Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-04-2024 19:38

General

  • Target

    2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe

  • Size

    4.6MB

  • MD5

    873dc7d70a7e50fe0dc5d5280ed0185f

  • SHA1

    b919532e57f52824ad97fe0a6f6fc7c2f698e2ef

  • SHA256

    5f8ed3bea7026f766bbeeb4ec8fdddcae6e1c286e7948134f00eac8e2c7a3c3b

  • SHA512

    644bc1d31a2c7e11e19428f13a122e2afee6d3ac2317e6ce7757434155543925b64f0b767918db4b9cea05d4ff5fb2c6ee736810a6b60c5118862158470b7ea8

  • SSDEEP

    49152:MyEKQ5E3ieGR0PEtBFUow1b89eX611+2xmepn/TRijbqYW3qkCbDypSfe6qwiXpL:mq9ceqz+2xl/SSb0XD527BWG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 26 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 24 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe
      C:\Users\Admin\AppData\Local\Temp\2024-04-07_873dc7d70a7e50fe0dc5d5280ed0185f_ryuk.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x2d0,0x2d4,0x2e0,0x2dc,0x2e4,0x140384698,0x1403846a4,0x1403846b0
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:4216
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:5016
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xc4,0x108,0x7ff875ce9758,0x7ff875ce9768,0x7ff875ce9778
        3⤵
          PID:4980
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:2
          3⤵
            PID:5072
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
            3⤵
              PID:3152
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
              3⤵
                PID:1600
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:1
                3⤵
                  PID:4704
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:1
                  3⤵
                    PID:4572
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:1
                    3⤵
                      PID:3404
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
                      3⤵
                        PID:4388
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
                        3⤵
                          PID:4540
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
                          3⤵
                            PID:3420
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
                            3⤵
                              PID:4532
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
                              3⤵
                              • Executes dropped EXE
                              PID:3644
                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x298,0x28c,0x290,0x288,0x29c,0x1403b7688,0x1403b7698,0x1403b76a8
                                4⤵
                                • Executes dropped EXE
                                PID:4500
                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
                                4⤵
                                • Executes dropped EXE
                                PID:4224
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x29c,0x294,0x298,0x290,0x2a0,0x1403b7688,0x1403b7698,0x1403b76a8
                                  5⤵
                                  • Executes dropped EXE
                                  PID:532
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:8
                              3⤵
                                PID:2844
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4088 --field-trial-handle=1932,i,13683370807020894489,13109186316448667395,131072 /prefetch:2
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5516
                          • C:\Windows\System32\alg.exe
                            C:\Windows\System32\alg.exe
                            1⤵
                            • Executes dropped EXE
                            • Drops file in System32 directory
                            • Drops file in Program Files directory
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4960
                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                            1⤵
                            • Executes dropped EXE
                            PID:4952
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
                            1⤵
                            • Executes dropped EXE
                            PID:3612
                          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                            "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                            1⤵
                            • Executes dropped EXE
                            PID:2176
                          • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                            "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
                            1⤵
                            • Executes dropped EXE
                            PID:4584
                          • C:\Windows\System32\WaaSMedicAgent.exe
                            C:\Windows\System32\WaaSMedicAgent.exe 351aa6df0d5863170130ddcb0a85c1f1 Ne2l+pV3RE+Eqzs3bUBV+A.0.1.0.0.0
                            1⤵
                              PID:4388
                            • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                              C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                              1⤵
                              • Executes dropped EXE
                              PID:2560
                            • C:\Windows\System32\svchost.exe
                              C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                              1⤵
                                PID:1308
                              • C:\Windows\system32\fxssvc.exe
                                C:\Windows\system32\fxssvc.exe
                                1⤵
                                • Executes dropped EXE
                                • Modifies data under HKEY_USERS
                                PID:3056
                              • C:\Windows\System32\msdtc.exe
                                C:\Windows\System32\msdtc.exe
                                1⤵
                                • Executes dropped EXE
                                • Drops file in System32 directory
                                • Drops file in Windows directory
                                PID:2684
                              • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                1⤵
                                • Executes dropped EXE
                                PID:1620
                              • C:\Windows\SysWow64\perfhost.exe
                                C:\Windows\SysWow64\perfhost.exe
                                1⤵
                                • Executes dropped EXE
                                PID:3036
                              • C:\Windows\system32\locator.exe
                                C:\Windows\system32\locator.exe
                                1⤵
                                • Executes dropped EXE
                                PID:1644
                              • C:\Windows\System32\SensorDataService.exe
                                C:\Windows\System32\SensorDataService.exe
                                1⤵
                                • Executes dropped EXE
                                • Checks SCSI registry key(s)
                                PID:4568
                              • C:\Windows\System32\snmptrap.exe
                                C:\Windows\System32\snmptrap.exe
                                1⤵
                                • Executes dropped EXE
                                PID:3144
                              • C:\Windows\system32\spectrum.exe
                                C:\Windows\system32\spectrum.exe
                                1⤵
                                • Executes dropped EXE
                                • Checks SCSI registry key(s)
                                PID:4428
                              • C:\Windows\System32\OpenSSH\ssh-agent.exe
                                C:\Windows\System32\OpenSSH\ssh-agent.exe
                                1⤵
                                • Executes dropped EXE
                                PID:3516
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
                                1⤵
                                  PID:2492
                                • C:\Windows\system32\TieringEngineService.exe
                                  C:\Windows\system32\TieringEngineService.exe
                                  1⤵
                                  • Executes dropped EXE
                                  • Checks processor information in registry
                                  PID:3796
                                • C:\Windows\system32\AgentService.exe
                                  C:\Windows\system32\AgentService.exe
                                  1⤵
                                  • Executes dropped EXE
                                  PID:2216
                                • C:\Windows\System32\vds.exe
                                  C:\Windows\System32\vds.exe
                                  1⤵
                                  • Executes dropped EXE
                                  PID:4448
                                • C:\Windows\system32\vssvc.exe
                                  C:\Windows\system32\vssvc.exe
                                  1⤵
                                  • Executes dropped EXE
                                  PID:4416
                                • C:\Windows\system32\wbengine.exe
                                  "C:\Windows\system32\wbengine.exe"
                                  1⤵
                                  • Executes dropped EXE
                                  PID:1692
                                • C:\Windows\system32\wbem\WmiApSrv.exe
                                  C:\Windows\system32\wbem\WmiApSrv.exe
                                  1⤵
                                  • Executes dropped EXE
                                  PID:2768
                                • C:\Windows\system32\SearchIndexer.exe
                                  C:\Windows\system32\SearchIndexer.exe /Embedding
                                  1⤵
                                  • Executes dropped EXE
                                  PID:728
                                  • C:\Windows\system32\SearchProtocolHost.exe
                                    "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
                                    2⤵
                                    • Modifies data under HKEY_USERS
                                    PID:5420
                                  • C:\Windows\system32\SearchFilterHost.exe
                                    "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
                                    2⤵
                                    • Modifies data under HKEY_USERS
                                    PID:5444

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

                                  Filesize

                                  2.1MB

                                  MD5

                                  bbe66acbb797e42efcc859dc8fab69dd

                                  SHA1

                                  b81d5717ddadafc8bb8ef98051e3f3c6f40cac31

                                  SHA256

                                  4e2e022bb156156e00cfcee8362290d9cb19bc4e4a87fd5c48f0aa846188bc06

                                  SHA512

                                  61755d7a915f78299e6b985eec76715dd3331c72210b1a95ccafa4a31e2dc5f56e68165d00f7e1de597f144296494b0f47da64e08dbc1f09ecd5a9143d0b3252

                                • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                  Filesize

                                  1.4MB

                                  MD5

                                  6a9f571b5d97ebe386baca6c5da6d58e

                                  SHA1

                                  f703dea95db98a62ea7b2226cbac6e9db303f789

                                  SHA256

                                  37558427e86c2f07e8cf1a1beb15b9c16e89e6b89bb0300e27550e867b1c3021

                                  SHA512

                                  9624e9835c01e6fb69870191ba3628067171fdab70f1291af0a8b615c5d85e3f49d6605972538f3965c7e14a0d148cf0087a75f95623b5908ecee4120385ea8b

                                • C:\Program Files\7-Zip\7z.exe

                                  Filesize

                                  1.7MB

                                  MD5

                                  d2eb449a5692355cd8eaad95e6948666

                                  SHA1

                                  2ccbdfa98b3fd5deefb813b84aa379a6d3c6e972

                                  SHA256

                                  cec9badd172e0893f8682cb22ea18a09b8f039df1912884a51a424e0bc667086

                                  SHA512

                                  48703e44e9caabf70dcb9c990a64f312faeebc41750d05f70a0c15aef08c12f9b2cdbc5dbba05bcf9382bc5e3ec88a201c3e2a0e279c70164a4ed44b702131a1

                                • C:\Program Files\7-Zip\7zFM.exe

                                  Filesize

                                  1.5MB

                                  MD5

                                  21c20664ae15da947250c2c12da6b7fe

                                  SHA1

                                  d8ff5a480de2f67b75ad2c34950bb2931ad789dc

                                  SHA256

                                  5704a09baeb34c4965ba92c58260a4d6c2e97ab1fafb59e9ae4f9082d97e4656

                                  SHA512

                                  999fe6822576ece1b704fd7743371bb1961296a15b71b225c0cfa350945bea64aae4f87b137fc019d6604d6137828bf0779534431a35878ef26f7c9e7b73aaa7

                                • C:\Program Files\7-Zip\7zG.exe

                                  Filesize

                                  1.2MB

                                  MD5

                                  717e0cf59b712649742cba8fa71f80d2

                                  SHA1

                                  20589429525802874390af09ed9fc0591b347042

                                  SHA256

                                  ce7b5fc41b96aacea4ab3dba99ba9cbb59363488ac1a88889280321328acc9c9

                                  SHA512

                                  b9276386b937aa1c1da7143d42e47a6de9f943c525b855d35a79d7c047b34359a40dedd96696bc770313874f17d601d7a8f1b8031ff2270618cb05d1101e3481

                                • C:\Program Files\7-Zip\Uninstall.exe

                                  Filesize

                                  1.2MB

                                  MD5

                                  a42b82b1d7e931a78a13092730490785

                                  SHA1

                                  408d16d91b24b7b45796676b986ea4c133c9e3b7

                                  SHA256

                                  dc7eeedbeb91851eaa08d1e76cfb3ce160e6e3080dc30d9d694b5aac6dbb0f4a

                                  SHA512

                                  a86dadc1e4b5e1feffa9e8f5a3e9a36dad6f1ceac96389d66f8a8d296a5b6ddeae28bbbf8393cec41cde89d1682c1c1688547566e420d1a0bf1d3f63d95c4e2f

                                • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                  Filesize

                                  1.4MB

                                  MD5

                                  243723f4f59a42d46def763bd670ea8c

                                  SHA1

                                  4ca82bf713f276613cf99ca7b48833f4a56bf4b1

                                  SHA256

                                  feeb512c6325bdc135599a164bac9fee0739d15f2a071214314126b3230b5a11

                                  SHA512

                                  2eb2f3455beedd0443db1c606a5426c9005bd6fa8f88dd370b589d9e3b1e1915f47ee466a041287f6305071c52eeef27d1d3079bb6c7f9d58397e63623a5dee3

                                • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                  Filesize

                                  4.6MB

                                  MD5

                                  4f60d18b4c40255b5a084707bbf9448c

                                  SHA1

                                  40c681b7350e6a6a60fba866967a28bb7b69fe34

                                  SHA256

                                  1f3891c6a64fa4e44e66d47f628b97b9b319321ee911b91d421569b3941e6458

                                  SHA512

                                  aa93fd6d2555c922252643e7f4d713169fe47b6d3c5788f50a720713d52509081ffdf5206aa7d9286ea2bcf11b1d0ad2525f314681f773bc8d55d3ed21dacd39

                                • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

                                  Filesize

                                  1.5MB

                                  MD5

                                  d742435143c5582a7735794effbe80b7

                                  SHA1

                                  d36220e46f499591f6177f8e9201cc022f409a04

                                  SHA256

                                  cd0034e795e19359cd5865186585a3e028dc25977bc7dd351a53d070900d6364

                                  SHA512

                                  f5acee09eeadc9fc438ded9b411b79ddc1b0c2ae2d72ec24f558d201e7aa41bdce0bd12dbe95cf719afe6a51f81bb9b66f65c5b70fe99f09b95a443f46b64721

                                • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

                                  Filesize

                                  24.0MB

                                  MD5

                                  a78d7de9b1560e68f0fdd1dc0bc73371

                                  SHA1

                                  9b9890c1253cf372d4b18d8ad163a92187368fb4

                                  SHA256

                                  15db72efef7b5f132748d75942c3c8416901fd9edeff14fddfa7c2d9836ef253

                                  SHA512

                                  d6e80ef20e73480c531bd9340391183951375f7596803f2084a55b4e0a1727b8b5bb78a973f9e511e945b750047a2950ca19e31a33ed89ef4c2118304b0a371a

                                • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                  Filesize

                                  2.7MB

                                  MD5

                                  b36e8680f78ccdbd574af8dc10c02950

                                  SHA1

                                  882d02d0cc84a992bc73f9c2f8be1e41ec63ab25

                                  SHA256

                                  76ef0085cd1c4fd9436676bb5b415bfb6edb4518b98ef3980d7301250bdbcd7f

                                  SHA512

                                  b8c30b38bf954ec2d8cf2919835bc69ae55ef348718956f5044c3fc6776ddf32d0db9aaac6b0b06af00b398d07189b608ba7249b086a739625d108c133a68cff

                                • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

                                  Filesize

                                  1.1MB

                                  MD5

                                  d3a5effc18b566aadcc238af716e66eb

                                  SHA1

                                  375da4dabb738a5a57b53b31ff073833f44bf5a0

                                  SHA256

                                  d387dd0e4060fd4b33c74c1bd66b56b7e7cc41599357c393b19ea74faade947b

                                  SHA512

                                  e89fd120d7169ed08706a2f710478422557fc93db97c931d0fb6b5849811e06e7861d4e71a1238af1c49cd1193ef10a8f59271dc8888505107ef434fb0355ba5

                                • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

                                  Filesize

                                  1.4MB

                                  MD5

                                  7530c39f41e862a9d0ffae6095ebf859

                                  SHA1

                                  4dcfcd8965ffc4984f1fbad3b0aa8a102430a870

                                  SHA256

                                  df77c65d3d027225dd4c65e3080ff8d5069f5b98d6a7c64e446b45b50bc455bb

                                  SHA512

                                  4e4336894293b64fb310cf6b00eb3301222f43129c071acbeb743a093f64678f3b5867fd045a6ba1519af0cd4a57a1590dbf2fd7a5ed138f2a6fef54f446436f

                                • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

                                  Filesize

                                  1.3MB

                                  MD5

                                  8876090190cde300f611988a374317c9

                                  SHA1

                                  1960af309eeb6fcd822071465a10775755e6a7a4

                                  SHA256

                                  176b4527d1b816dda2632427f71d0bec1dd43b9901310286c2d800c47daab828

                                  SHA512

                                  c3e1ad9240d69505a8e91df8d0ffc9c68ac92d4e16583372a3b8be88a3471d53c94d0513d1681ad9f322343eaed7a60c929682c4e3ce6231dbfbe92b5fd7295a

                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

                                  Filesize

                                  4.8MB

                                  MD5

                                  018820980348c4e20d7c348e2be5f0bb

                                  SHA1

                                  1f3372a42ccecf4750700e75e67cd08ec28208e9

                                  SHA256

                                  c5f459b0f7bd86c934e5bb55b88131d153bbfc67200f274f127ed130b975a366

                                  SHA512

                                  c2644a3429b49bd629d2392639bc31ff9b90a220accf21bd4119abadc38bc20682d92c41256a9a3f9745708925fac1d0db9ffd393debc90bf2e6e9dcd2a8d245

                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

                                  Filesize

                                  4.8MB

                                  MD5

                                  b947286bf90517eada149315b1b57dee

                                  SHA1

                                  ef76f81917f763aaa1c0af705739600e70b9ba04

                                  SHA256

                                  51c5154509359e653c809423d68cf3bcb5aba4875da89e3dc6fd73f1e29ee7a0

                                  SHA512

                                  36c96b5d1bf7edeb8630d480c22242cc429408b83105695fc2fd7f4faf083412fd9da7e7643eadff2160b9a9a2e2b5b3f1a4f3174ac56afd3f4e6ac1a49f1e65

                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

                                  Filesize

                                  2.2MB

                                  MD5

                                  03ba9c60551aa93515f2134e00d61424

                                  SHA1

                                  cea0c64e2ca8a6cc72e553b0befacea5238437c9

                                  SHA256

                                  2c07476d3a9ac4dd87d15c12b79302f94e2734adafa8cce5731d2ea024be1072

                                  SHA512

                                  53b2ecd63134546b708f7768997a3c5f487e8049cf54cc7b3cf2df74db1ab93d7a29cb833c46f798fb3bfacd1281701a7dc395276abae2bbcd98147d39cb33a3

                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

                                  Filesize

                                  2.1MB

                                  MD5

                                  a31e411522cb4b16a770653cdd09508a

                                  SHA1

                                  e5d48487c967dfb685eb397252ac7aee9caac806

                                  SHA256

                                  ea0be9524882b3a945746e4bcb3a41580230ba9c035c32cd3621be06c2df6acb

                                  SHA512

                                  9dff95a558ebaf5622d7f0092e7ccda10e49bbf780c3280fb97b7e6e444a29a3ab9784f1d4c19c847177595d46667ffe1a059a7c226c4c828effd3e0474b47d8

                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

                                  Filesize

                                  1.8MB

                                  MD5

                                  4384de2d4e1b8c25f3cb6b7b6ff7738b

                                  SHA1

                                  01f49330cc2b870cacb0838874c67dd0a5e4207e

                                  SHA256

                                  317be30561bc70bea24f85e27bf2185177fcc5470e756956580d748dcf6c1267

                                  SHA512

                                  2e922c6dbbf4827513c728fc8f7cf2380d563d53f85c67703ef946dce676bffcfc73fb04065621ebbb06525ab2c7a9457cd004c06eaf9c19f4dbcb538a7f9dae

                                • C:\Program Files\Google\Chrome\Application\SetupMetrics\54ef9155-ddee-4a62-a436-c33ffe2d6312.tmp

                                  Filesize

                                  488B

                                  MD5

                                  6d971ce11af4a6a93a4311841da1a178

                                  SHA1

                                  cbfdbc9b184f340cbad764abc4d8a31b9c250176

                                  SHA256

                                  338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                                  SHA512

                                  c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                                • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

                                  Filesize

                                  1.5MB

                                  MD5

                                  e96de010b05f4839c86e3ce7648e34ac

                                  SHA1

                                  23d002bfdb16174cc3822879d2a2c019871b43ae

                                  SHA256

                                  eedb723c9eb3a98653092a0ad912b6462114ba362b1b7096047189128d06e583

                                  SHA512

                                  b8b903e4ae21d9a8640fbab8e76c72a0d8945fa172aa9e6d46b7bf6b4d062c22cf9b1e7fc1b0c1a675cfc61de2d5a27b8a1e8b406540e4b27c125f1a4ca6ffc5

                                • C:\Program Files\dotnet\dotnet.exe

                                  Filesize

                                  1.3MB

                                  MD5

                                  7d5ffe3fe1297b4731ed4d01baa2a625

                                  SHA1

                                  e00f2a9d4a50e72b3a23b7b7291147b1c4630bf9

                                  SHA256

                                  5f9695eb7eb233ef6d17a85f69a6f3cd68fce5bffe1d7e7e82a834502bc40b7d

                                  SHA512

                                  52c7ea3eca43b49866f45a7f0e2bb274e379a14e658692ec7f7d3f2ec77606e53de51c4beaa4f13cf6a5caff7e3a6cb6080e1344e0e7feaeca6b59db65fcded3

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                  Filesize

                                  40B

                                  MD5

                                  ed934bb42e908b65468501ef47d375e7

                                  SHA1

                                  449eed75ed041b4301ad5049fb27f526f8e620e5

                                  SHA256

                                  a144b757ceaaa38b14001908e4524269736b30e4ee3548883f2d9c1f403f14a1

                                  SHA512

                                  77ae06736592a690a229b57730b2f4abb4d924bcbeb5c67a60f424bb6678fcb72f1481154018ca60603b246bdd10933952bb1324b76b7b1649d9b79795919cb0

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

                                  Filesize

                                  193KB

                                  MD5

                                  ef36a84ad2bc23f79d171c604b56de29

                                  SHA1

                                  38d6569cd30d096140e752db5d98d53cf304a8fc

                                  SHA256

                                  e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831

                                  SHA512

                                  dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  cfce689815d981106f2852f0d3387611

                                  SHA1

                                  52a0a33c2e7e6c4a9896c5eb26ee3f28008f1990

                                  SHA256

                                  16896bb27a59045eaa847a257c4cfc58694567e47f3c0ef3f3cd29b1f975d7d7

                                  SHA512

                                  d349c07bba0651d579f14c826f875dd689c05b4f8da14e88d4b2316860de60cf2d44bfe2fb63939288e29ad92763eb7fd8e839cf5eb1dd31edda0759348b072f

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  371B

                                  MD5

                                  7ee47bd8a588ce4383ac5bec1f86f6a1

                                  SHA1

                                  1c846927332ba4e9f5e1b10c964f1c1a7146b334

                                  SHA256

                                  2d7587e7df93fafec1ce0e9606aee890b57bbd36fac9fbc3326a604f9264a78c

                                  SHA512

                                  47c604aafcf0fa4fa754d80df4f0779bd3f166a8f16d4500a9109132aa2359e36841d72297f5396d84639e75ee201c443dc9a22c2c1aa77e4a48ed85cb56fb10

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  e7297d0029697bafce210c4c75bc2d2e

                                  SHA1

                                  3028038befe4b71c34177ceaa7fc11556d33fc51

                                  SHA256

                                  7bc73e53eddcf978d1f6a47776b8b814582fe9d977194a28758eed92752bfc9e

                                  SHA512

                                  baf7dd56b4ce5362695c9125dd7b4e5595d8f7f877fc9613f6df5d097f546f34af81ebd249e5ade089c04329f4487e9d9bce2def39abcb3185ddd2004b2ae4b6

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  4KB

                                  MD5

                                  3cb2229bfc1dce315b2826d443aac3ef

                                  SHA1

                                  cfe8080a964d5a938eb92827d5456e0c922567b1

                                  SHA256

                                  47ad469b89bd6ceab5146bcca9665d4dc5e6160d2ce00ddc9299a92e7de7314a

                                  SHA512

                                  419fb40498d6e29c0dcae73383c310e1d4226133fa290ed2d7beb42d279d49c34634ae73e054dfb057e2f0f587a966c71ff675e69e13ddc26f988bb1e978727d

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  4KB

                                  MD5

                                  16c67a19ffb70796b695fcb94e094f8e

                                  SHA1

                                  3198287938d865843deb8aa00fd63ca1050b8ed1

                                  SHA256

                                  6fb5014477dcbde5b1e65f2f3d34cc8ab429e7425f034d31d76bc4536a58f89c

                                  SHA512

                                  a661e77ac8cb6f05cad162d63ce7630dba03e0fa15d8beb41c6c19bbebf957516a47b5663bfd40aa85e88545d5c88fa442d2e18013f61222e7980c7b9f8613e4

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe5768cc.TMP

                                  Filesize

                                  2KB

                                  MD5

                                  96369edd1a4ffbe3b82168be4cf74b6c

                                  SHA1

                                  b3fcff571d5bdfa454dbdba1993921f374561acc

                                  SHA256

                                  99957138c3a3b80e8db4d353e5990f2d0f9dda00f16402c4c918657c7c155c61

                                  SHA512

                                  702ea20ec2cc6f6b526759ef549c9cad339c69ee3d2c3c2e7eab8323273049d0ce333abab50e4d4abf860389c417c5e88a526a7dfd84c7354b3e3b868e999d35

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                  Filesize

                                  15KB

                                  MD5

                                  7b424514d6fbabfe24633f34962f06cb

                                  SHA1

                                  baa2d90923de5893f9c016d5261d39e39b8a2ce4

                                  SHA256

                                  1a05d87885293a79110ae716239b7becdf20efa95255c6456ab5496e8028e609

                                  SHA512

                                  6ff3950ba49c884c0b023714a7281a52140053eaabdadcdd7b88ddd43def9930d6926255bedf327adb07b50e1735747e9eb3364be17b00cf1b0f6a4dec180869

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  260KB

                                  MD5

                                  d9ed64673352f41fecfd826934148acc

                                  SHA1

                                  de0c1ad387c4e8aec7fb646f034ca5d33c10e419

                                  SHA256

                                  d7833100938b9e3a2ee3a753676027e3c17a412ea0d5a9d6ad25acf9c468d856

                                  SHA512

                                  d218491b34fbce37a882ee0edfd9c434b7e312e15e39287a394d717b63b106b154533aeeab7ec6490ab99dea66e4d91fd2f10ed6aa629ea3d6c0f32eed4d4354

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                  Filesize

                                  2B

                                  MD5

                                  99914b932bd37a50b983c5e7c90ae93b

                                  SHA1

                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                  SHA256

                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                  SHA512

                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                  Filesize

                                  7KB

                                  MD5

                                  d0b8f235916d3d9ea2c0452629069865

                                  SHA1

                                  244735e63728fbcfc316da6b21a737661bae9f93

                                  SHA256

                                  dbc0b68fe9c4d24363763997cf1e5fef70738a2763d5aa9b626223d8d93ade4f

                                  SHA512

                                  4ccb6b4b88da3abb0e182ebe8c14273425c99c2de30231b80f719ac50d0e67c197dcfe7046c5405ea561ce5c81a224242c0e128f291b62c67d4165bf8b008ce1

                                • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                  Filesize

                                  8KB

                                  MD5

                                  f267c362bc62e1dfdf991434d6a995d6

                                  SHA1

                                  ccf87019ec6c889c48be19be15cbd2ea2c401491

                                  SHA256

                                  becdebd978e700b22a0eed2aed421c9388779a1865ead25ef0e1edaa4d1c9b2c

                                  SHA512

                                  834438146fda6067894d6a93da9930f7199fc7e1d5bbf61265167cf1df3b16f1196a55575e674768a2d8ca73c8345772b8fb29b6477ea2949288ae346b65b6f3

                                • C:\Users\Admin\AppData\Roaming\b5d0db02c4fd1e7a.bin

                                  Filesize

                                  12KB

                                  MD5

                                  ca58b559d9edf7475d92ec5b15367423

                                  SHA1

                                  a95d2afe690a272063bc3dd9a8cec552015f95e7

                                  SHA256

                                  5271487f8fdcfedacf72d324e135523f7918762c9c0bc354d8673e31d8818248

                                  SHA512

                                  af0c685318919aeba0d416c471c19c7674d1f15f75c7b26cd6625216ab9d8d3a21d511f551d224d633dca7f6e70ab807b80551140bfa0a14bd1745e553914415

                                • C:\Windows\SysWOW64\perfhost.exe

                                  Filesize

                                  1.2MB

                                  MD5

                                  eb4735697b8ae3d32afca4dbbd122eb9

                                  SHA1

                                  f294f402b593484e64bbbb1d4369d04ee630a755

                                  SHA256

                                  2bab1ec29ba086afbaca8f9147c83d121152d857ae7f2cdb5060e521212bed59

                                  SHA512

                                  6e8059a578c8572d1fc77cae16c6ac787a7dd16856964eaf15ad0cf3e16803e2bc7d8ab32b1d0a87c977d4ee76d310fda7d4b56c6beadadaf30b813dd68eff26

                                • C:\Windows\System32\AgentService.exe

                                  Filesize

                                  1.7MB

                                  MD5

                                  e86fe0141bf85fb597163bc6fbf0caa1

                                  SHA1

                                  e1cb781fccaae70c20b6737d28c4e66cda941279

                                  SHA256

                                  639c5d1b1c7462dfea412d0058e9a57a1fd2f1799023d40e8f0cfbd9ddb22828

                                  SHA512

                                  1b3d20d0d23c945fe4f4bf6ecac014df1634ae86d0c055d5345b37aae48f5da6e754685db8e0d9439205268ad3d9ad893755d01b3b2c123f98cc072ee146fa5b

                                • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                  Filesize

                                  1.3MB

                                  MD5

                                  6a4f404916a779a74e385146d4892a8f

                                  SHA1

                                  00f601d2e458e109d80849635bd794f0781b8d73

                                  SHA256

                                  27ae68e38fe992d980d4d588a8ddd73054c4ef16ca141dd1d8cb7345aba95698

                                  SHA512

                                  5d687db71bbf73dbf1ed1b9fdf6f756f26b85bb67e15d857d12109d672983cc6bdef71043896d2deee357649504659a23c489fa9cec8892eabdb024fd5293817

                                • C:\Windows\System32\FXSSVC.exe

                                  Filesize

                                  1.2MB

                                  MD5

                                  4dd7da4933661e9a0c8e625f493f429c

                                  SHA1

                                  e3f9cd6a749b19e6daf157ff3b6bd234f6bd6607

                                  SHA256

                                  3b54f283e7773a155ddf6efa16ebc267e1e547668537e3aeccaa499f24d86ce8

                                  SHA512

                                  6dfc76bb267a84a34451b3414b7ce4064ba26f898bf600f0fb79671028e86aa65a355da9cea6cd5448b8b5afb7fe5b4c2042b1d9035df6ab4893349b5af099f6

                                • C:\Windows\System32\Locator.exe

                                  Filesize

                                  1.2MB

                                  MD5

                                  45c0d6260dc35cb4110447da31e42493

                                  SHA1

                                  87775d50f8489fac657c5710cd0cf98d2eb9495f

                                  SHA256

                                  db3c909b639166b7ebc2799771314e3843e8b5d4ceabc8d22dbf736b82ec8799

                                  SHA512

                                  75b9ec5da63a3d87e623670269c4e74b5b24d0f977431762610e7e44e4a846bca1098dd31ad57315f0990a93b975c47b6415f36e528f667e83d68a6b4d24fb6d

                                • C:\Windows\System32\OpenSSH\ssh-agent.exe

                                  Filesize

                                  1.5MB

                                  MD5

                                  9cbe693c64cc217697fb2aa4b46ca4ba

                                  SHA1

                                  866fee444acd9167d61b52a4dc5da4980acb404a

                                  SHA256

                                  14e38d8351efb4d7543088dbcc2ce15b67fa67d3c0effc7e834c4fbc49c76bee

                                  SHA512

                                  331b3efb567585abec9a5d5b161a0758f4cb3509f6dfe97aba2937dc25f60552c4fb8add500aea113df36fe3cb77d8e6556505edaeefeae0170f45505e10528c

                                • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

                                  Filesize

                                  1.3MB

                                  MD5

                                  e30fe81543e06bf735c3c41ef1051b2e

                                  SHA1

                                  f9b1c6b49f935a1beab892d2f11f585c7d113646

                                  SHA256

                                  bb5a349e07a5a14ca5623e04d78db79a8223af92d14bfd44db5789958867ba6a

                                  SHA512

                                  2b402d305ef5c18c54addc641453d3ca0569658629a6e4d36d1cf7ddac77a435f02ae172ff4ba41b11a2b9c48085519326530f4f633fc7ea7c03f0f2f910f9dd

                                • C:\Windows\System32\SearchIndexer.exe

                                  Filesize

                                  1.4MB

                                  MD5

                                  0953f1c5a3e3ba35e5ac8bc16c898efd

                                  SHA1

                                  9db755be52b821a2d5deed09781f02a7ec61521a

                                  SHA256

                                  7cff38fa7449e6e5918a9cbf893b32a9d73cbcb933afb1958d2c8d5cb648704d

                                  SHA512

                                  8f5896ef5dd9bf9d8da61fc437c74f3cd8d66df6e9b2f10760e646ae0d265c6bc4117638b1b5ab15dc54fd1dd23669d39773d766b489526fb6ee59630bd7c501

                                • C:\Windows\System32\SensorDataService.exe

                                  Filesize

                                  1.8MB

                                  MD5

                                  1d4f740e3eea1b0448eb92a2d4bae9ad

                                  SHA1

                                  77cfc5db8adcc4d3bd48e7909db35f9020af2e72

                                  SHA256

                                  13bdaf3d8347dd271467e640e4b936aafd0b9ba1d100fc2151236f26d5bdb60c

                                  SHA512

                                  9b1ec1eaea3aa0060402afc1f7c3806db8499110fbc1b7327d40c5580e94f8346fd2b84cf178dae7060fc8b36d477a60e60748898f28c92f754c38efb11dc351

                                • C:\Windows\System32\Spectrum.exe

                                  Filesize

                                  1.4MB

                                  MD5

                                  1860df157f4877d406ed1290b54e6a28

                                  SHA1

                                  2e9bbfa8d9501718a2eeaba0b8ec7ffb7b51d47d

                                  SHA256

                                  8e20381cc57f80611da3aa7e09fe3e6d142f07b148d91cb962d1f2bc564a77aa

                                  SHA512

                                  1303b630965bbb80afb592edd8112b3cdb7f2fba12a9bba6ec6a31e34ce76b78f9591b318ba3f18caf2d8c3b46d75fef05e9c067218886959f529d2fd81e3e4f

                                • C:\Windows\System32\TieringEngineService.exe

                                  Filesize

                                  1.5MB

                                  MD5

                                  0c7dd5a45342d40d8029253679ab4518

                                  SHA1

                                  6094da24ad2538d4a71e4506870416e5185ee388

                                  SHA256

                                  90d9c9544be461b8f765da628e569b3ad6995a227df609a62f3db6d1d2b5c74b

                                  SHA512

                                  63e3a69a389d326ca3cd6df8231ffd8b7b0ad47c54d0edae741a3a8fb57ce0fc07ad7b099deb7bacef7e8919a9a2beca991babc443dc70f097b45aae5caea3b0

                                • C:\Windows\System32\VSSVC.exe

                                  Filesize

                                  2.0MB

                                  MD5

                                  aa93dcf1e87fe6fef42bbe682268043d

                                  SHA1

                                  3f687cbe77766eba5baa486d397f4188e401ecd9

                                  SHA256

                                  3a0301786b32adbd6a3cde2255bdf49b9be947e483ca483186993b236bb6dfe3

                                  SHA512

                                  a64cbf6e46e0510014c0fa8a83d40bbc001f3147c201f8f9e2761e957815b67768d463d2b89051cf9ba2e6819506af2efda95d143a9014afca1d5ba3772a1d65

                                • C:\Windows\System32\alg.exe

                                  Filesize

                                  1.3MB

                                  MD5

                                  b81a9c12405919f7ed40ff37a0f3e3da

                                  SHA1

                                  f980b689d5ccf267266254f86347ef212545ed88

                                  SHA256

                                  32dd2849828ad8b5f87b2a2038acaf2956d61584609431865237b90dd4041c91

                                  SHA512

                                  1d550a6aa5e6d7b8ec9e52d085adea145fdd9be376274975dc94a589911790f9955ad42d603cc3134f95a532f440d79401799474e11f4b1eea8cdcef0bb2fc1a

                                • C:\Windows\System32\msdtc.exe

                                  Filesize

                                  1.3MB

                                  MD5

                                  b737774826cac65b2856566fd83c0dce

                                  SHA1

                                  0e3b1f43e92e6ca5f196773b1e1391efe254aba5

                                  SHA256

                                  11f22b9331acbda018f3a3519072317c3fc5c583141a30f56e923821904e6961

                                  SHA512

                                  2a105330587f207b5225809b206353d1230bbbce51c4f189071a0be17f305f7fe1ac0c8708dab23e78b46b40b6eb3940f169dcb756578752ea50eb603b0db613

                                • C:\Windows\System32\snmptrap.exe

                                  Filesize

                                  1.2MB

                                  MD5

                                  55d48b5d7f5e6df1a797c462a8decf33

                                  SHA1

                                  333907036ef07a5c8492429afa93a685a070bd0a

                                  SHA256

                                  9b76712fe4fcb50d43a71850c00977d661d7cf57dd1859928799af151f593524

                                  SHA512

                                  bd43c16f2848b76bc7112a9e647251953fc7c515f1fb971e44dffad4b7030272e564d5797b6c3c2a06cdf9ca5982f8ed7a62c03cc4360ff24e01b627a74a2c39

                                • C:\Windows\System32\vds.exe

                                  Filesize

                                  1.3MB

                                  MD5

                                  f6d4b6dbe4a90be4c86b6787f1714ddb

                                  SHA1

                                  f397c2d8104b6d18400e78dbd92df5ddc768f618

                                  SHA256

                                  5e225ec416da83423d1b014e2de0257657c468f21948ad3195457adce2714271

                                  SHA512

                                  5011a56c19bb9711088d473bbce8e36af0adcda893581b2048d95f25e684f07430fec9289f56575529f321a9a1cb0b1cb0b72dae47b813d4ae4322e0c11a0250

                                • C:\Windows\System32\wbem\WmiApSrv.exe

                                  Filesize

                                  1.4MB

                                  MD5

                                  0bd0a3f2272c3843bfc5145c36a0a59f

                                  SHA1

                                  ee30b9af1ad8b66e9e2c2e04e3923650c8775beb

                                  SHA256

                                  d35d573445a8ac3bb469cf21300ec429a3fae59a01a83bc0448dedea34e3b9d1

                                  SHA512

                                  7f461d721aed311067e9840eefe6520419a5150d95bad524a9770194f7b31ebd82bbd617cf9edb35ffd7b6247ef8d948110d9de48753bab6d7d396731992ba9d

                                • C:\Windows\System32\wbengine.exe

                                  Filesize

                                  2.1MB

                                  MD5

                                  0fb9b24ba7481c33d49eb79c8ce144e8

                                  SHA1

                                  dd88988e160e42cc613d78960be73f8bf5f58337

                                  SHA256

                                  8607180d079d4481bcc08269a42e7e2acf01a6fe5c6f9caba1507226e50c4457

                                  SHA512

                                  fc8f2da0af9958a5f3279326294bc79d27cf67563ad00d77bde78465db67bd72295c83ae86f6f610ff3aff84f492fa04035fad3bcc62b465cc43d81be04518ce

                                • C:\Windows\TEMP\Crashpad\settings.dat

                                  Filesize

                                  40B

                                  MD5

                                  2100de2aad08d29a00d3c437d14c3e51

                                  SHA1

                                  36f743b567967691732dcc12be982ab5af66dcdf

                                  SHA256

                                  7f178b514e08273f35498e058197130f73ccae9a935c71a2c876973b8922b33f

                                  SHA512

                                  b391cc0e4803611ce3e2947e7160d43b417dd94aff9e607952b434fa1973b49cba10462a72b620a4bccbdbdd6ccf3214a782324e809e57f40df4abd65a249f36

                                • C:\odt\office2016setup.exe

                                  Filesize

                                  5.6MB

                                  MD5

                                  f200fda28a2c33397ef054cbecc2c90d

                                  SHA1

                                  94aa2fdd5482a8750ca97bc65a7687879bf07228

                                  SHA256

                                  e64db0ed4d5e61cd641ca3707a27f4164f4011dc0dfb4b71a640486b43c728d4

                                  SHA512

                                  ee3bf7047c608cc9da58f19dca820b04f06669f7842547c04df304dbe9359ad18194030bd6ae120ebbed7fbe07e56198196b2263654d65e2e176b16b320b08a8

                                • \??\pipe\crashpad_5016_YTNRHXPYZHSJLBPX

                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                • memory/532-339-0x0000000001FE0000-0x0000000002040000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/532-399-0x0000000140000000-0x00000001404F5000-memory.dmp

                                  Filesize

                                  5.0MB

                                • memory/532-328-0x0000000140000000-0x00000001404F5000-memory.dmp

                                  Filesize

                                  5.0MB

                                • memory/1620-536-0x0000000140000000-0x00000001401EA000-memory.dmp

                                  Filesize

                                  1.9MB

                                • memory/1620-474-0x0000000140000000-0x00000001401EA000-memory.dmp

                                  Filesize

                                  1.9MB

                                • memory/1620-482-0x0000000000BB0000-0x0000000000C10000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/1644-498-0x0000000000780000-0x00000000007E0000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/1644-489-0x0000000140000000-0x00000001401D4000-memory.dmp

                                  Filesize

                                  1.8MB

                                • memory/1644-555-0x0000000140000000-0x00000001401D4000-memory.dmp

                                  Filesize

                                  1.8MB

                                • memory/1780-0-0x0000000000510000-0x0000000000570000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/1780-3-0x0000000140000000-0x00000001404AD000-memory.dmp

                                  Filesize

                                  4.7MB

                                • memory/1780-38-0x0000000140000000-0x00000001404AD000-memory.dmp

                                  Filesize

                                  4.7MB

                                • memory/1780-8-0x0000000000510000-0x0000000000570000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/2176-75-0x0000000000D10000-0x0000000000D70000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/2176-68-0x0000000000D10000-0x0000000000D70000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/2176-69-0x0000000140000000-0x0000000140209000-memory.dmp

                                  Filesize

                                  2.0MB

                                • memory/2176-97-0x0000000140000000-0x0000000140209000-memory.dmp

                                  Filesize

                                  2.0MB

                                • memory/2176-79-0x0000000000D10000-0x0000000000D70000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/2216-576-0x0000000000C30000-0x0000000000C90000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/2216-571-0x0000000140000000-0x00000001401C0000-memory.dmp

                                  Filesize

                                  1.8MB

                                • memory/2216-581-0x0000000140000000-0x00000001401C0000-memory.dmp

                                  Filesize

                                  1.8MB

                                • memory/2216-582-0x0000000000C30000-0x0000000000C90000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/2560-429-0x0000000140000000-0x00000001401E8000-memory.dmp

                                  Filesize

                                  1.9MB

                                • memory/2560-437-0x0000000000690000-0x00000000006F0000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/2560-497-0x0000000140000000-0x00000001401E8000-memory.dmp

                                  Filesize

                                  1.9MB

                                • memory/2684-522-0x0000000140000000-0x00000001401F8000-memory.dmp

                                  Filesize

                                  2.0MB

                                • memory/2684-457-0x0000000140000000-0x00000001401F8000-memory.dmp

                                  Filesize

                                  2.0MB

                                • memory/2684-467-0x0000000000CC0000-0x0000000000D20000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/3036-485-0x0000000000400000-0x00000000005D6000-memory.dmp

                                  Filesize

                                  1.8MB

                                • memory/3036-551-0x0000000000400000-0x00000000005D6000-memory.dmp

                                  Filesize

                                  1.8MB

                                • memory/3056-455-0x0000000000EB0000-0x0000000000F10000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/3056-449-0x0000000000EB0000-0x0000000000F10000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/3056-454-0x0000000140000000-0x0000000140135000-memory.dmp

                                  Filesize

                                  1.2MB

                                • memory/3056-440-0x0000000140000000-0x0000000140135000-memory.dmp

                                  Filesize

                                  1.2MB

                                • memory/3144-523-0x00000000006F0000-0x0000000000750000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/3144-515-0x0000000140000000-0x00000001401D5000-memory.dmp

                                  Filesize

                                  1.8MB

                                • memory/3516-542-0x0000000140000000-0x0000000140241000-memory.dmp

                                  Filesize

                                  2.3MB

                                • memory/3516-552-0x0000000000820000-0x0000000000880000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/3612-56-0x00000000001A0000-0x0000000000200000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/3612-57-0x0000000140000000-0x000000014022B000-memory.dmp

                                  Filesize

                                  2.2MB

                                • memory/3612-64-0x00000000001A0000-0x0000000000200000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/3612-308-0x0000000140000000-0x000000014022B000-memory.dmp

                                  Filesize

                                  2.2MB

                                • memory/3644-289-0x0000000140000000-0x00000001404F5000-memory.dmp

                                  Filesize

                                  5.0MB

                                • memory/3644-360-0x0000000140000000-0x00000001404F5000-memory.dmp

                                  Filesize

                                  5.0MB

                                • memory/3644-298-0x0000000002090000-0x00000000020F0000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/3644-287-0x0000000002090000-0x00000000020F0000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/3644-361-0x0000000002090000-0x00000000020F0000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/3796-557-0x0000000140000000-0x0000000140221000-memory.dmp

                                  Filesize

                                  2.1MB

                                • memory/3796-564-0x0000000000890000-0x00000000008F0000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4216-27-0x00000000020C0000-0x0000000002120000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4216-96-0x0000000140000000-0x00000001404AD000-memory.dmp

                                  Filesize

                                  4.7MB

                                • memory/4216-12-0x00000000020C0000-0x0000000002120000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4216-13-0x0000000140000000-0x00000001404AD000-memory.dmp

                                  Filesize

                                  4.7MB

                                • memory/4224-324-0x0000000000510000-0x0000000000570000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4224-316-0x0000000140000000-0x00000001404F5000-memory.dmp

                                  Filesize

                                  5.0MB

                                • memory/4224-347-0x0000000140000000-0x00000001404F5000-memory.dmp

                                  Filesize

                                  5.0MB

                                • memory/4224-348-0x0000000000510000-0x0000000000570000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4428-537-0x0000000000750000-0x00000000007B0000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4428-527-0x0000000140000000-0x0000000140169000-memory.dmp

                                  Filesize

                                  1.4MB

                                • memory/4500-310-0x0000000000810000-0x0000000000870000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4500-396-0x0000000140000000-0x00000001404F5000-memory.dmp

                                  Filesize

                                  5.0MB

                                • memory/4500-301-0x0000000140000000-0x00000001404F5000-memory.dmp

                                  Filesize

                                  5.0MB

                                • memory/4568-504-0x0000000140000000-0x00000001401D7000-memory.dmp

                                  Filesize

                                  1.8MB

                                • memory/4568-568-0x0000000140000000-0x00000001401D7000-memory.dmp

                                  Filesize

                                  1.8MB

                                • memory/4568-510-0x0000000000720000-0x0000000000780000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4584-90-0x0000000000710000-0x0000000000770000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4584-100-0x0000000140000000-0x000000014020E000-memory.dmp

                                  Filesize

                                  2.1MB

                                • memory/4584-107-0x0000000000710000-0x0000000000770000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4584-336-0x0000000140000000-0x000000014020E000-memory.dmp

                                  Filesize

                                  2.1MB

                                • memory/4952-112-0x00000000007E0000-0x0000000000840000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4952-51-0x00000000007E0000-0x0000000000840000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4952-43-0x0000000140000000-0x0000000140237000-memory.dmp

                                  Filesize

                                  2.2MB

                                • memory/4952-42-0x00000000007E0000-0x0000000000840000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4952-118-0x0000000140000000-0x0000000140237000-memory.dmp

                                  Filesize

                                  2.2MB

                                • memory/4960-29-0x00000000006E0000-0x0000000000740000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4960-16-0x00000000006E0000-0x0000000000740000-memory.dmp

                                  Filesize

                                  384KB

                                • memory/4960-17-0x0000000140000000-0x00000001401E9000-memory.dmp

                                  Filesize

                                  1.9MB

                                • memory/4960-273-0x0000000140000000-0x00000001401E9000-memory.dmp

                                  Filesize

                                  1.9MB