        Filesize

        775KB

        MD5

        56cbc7208ed796b6fc3a9e8422eb59c2

        SHA1

        5615bd34c6e03adadaacab3c0c6ae94fdcc1dfa7

        SHA256

        18ff699a1782496ef5b70b2a355bea136b7db86a12624b6d5ba442aa37f84d12

        SHA512

        1d29cf4facbf7676eb609babd702273a32fb40372eab16f053d0538ed5a9fb6313b248c14d651536fcac2f4ac9aa84b0d2abdb112335ff1405c2cc1556d15b60

      • C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

        Filesize

        581KB

        MD5

        5ada93c546ca8c0f778607f23584cf8c

        SHA1

        538dd0d9d54a689e38e0a62ee7a293d5fcc8e13e

        SHA256

        5f4e4780f2282e2531d7eee4b17caf4d308830a9cebc5adaf3c50f2e765df454

        SHA512

        297bc9692659ad14573c34cdf63597f6d3a374b53a6de757c0cfce65719f295c9b0253ae4425265a440d5706ac4cbdf0b649ef827b0b904bc79a76081507ff47

      • C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

        Filesize

        581KB

        MD5

        6d3daaa86e2d05bca24af4b5d554273f

        SHA1

        27b8dfaaff90433bbc84039d377ebde5247e14d0

        SHA256

        203594c00af8e0b652d3c8c3cd16be32ceefa3c4e499f8f59017926493614a23

        SHA512

        5a0ed58fce6751aacbc620133e806b9730c73856ad29e883f1015967f598b1e69b94e9212ca2412bfa24ede3eb1c37a94ad5c384569cc8bccf08290a1165632f

      • C:\Program Files\Java\jdk-1.8\bin\idlj.exe

        Filesize

        579KB

        MD5

        44a819229bbccbb0bc13e4f9cbbfb212

        SHA1

        dcb3fa6f210905f50555a47552d331c5b8a1d4b4

        SHA256

        83f9f153ee78b5e5853910dfc9d95c2c199159b6b4e635f10eb02e51ac3e9545

        SHA512

        ca1e05b08821e97c79920f4d07bfe332d2ab4858def3338a8370ce27d2a423552be0fb19867a51d7e98b991105ef49a8d4fd3f46ebed9d099d105d397f119191

      • C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

        Filesize

        601KB

        MD5

        62b5c25b9618f4d6797a20022c7205d5

        SHA1

        3d62ba2d4d38c127670bb1253aafad3fd4781d07

        SHA256

        5f881ccc54a6076fd8289c6611cd9150f830b1e95d3ed4eca12510d0ec0a1624

        SHA512

        724a37e04a1ebaf5ada38fbd33a4c6b4612a3fd2904dbc93b283bf745a6b6629ea0ec0da701ec769c7937e50b8fa9a0166cecf42c50c7b29864ae7e6f7f60e8c

      • C:\Program Files\Java\jdk-1.8\bin\jar.exe

        Filesize

        581KB

        MD5

        2d3352747b60d688eb92af24e15ab882

        SHA1

        c4be3f43b562197f9bef7859bb3ae1f5412cb779

        SHA256

        175c9bfe436f15e36025b3de35acb8e783b0a9404790caaac27cfaa385cde478

        SHA512

        fab3b5effa01cea8adf272eb14dfe5a8c6419cf9ac00cd6c608ef3c5c28a15a1887d97c8c24b9667fbee305973dd698c90c8626673d284fcab7c4007c9f8f597

      • C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

        Filesize

        581KB

        MD5

        3cfe93237b833f7b3cf06c1694411921

        SHA1

        538571bf8393b6081f2f8c7a1ea266dae7d1e748

        SHA256

        a06e0aee0bff19215fa2416aceb089cf757070378fd5db677685e3b647fcbcea

        SHA512

        c873146cea12a82ee3d1f249ae1943938dbfd38012a11e6aeba6cdfdf57b9d4b2ab6c0d412a0cefeedf86420c0fb0fe600a2260ab872e2565890f36a3d3d924c

      • C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

        Filesize

        575KB

        MD5

        1209d8cdd3590f334563a7ce0c9094c6

        SHA1

        5aaef9a47598a75a52f0bb5e19e98d9ade907d5d

        SHA256

        b529b8a4312cfa40d2faffdf5a00bc35777e98267433dc7e4241bfac3be55101

        SHA512

        1a0d9c518763fd2f3b3298c880d6b0ce4552d921fdbb68637b8047f003a5c367731fba8a76f7e12dd7994f192295928b1c67e482d22438850e82c0b5d0a66394

      • C:\Program Files\Java\jdk-1.8\bin\java.exe

        Filesize

        488KB

        MD5

        9a18211360c5a86a485bba610dba3ad7

        SHA1

        b4479932353fbd6b9edc85f6960580a69e0b4926

        SHA256

        08ac7dacb526bf4940c90a821935ce28f5fe7a5bad4b5afa806612b58c8599a1

        SHA512

        25644565ed7842ad8c507bef87f189d467ccbd9e5ce66f29c086370b2152aeeb95696b30b7d5701f1e34051054c5f6f326ecb5623841d0218ab09f9c2386c0fc

      • C:\Program Files\Java\jdk-1.8\bin\javac.exe

        Filesize

        494KB

        MD5

        4865dab4215f532b5e21e08335a7ff73

        SHA1

        1c00e3bc2f7a2daf6f467e07bf0a88060574c32a

        SHA256

        09ad02af346e6d3c00592446af14b67742aa461613027edf8fa5a8ecff9786d3

        SHA512

        57f170f4fde1ca64afa26048aa94ecf8add4fc13c706090fc0c69a408a59fd6e6b08d9e75ccdfa18494c94a27515b15ae5837322ec1bd249534830f2e2a5b197

      • C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

        Filesize

        417KB

        MD5

        cca6b64fc4b59365799268b59255fc3d

        SHA1

        7793f2133d70ad8a2baceb684cab3b291863c918

        SHA256

        aea704004c025d04d5b6885a7f7d001fcff5a14bbb5201473b30b0b83216223c

        SHA512

        2b0cbd8c2db3d063d5a255eb7ab635b52d53e45f414d0ea268a6e7dfcb5d445365ef94df30583c4a568e698c341519e36e62d03e20febef964494c77f775eb4d

      • C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

        Filesize

        433KB

        MD5

        fc4ab24bcdb4c4df4fc6df0e9a94cfc8

        SHA1

        c2c7b602aaa85e2c780998de05d93a580ff959a9

        SHA256

        5e0ec90b5f579fdeec7416bf5d6860c84687dca00edfaef867c4c4f9a1d04505

        SHA512

        c13ee87de397912f47982c478ca898f70305886ffc7f08c820f6ae8c5e7b2b26a4bec13e6edb490e6d585e4a4d3535fb9cf32573f86669073988f0f99046bec6

      • C:\Program Files\Java\jdk-1.8\bin\javah.exe

        Filesize

        347KB

        MD5

        c602d4f3e9e7aee0d487624bccbeef7a

        SHA1

        2ea9f81298580d548a0a4cf2c04bdaa6a5c5602b

        SHA256

        94270a180c35f4e2b1196dce677251278a31ebbc716d255abb02176a74062be2

        SHA512

        95769a2a4f77d75ff0299e42527144e30530372172730d9e2b3ad62b597b39e31a40ad5f3c82b9c8d7897948ef7a44e6bb76cd259f9be92d53a37c90f0d1b0d8

      • C:\Program Files\Java\jdk-1.8\bin\javap.exe

        Filesize

        376KB

        MD5

        a9620f22110b96cd2b42a4ed61b8485b

        SHA1

        fa6535428c69e4ad37659acc4e86254d9cd00920

        SHA256

        224021ad7c1f8d77bc5769ee5aa642cc727d486536bdf6af8f3684976e62d99a

        SHA512

        a55ebc933e5307e2f530e18837e7d131b6e11c5c66f56ffc59bb697a6083bbbfbf98db46f538aabf7dbb081e21e3e44be0a22bad231e6b6dfe6bc47ad8afacb4

      • C:\Program Files\Windows Media Player\wmpnetwk.exe

        Filesize

        365KB

        MD5

        6d71751aef18076191a29428067cba81

        SHA1

        b1f3cdc2cf9c345bc6258dad2144010637f0f396

        SHA256

        d2af27baa592bc8d31304a1d0f4c93a7efff7585f0446a1222059a1fa6eed141

        SHA512

        a2a4f3415ef9be223ec8a92c827ad42bfd96f5204827542560f22f7a20f698fe4f20e21c0b91bd828d31e6c4ee41bf496d1ce8506d5c840c26086ac6c05d58fc

      • C:\Program Files\dotnet\dotnet.exe

        Filesize

        696KB

        MD5

        ee0403b3d1efbb1b7860aeaec7000169

        SHA1

        40096c1a5fadb3419d0a4da1e5f8503944c22803

        SHA256

        438a9b12f6fdd2689c56f94c2affb91b05a7ef12ace68d2a7bf11a85bd5292aa

        SHA512

        483a34ee041f24ff86d9510fab06db15bdb18581c621d537c98562ad02a61ff0d4cbf54e7f68567d500d2bd57ea31ca04a41ccb22c4d99c4822e2a51a58c0fc9

      • C:\Users\Admin\AppData\Local\Temp\OFFICE~1\v32_16.0.17126.20132.cab

        Filesize

        10KB

        MD5

        9c9b0d6f9f47234fff9513a0ca80b9cb

        SHA1

        6180c38af7986069ca79f40255c759a421a20dc7

        SHA256

        280b1a03e596eb36d9699725dd8f63dba958c1c9ce715651874732926ab5451f

        SHA512

        a62e1be095d0c6fff465c87a40c87767fb7276fe0fa09bbbf1204fc01af4dd4774cd8eb8a57390cc507fb53eae1e3b1ed8fecfb9c5dc7cf2dc0ee4240cdf3413

      • C:\Users\Admin\AppData\Local\Temp\Office.ValidateError.scratch

        Filesize

        26B

        MD5

        bd3457e50947d4280734e74b51b5b68d

        SHA1

        424635c6b5622a6c01a59d290a1c9ab8e593effc

        SHA256

        23d647979bc5dc186de5ba3e00a222a912ab8e4782eb6407efa70e29e95979f5

        SHA512

        e83e3615a5e94af288eb1c9b92f55e271765cc43531ec94574371debf63c0c4a58327b6fd8a4775bfba8a3234220cb0396b6d33164309a09a1d826c0689143fb

      • C:\Users\Admin\AppData\Local\Temp\Office.ValidateResult.scratch

        Filesize

        3B

        MD5

        21438ef4b9ad4fc266b6129a2f60de29

        SHA1

        5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

        SHA256

        13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

        SHA512

        37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

      • C:\Users\Admin\AppData\Local\Temp\OfficeC2R90E2E30B-9350-47A8-9A12-A7100F7C595E\VersionDescriptor.xml

        Filesize

        20KB

        MD5

        8dab2f2248f23feea9b09681c00f9849

        SHA1

        e83d66d05d6108e5633596fe92c161c112424759

        SHA256

        93b133cc9192a13b1639ab2766375c1c15384fddfe8ef1007af7664097665e48

        SHA512

        7858aff3bb9ec28620affe9a14f524cd12b009c6c679d498542005426ac91f56a6cd3debe2b7084769b017bec48996e99b014b3933ad434cf7444d1761759fad

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cw2r1qe1.jh5.ps1

        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      • C:\Windows\SysWOW64\perfhost.exe

        Filesize

        342KB

        MD5

        a0143e27c8412c5143f7ae423f95c7eb

        SHA1

        d2fb08dc8914b1b01ef4b1f14edd874b185ad7e3

        SHA256

        f92d3ee2c0225da99d9cf763ff4454e6c82d19a0bdc2cec98c33807241ad8b7e

        SHA512

        de33fc52682f0382bfe4e05108d9bdc1846387d8c7f503e6118530ed62c957e7be4906f66828a66db614810f7a97694e0b8f02e5f2091308fdf4e8b9a1da2fdf

      • C:\Windows\System32\AgentService.exe

        Filesize

        126KB

        MD5

        38406723dd201e72eaeac1a3df285681

        SHA1

        301fb740b481711d450b64b5a7dfc12d205d35c2

        SHA256

        228ff77c773e66d95a85a3849432320a39b5bf361eba5e679f145e00be65b010

        SHA512

        f04cfec65b5ebfdd1c78f192cf642d31909e84ace5b7b0280c49f2ce869ff9c7c95f5988311ea687cc678cda12a89b3fc371a7af68d24974ca68a8ca7db1c2ba

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

        Filesize

        659KB

        MD5

        503cedde2cf0ad8892b509e3bc8d7d21

        SHA1

        081c1c8d4c99db8dbb1ddeaf323c2bff8ce77b0f

        SHA256

        895a4b09559e17595f1a968f4a6a79f7cc0840b3c046c665cb174b447eacca6a

        SHA512

        b8136046e5a22d31e1c9f744a784fab627125a38363ddf701a7ed48f44e10c1a4e8076480b4d6209455de5a3f506e1c11ca35e86ef2220c0fdfa10fb768bcb04

      • C:\Windows\System32\FXSSVC.exe

        Filesize

        429KB

        MD5

        7315d9b8075700c3a4b81dd7c757c32c

        SHA1

        663d283fd9fc04f03324cabe9fbd89e437363ad6

        SHA256

        25ea78b4de0f91a90dce50ba46782c6f09266d918bda3d32c21dd8f74d591b64

        SHA512

        b719325aca8c292ab97410a8381ec7e86200f061f1abfc8a28c67262ebd34febdb417048a3c4c43d72c9195e433a9ce273c5f0a296fef6b0da89158802bcf60c

      • C:\Windows\System32\Locator.exe

        Filesize

        125KB

        MD5

        bb36918ba3594182e04bfba54deac048

        SHA1

        787f483f2dee5542e23cae9cdd65664675754206

        SHA256

        8e35e40178c564fb5e32aaea1650b5904a349ce5591af2ca6dac09da6ef0e61d

        SHA512

        95375e94e16a089f3c810bb89fac2dd20f468d19fff1a71d61ec09548183b64f294915942796cd8cb601a1ed8058144148ade110bea196239cd253e0e15ac76f

      • C:\Windows\System32\OpenSSH\ssh-agent.exe

        Filesize

        147KB

        MD5

        270fa722cdae23bc47fe13836ed17248

        SHA1

        9e2b66775277835e60d551f431af892d0a618ec9

        SHA256

        4846a0daa72c2a94c28573f9d741d5ade64651dfa679e48e3e057461bb749fcd

        SHA512

        2336906433bebcd9ada89e61226cc16b7a50d288b1bcd17e5bf29d433804db1be2c467a75076f18249955510235e52b895b2e092115c382370b2db6ba0992d90

      • C:\Windows\System32\OpenSSH\ssh-agent.exe

        Filesize

        61KB

        MD5

        7376be56d4c5c15a0f74d1ea5a50e86d

        SHA1

        07c713766255c65abee24726f0869764118188c8

        SHA256

        2a2aebff5e39748751e6b4ae2d2a0a3adeff0fd1ae93e90400f03102c1f51ad2

        SHA512

        836276168577884f07143cb5cc3cb34e0859bb9c236a5e13478ec628f6daba74b14323922ec2aff2b27db5f58598c1b6ccb6691435ebb446a07dfd733a7acfa2

      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

        Filesize

        10KB

        MD5

        8a00f6000523b2e5b668016b88c1b4fe

        SHA1

        be66250f3f6254426b0dcb9e805b8778085a3f54

        SHA256

        eefcba3e1662ba804ef763af590316f4b66a90347775ef77a5132104f6134a4d

        SHA512

        ce07f17805616ddeb387a22f91254fa3481d10d637401c2bf1766d74e3b9e6586331585e94252be174c4e5c2d34cd0a08872a73e2ccf87aa80f56e19cd099ad2

      • C:\Windows\System32\SearchIndexer.exe

        Filesize

        77KB

        MD5

        22a52f73f8973138e97c5374d2fc4ba1

        SHA1

        2820c8793f4c71ec8f7a2a5d00353b092860a2d3

        SHA256

        da3fc5ee8944b2c2798bae523fe4d7c3512056310b07c3d53774c638a75dee96

        SHA512

        70e4b0f5f3ce7c7951df5d53ea34c23b581ac2550471020361eb62f72f269b507801554114d31d58efb2a7e9edfe69a8cfc3254cc70650c7dc4ff4b674a4c1bd

      • C:\Windows\System32\SensorDataService.exe

        Filesize

        235KB

        MD5

        e8431e306345449fc69da6c63861850f

        SHA1

        3e80d6ad5e7bfa251e87e90a3659dcd16367809d

        SHA256

        871a4d9ae970710f407b4f47d08bc985bbdbeb27eccf3bee47175da5112fb74f

        SHA512

        6732be78bbb0474a1087caefd9e4acfb25e5f7d80947e81c908e51ed58752a57e59f9cc43d024d6b8f4d19b00d769258fa846809934d948f2c83bd06ec1382b8

      • C:\Windows\System32\SensorDataService.exe

        Filesize

        569KB

        MD5

        892b389a7e0033ff47ec2ffce2142669

        SHA1

        7bfabc3f759e7e78ce72a2dad999c84eee81bb4e

        SHA256

        8fd4718637fcae8f9b558e73b2cd7d74bf99dbef2fd4736a0e8bd7695af0cd1b

        SHA512

        7a7958f650d9b67f759d7d4238d3fea0d9c4666b1eec05e9366a2a8125f895efa7b79630712c54b61e523a5011dc8fbac216e00f297ff9ddcf6f30dd40185aae

      • C:\Windows\System32\Spectrum.exe

        Filesize

        72KB

        MD5

        57f0093398d94fec8acb50a2d9ced763

        SHA1

        a256a65f41cf49d83be87228569977a1654c620f

        SHA256

        8db2c26f29d79961ef7b0a077dc449040eeecacea3637137a87c68f8fda7426c

        SHA512

        6ef5c3085390e4060e95129f1b75ac748c5de554dd20e3bcdb2348d76aa01e4f43d2ddb7d539fea4b73e36f8d41bfd9458a18c8bcfcbc3105837636723057f47

      • C:\Windows\System32\TieringEngineService.exe

        Filesize

        115KB

        MD5

        ff528fa99067a5f21bf93f92b3169613

        SHA1

        c4f2803bf14a44cc36a8d3b1d40309943f0ddf3f

        SHA256

        0c24a906791c7552ddd8ce08f919d6bdbbcb708d81f6671b6a0ce91fe90fff20

        SHA512

        a30e0e1fa9992f1762f0cd0af7d6b34817eb9831a7684467ae5872e4bf3ebb2d2e573054d5f7aa4fe349934e01e7db38f60465807f280096bdfcc4d292b09bd3

      • C:\Windows\System32\VSSVC.exe

        Filesize

        260KB

        MD5

        ebbf2a37cfc4e93cd0540e5ee5ad3b6d

        SHA1

        50a017fd63d0f039afd2ff499df7753acb7b6624

        SHA256

        c08f9acb237d05658eafee69661b9bf597fabeb4ca4fdf7f0a2c68c9f06f0769

        SHA512

        e90f70ad39d49f93ee45cba6a4d283d1c280fa0e30b17a04f1bdea9fce1d4a9fe359b33613159bd9eb4677cc4616f0b4bb36878d075c2fc4ab0748c0e5158f77

      • C:\Windows\System32\alg.exe

        Filesize

        661KB

        MD5

        b86f7fe25a8933b8f38b9b823bfa0829

        SHA1

        80f90b72002e4fb2dba6e5ee91570f4c99de0d3a

        SHA256

        358bca3c8abafb76d5354e5c732ffd3161860e6096cb001682578c5865970361

        SHA512

        ae628106abd4cc47d8ed790be049645dbd1da735d7e0043b5e69f88720a9bbe098044360b7a6d9364124699f6a3c586aeec43661ac38d88f93669e0438351170

      • C:\Windows\System32\msdtc.exe

        Filesize

        121KB

        MD5

        e7be1aa1f659f05f40ae2856dc024a09

        SHA1

        a61c76339142526c395119221bc3be8c71de760f

        SHA256

        1d7d4181bfb071ae22d9733c19ef11e0015842bce8869d47d67874a9e2a3726d

        SHA512

        52938318b960932f5b8398e6b20557993d5e1ae7d46d45af7e4c9147cff888b5897890212456127f6567f628088ca073bfdd83b183d2aa8d13b8e15bf51d0fb2

      • C:\Windows\System32\snmptrap.exe

        Filesize

        192KB

        MD5

        f5cfde6e0343fea063bba74166b86737

        SHA1

        1250ae38065ad08a4b359f7fe6fe3b62d8004f77

        SHA256

        301ba6f7770b5782ac3e83bc27f8b5b7e7bac730be423d21915c344c6ac77ed1

        SHA512

        1cccb78619ef7476a402106f7ac259488d133355fcc91b9b748e032114f57ca1c603015a69c8ecc2dcec68e2ea891063fee4bf0687bc4c0c1a4a9594d0148041

      • C:\Windows\System32\vds.exe

        Filesize

        154KB

        MD5

        e12c65e27190e27d94d0cd7b9a0b9918

        SHA1

        4511388592d14d1088068752563bd4a28b2bf6a8

        SHA256

        d5bbdae5c92a3ed97c39c85ff07377f0f017a5f70116483bc6d6cf9ca4b2e3d1

        SHA512

        444f1196ff6277ad16733e9fc89233c7d47923f50e8c576c1cf5741eaa7ce2a49e52c28459b0b4e76f5c76f52812537b7b8bce8f7558f85fd65282db1bfe0367

      • C:\Windows\System32\wbem\WmiApSrv.exe

        Filesize

        146KB

        MD5

        8e71e4787958761031ab6b4d732e8c78

        SHA1

        3eaa912d63cd63338d614000121c9383169b431f

        SHA256

        789fc7c82c4c96a4971e97ced3faf2c1c68d67ffdf2ec25c2a1df678046ed2a6

        SHA512

        d3bfa4c5c12062cd53b5538e4612015ebdb2702215e921b4158e6a487a945ed7fca55c6a90dea674ef04cc66647d9f58fe966907e8a5e6f9d89117b9e619e31d

      • C:\Windows\System32\wbengine.exe

        Filesize

        150KB

        MD5

        e5be009d169a7d9586ce49a730e5034a

        SHA1

        c333cf10bf8fdd681163cf8ef58f907030bd1189

        SHA256

        b3a0d4604e49d52ddd314d1941d5866edab9472d51545b1d041298bfac648acd

        SHA512

        012642a13f23f29707ccf46662713c69dc7b03b0bf9d0ca29c1f5fe940ddda22ccdb77894bc848d448684d6f152a158a41a2feabb558baa8d25d708ee215b879

      • C:\Windows\system32\AgentService.exe

        Filesize

        514KB

        MD5

        da0af0570a3dd6cd5e4e31e694fafca5

        SHA1

        883f762f62d3e738aba9f17baaa13da7d2668019

        SHA256

        83ae65376b93604e7fe81089e9cf5701482d8970dfdcddbf3fbfcc092603deeb

        SHA512

        77a2e910d2411fcd19e3b22ca67bf453054403ce0e2ee0566e0846ec17f1bc73c0faa5242858fdf88055c26000f57ab52c6f5a69fa8e2d9e1a991ae264ec8ddd

      • C:\Windows\system32\AppVClient.exe

        Filesize

        1.0MB

        MD5

        d3254a7155443a68db82491679b2391d

        SHA1

        d6806f6a1ac5133e5d905de3bfd06e48aaba77f8

        SHA256

        77606c8bee61df157a826598b083c747c4c58ecbacee2fe67654108cd8004051

        SHA512

        1f0132e33c2e7e539a684421d4c291e386051fe290a8c61b62ba6890521c916f0c3f82876ab2ab6c3d15c2ec62b537960904e94fadb431d711c8ad233ebb9b3a

      • C:\Windows\system32\SgrmBroker.exe

        Filesize

        593KB

        MD5

        39b80e16c92d8eec9c65287f76edf54f

        SHA1

        7d0843985374b638b95d46c6a61816f31fdc0053

        SHA256

        c00a4c7730db72fdc1caafd5526320022c229fc69240ce08c437c42cff2e0412

        SHA512

        fe81933537cb34838cc11fad9bd04957be7d891264cba84d95a012611a14398e3b967d3d8d181b7b41598033a7a93e25aa3f8d370d0c77717aed31fb78482683

      • C:\Windows\system32\fxssvc.exe

        Filesize

        610KB

        MD5

        b5b6be3192e1dff69cf4197900dc458f

        SHA1

        2c91e7388847983337df389f2e76fc67dcc030dc

        SHA256

        0ac666c1fe185774ca85ff7906435a1a1fca79fb58cd8615060b81c065063024

        SHA512

        12124a99a5a5262a4db6cba8765c63ade884ab792bdedab1090e1f79d672fa39462c279c650cb9a1a096a2029033b5afa582028ec01b05f46fc43fdc9a1f12c5

      • C:\Windows\system32\msiexec.exe

        Filesize

        561KB

        MD5

        ae98c136450a1c386546fc8feb338756

        SHA1

        975796024cf2b581e2dedecaf45a0411b533a77c

        SHA256

        308b6d793ba81c9e468f6ffa76382e5acf84f7b7fa021b73a0ebc597ea976978

        SHA512

        41892c57120311f10c26df0e47ae0a26439c0380dc0ebafe9e50325189e398ba695f24c718e6e7d71f222f44ca416299be63980751841ec68d00f8a20fcaabfd

      • C:\odt\office2016setup.exe

        Filesize

        2.4MB

        MD5

        c5ffd1d0ccbd75f19f4944523eeaaa5f

        SHA1

        15e04ece5b06ccdc5ad1240de742f3384f4f2996

        SHA256

        904cff3b5aa48434a0320767cd9897aa6b5a46e9006fa7220236e722d53eb13d

        SHA512

        5420a1f15779116f57b91d962cee7fdd5ab4b2f0f15402ef6815a086abf52f8ac7153df417787169ea619b9c7ad68494a31f76e7d16bb14a284cabf1150d914a

      • memory/320-162-0x0000000140000000-0x0000000140096000-memory.dmp

        Filesize

        600KB

      • memory/644-204-0x000000007EEE0000-0x000000007EEF0000-memory.dmp

        Filesize

        64KB

      • memory/644-156-0x0000000006DF0000-0x0000000006E93000-memory.dmp

        Filesize

        652KB

      • memory/644-191-0x0000000007100000-0x0000000007126000-memory.dmp

        Filesize

        152KB

      • memory/644-85-0x0000000005B30000-0x0000000005B4E000-memory.dmp

        Filesize

        120KB

      • memory/644-60-0x0000000005500000-0x0000000005566000-memory.dmp

        Filesize

        408KB

      • memory/644-52-0x0000000004E30000-0x0000000004E96000-memory.dmp

        Filesize

        408KB

      • memory/644-208-0x0000000004890000-0x00000000048A0000-memory.dmp

        Filesize

        64KB

      • memory/644-114-0x00000000725B0000-0x0000000072D60000-memory.dmp

        Filesize

        7.7MB

      • memory/644-182-0x0000000006110000-0x000000000611A000-memory.dmp

        Filesize

        40KB

      • memory/644-178-0x0000000007070000-0x0000000007086000-memory.dmp

        Filesize

        88KB

      • memory/644-170-0x0000000007520000-0x0000000007B9A000-memory.dmp

        Filesize

        6.5MB

      • memory/644-173-0x0000000006EC0000-0x0000000006EDA000-memory.dmp

        Filesize

        104KB

      • memory/644-217-0x00000000725B0000-0x0000000072D60000-memory.dmp

        Filesize

        7.7MB

      • memory/644-40-0x0000000004ED0000-0x00000000054F8000-memory.dmp

        Filesize

        6.2MB

      • memory/644-37-0x0000000002560000-0x0000000002596000-memory.dmp

        Filesize

        216KB

      • memory/644-116-0x0000000004890000-0x00000000048A0000-memory.dmp

        Filesize

        64KB

      • memory/644-49-0x0000000004D60000-0x0000000004D82000-memory.dmp

        Filesize

        136KB

      • memory/644-88-0x0000000005CA0000-0x0000000005CEC000-memory.dmp

        Filesize

        304KB

      • memory/644-38-0x00000000725B0000-0x0000000072D60000-memory.dmp

        Filesize

        7.7MB

      • memory/644-141-0x000000007EEE0000-0x000000007EEF0000-memory.dmp

        Filesize

        64KB

      • memory/644-142-0x0000000006B00000-0x0000000006B32000-memory.dmp

        Filesize

        200KB

      • memory/644-143-0x000000006EBE0000-0x000000006EC2C000-memory.dmp

        Filesize

        304KB

      • memory/644-44-0x0000000004890000-0x00000000048A0000-memory.dmp

        Filesize

        64KB

      • memory/644-41-0x0000000004890000-0x00000000048A0000-memory.dmp

        Filesize

        64KB

      • memory/644-153-0x0000000006100000-0x000000000611E000-memory.dmp

        Filesize

        120KB

      • memory/644-154-0x0000000004890000-0x00000000048A0000-memory.dmp

        Filesize

        64KB

      • memory/644-128-0x0000000004890000-0x00000000048A0000-memory.dmp

        Filesize

        64KB

      • memory/644-69-0x0000000005670000-0x00000000059C4000-memory.dmp

        Filesize

        3.3MB

      • memory/1224-198-0x0000000140000000-0x00000001400E2000-memory.dmp

        Filesize

        904KB

      • memory/1348-202-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

      • memory/1348-200-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

      • memory/1496-83-0x0000000140000000-0x00000001400AA000-memory.dmp

        Filesize

        680KB

      • memory/1496-11-0x0000000140000000-0x00000001400AA000-memory.dmp

        Filesize

        680KB

      • memory/1508-32-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

      • memory/1508-108-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

      • memory/1508-42-0x00000000007E0000-0x0000000000840000-memory.dmp

        Filesize

        384KB

      • memory/1508-31-0x00000000007E0000-0x0000000000840000-memory.dmp

        Filesize

        384KB

      • memory/2540-206-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

      • memory/2676-161-0x0000000140000000-0x00000001400CF000-memory.dmp

        Filesize

        828KB

      • memory/2676-98-0x0000000000510000-0x0000000000570000-memory.dmp

        Filesize

        384KB

      • memory/2676-99-0x0000000140000000-0x00000001400CF000-memory.dmp

        Filesize

        828KB

      • memory/2676-107-0x0000000000510000-0x0000000000570000-memory.dmp

        Filesize

        384KB

      • memory/2888-94-0x0000000140000000-0x00000001400B9000-memory.dmp

        Filesize

        740KB

      • memory/3148-89-0x0000000002270000-0x00000000022D0000-memory.dmp

        Filesize

        384KB

      • memory/3148-91-0x0000000140000000-0x00000001400CA000-memory.dmp

        Filesize

        808KB

      • memory/3148-75-0x0000000002270000-0x00000000022D0000-memory.dmp

        Filesize

        384KB

      • memory/3148-82-0x0000000002270000-0x00000000022D0000-memory.dmp

        Filesize

        384KB

      • memory/3148-76-0x0000000140000000-0x00000001400CA000-memory.dmp

        Filesize

        808KB

      • memory/3180-130-0x0000000000400000-0x0000000000497000-memory.dmp

        Filesize

        604KB

      • memory/3180-127-0x0000000000520000-0x0000000000587000-memory.dmp

        Filesize

        412KB

      • memory/3180-192-0x0000000000400000-0x0000000000497000-memory.dmp

        Filesize

        604KB

      • memory/3180-134-0x0000000000520000-0x0000000000587000-memory.dmp

        Filesize

        412KB

      • memory/3208-113-0x0000000000BD0000-0x0000000000C30000-memory.dmp

        Filesize

        384KB

      • memory/3208-123-0x0000000000BD0000-0x0000000000C30000-memory.dmp

        Filesize

        384KB

      • memory/3208-118-0x0000000140000000-0x00000001400AB000-memory.dmp

        Filesize

        684KB

      • memory/3208-176-0x0000000140000000-0x00000001400AB000-memory.dmp

        Filesize

        684KB

      • memory/3472-139-0x0000000140000000-0x0000000140095000-memory.dmp

        Filesize

        596KB

      • memory/3856-184-0x0000000140000000-0x0000000140102000-memory.dmp

        Filesize

        1.0MB

      • memory/3856-194-0x0000000000D70000-0x0000000000DD0000-memory.dmp

        Filesize

        384KB

      • memory/3984-1-0x0000000000C10000-0x0000000000C77000-memory.dmp

        Filesize

        412KB

      • memory/3984-6-0x0000000000C10000-0x0000000000C77000-memory.dmp

        Filesize

        412KB

      • memory/3984-71-0x0000000000400000-0x0000000000991000-memory.dmp

        Filesize

        5.6MB

      • memory/3984-0-0x0000000000400000-0x0000000000991000-memory.dmp

        Filesize

        5.6MB

      • memory/4292-17-0x0000000140000000-0x00000001400A9000-memory.dmp

        Filesize

        676KB

      • memory/4292-23-0x00000000004C0000-0x0000000000520000-memory.dmp

        Filesize

        384KB

      • memory/4292-15-0x00000000004C0000-0x0000000000520000-memory.dmp

        Filesize

        384KB

      • memory/4292-93-0x0000000140000000-0x00000001400A9000-memory.dmp

        Filesize

        676KB

      • memory/4336-157-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

      • memory/4336-216-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

      • memory/4392-209-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

      • memory/4412-166-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

      • memory/4412-177-0x00000000004E0000-0x0000000000540000-memory.dmp

        Filesize

        384KB

      • memory/4552-136-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

      • memory/4552-58-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

      • memory/4552-51-0x00000000001A0000-0x0000000000200000-memory.dmp

        Filesize

        384KB

      • memory/4552-70-0x00000000001A0000-0x0000000000200000-memory.dmp

        Filesize

        384KB

      • memory/4788-45-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

      • memory/4788-28-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB